graphaelli · November 20, 2015 04:06
diff --git a/docker_registry_consumer_policy.py b/docker_registry_consumer_policy.py
 import troposphere
 import troposphere.ec2
 import troposphere.iam

 from awacs.aws import Allow, Statement, Policy
 from awacs.s3 import ARN as S3_ARN
 import awacs.s3 as s3


 def read_only_bucket_access(bucket_name):
    """IAM policy statements for read-only bucket access."""
    return [
        Statement(
            Effect=Allow,
            Action=[s3.ListBucket, s3.GetBucketLocation],
            Resource=[S3_ARN(bucket_name)],
        ),
        Statement(
            Effect=Allow,
            Action=[s3.GetObject],
            Resource=[S3_ARN(bucket_name + '/*')],
        ),
    ]


 def docker_registry_consumer_policy(bucket_name):
    """IAM policy for read-only s3-backed docker registry access."""
    return troposphere.iam.Policy(
        PolicyName='DockerRegistryConsumerPolicy',
        PolicyDocument=Policy(
            Statement=[
                *read_only_bucket_access(bucket_name),
            ]
        )
    )
	import troposphere
	import troposphere.ec2
	import troposphere.iam

	from awacs.aws import Allow, Statement, Policy
	from awacs.s3 import ARN as S3_ARN
	import awacs.s3 as s3


	def read_only_bucket_access(bucket_name):
	"""IAM policy statements for read-only bucket access."""
	return [
	Statement(
	Effect=Allow,
	Action=[s3.ListBucket, s3.GetBucketLocation],
	Resource=[S3_ARN(bucket_name)],
	),
	Statement(
	Effect=Allow,
	Action=[s3.GetObject],
	Resource=[S3_ARN(bucket_name + '/*')],
	),
	]


	def docker_registry_consumer_policy(bucket_name):
	"""IAM policy for read-only s3-backed docker registry access."""
	return troposphere.iam.Policy(
	PolicyName='DockerRegistryConsumerPolicy',
	PolicyDocument=Policy(
	Statement=[
	*read_only_bucket_access(bucket_name),
	]
	)
	)