Sha256: c1dbd06a8e344588bfb184cf817dbc808fbd4b0fe37c561038eae959685b82fd

Contents?: true

Size: 1.67 KB

Versions: 1

Compression:

Stored size: 1.67 KB

Contents

module Heirloom

  class Authorizer
    
    include Heirloom::Utils::Email

    def initialize(args)
      @config = args[:config]
      @name   = args[:name]
      @id     = args[:id]
      @logger = @config.logger
    end

    def authorize(args)
      @accounts = args[:accounts]
      regions = args[:regions]

      return false unless validate_format_of_accounts

      @logger.info "Authorizing #{@accounts.join(', ')}."

      @key_name = reader.key_name

      regions.each do |region|
        @bucket = reader.get_bucket :region => region

        return false unless grant_read_access region
      end

      @logger.info "Authorization complete."
      true
    end

    private

    def grant_read_access(region)
      s3_acl = ACL::S3.new :config => @config,
                           :region => region

      s3_acl.allow_read_access_from_accounts :key_name   => @key_name,
                                             :key_folder => @name,
                                             :accounts   => @accounts,
                                             :bucket     => @bucket
    end

    def validate_format_of_accounts
      status = true

      @accounts.each do |account|
        if valid_account?(account)
          @logger.info "Using #{account} for authorization"
        else 
          @logger.error "#{account} is not a valid account type"
          status = false
        end
      end

      status
    end

    def valid_account?(account)
      valid_email?(account) || account.length == 64
    end

    def reader
      @reader ||= Reader.new :config => @config,
                             :name   => @name,
                             :id     => @id
    end

  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version Path
heirloom-0.12.7 lib/heirloom/archive/authorizer.rb