graphaelli/docker_registry_consumer_policy.py

## docker_registry_consumer_policy.py
import troposphere
import troposphere.ec2
import troposphere.iam

from awacs.aws import Allow, Statement, Policy
from awacs.s3 import ARN as S3_ARN
import awacs.s3 as s3


def read_only_bucket_access(bucket_name):
    """IAM policy statements for read-only bucket access."""
    return [
        Statement(
            Effect=Allow,
            Action=[s3.ListBucket, s3.GetBucketLocation],
            Resource=[S3_ARN(bucket_name)],
        ),
        Statement(
            Effect=Allow,
            Action=[s3.GetObject],
            Resource=[S3_ARN(bucket_name + '/*')],
        ),
    ]


def docker_registry_consumer_policy(bucket_name):
    """IAM policy for read-only s3-backed docker registry access."""
    return troposphere.iam.Policy(
        PolicyName='DockerRegistryConsumerPolicy',
        PolicyDocument=Policy(
            Statement=[
                *read_only_bucket_access(bucket_name),
            ]
        )
    )
	import troposphere
	import troposphere.ec2
	import troposphere.iam

	from awacs.aws import Allow, Statement, Policy
	from awacs.s3 import ARN as S3_ARN
	import awacs.s3 as s3


	def read_only_bucket_access(bucket_name):
	"""IAM policy statements for read-only bucket access."""
	return [
	Statement(
	Effect=Allow,
	Action=[s3.ListBucket, s3.GetBucketLocation],
	Resource=[S3_ARN(bucket_name)],
	),
	Statement(
	Effect=Allow,
	Action=[s3.GetObject],
	Resource=[S3_ARN(bucket_name + '/*')],
	),
	]


	def docker_registry_consumer_policy(bucket_name):
	"""IAM policy for read-only s3-backed docker registry access."""
	return troposphere.iam.Policy(
	PolicyName='DockerRegistryConsumerPolicy',
	PolicyDocument=Policy(
	Statement=[
	*read_only_bucket_access(bucket_name),
	]
	)
	)