@Override public void setBucketAcl(SetBucketAclRequest setBucketAclRequest) throws SdkClientException, AmazonServiceException { setBucketAclRequest = beforeClientExecution(setBucketAclRequest); String bucketName = setBucketAclRequest.getBucketName(); rejectNull(bucketName, "The bucket name parameter must be specified when setting a bucket's ACL"); AccessControlList acl = setBucketAclRequest.getAcl(); CannedAccessControlList cannedAcl = setBucketAclRequest.getCannedAcl(); if (acl == null && cannedAcl == null) { throw new IllegalArgumentException( "The ACL parameter must be specified when setting a bucket's ACL"); } if (acl != null && cannedAcl != null) { throw new IllegalArgumentException( "Only one of the acl and cannedAcl parameter can be specified, not both."); } if (acl != null) { setAcl(bucketName, null, null, acl, false, setBucketAclRequest); } else { setAcl(bucketName, null, null, cannedAcl, false, setBucketAclRequest); } }
@Override public void init(Configuration conf, String keyPrefix) { bucketName = conf.get(keyPrefix + S3_BUCKET_NAME); String endpoint = conf.get(keyPrefix + S3_ENDPOINT_NAME); String key = conf.get(keyPrefix + S3_ACCESS_KEY); String secret = conf.get(keyPrefix + S3_ACCESS_SECRET); System.setProperty(SDKGlobalConfiguration.ACCESS_KEY_SYSTEM_PROPERTY, key); System.setProperty(SDKGlobalConfiguration.SECRET_KEY_SYSTEM_PROPERTY, secret); AWSCredentialsProvider provider = new SystemPropertiesCredentialsProvider(); client = new AmazonS3Client(provider); client.setEndpoint(endpoint); override = conf.getBoolean(keyPrefix + "override", true); acls = new AccessControlList(); acls.grantPermission(GroupGrantee.AllUsers, Permission.FullControl); acls.grantPermission(GroupGrantee.AllUsers, Permission.Read); acls.grantPermission(GroupGrantee.AllUsers, Permission.Write); }
public static void getBucketAcl(String bucket_name) { System.out.println("Retrieving ACL for bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { AccessControlList acl = s3.getBucketAcl(bucket_name); List<Grant> grants = acl.getGrantsAsList(); for (Grant grant : grants) { System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(), grant.getPermission().toString()); } } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
public static void getObjectAcl(String bucket_name, String object_key) { System.out.println("Retrieving ACL for object: " + object_key); System.out.println(" in bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { AccessControlList acl = s3.getObjectAcl(bucket_name, object_key); List<Grant> grants = acl.getGrantsAsList(); for (Grant grant : grants) { System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(), grant.getPermission().toString()); } } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
public static void setBucketAcl(String bucket_name, String email, String access) { System.out.format("Setting %s access for %s\n", access, email); System.out.println("on bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { // get the current ACL AccessControlList acl = s3.getBucketAcl(bucket_name); // set access for the grantee EmailAddressGrantee grantee = new EmailAddressGrantee(email); Permission permission = Permission.valueOf(access); acl.grantPermission(grantee, permission); s3.setBucketAcl(bucket_name, acl); } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
public static void setObjectAcl(String bucket_name, String object_key, String email, String access) { System.out.format("Setting %s access for %s\n", access, email); System.out.println("for object: " + object_key); System.out.println(" in bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { // get the current ACL AccessControlList acl = s3.getObjectAcl(bucket_name, object_key); // set access for the grantee EmailAddressGrantee grantee = new EmailAddressGrantee(email); Permission permission = Permission.valueOf(access); acl.grantPermission(grantee, permission); s3.setObjectAcl(bucket_name, object_key, acl); } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
static public void uploadToAmazonS3(HttpSession session, File fileToUpload) throws S3Exception { try { AmazonS3 s3client = getS3(); String bucketName = getDownloadS3Bucket(); if(!s3client.doesBucketExist(bucketName)) SagLogger.logError(session, "Does not exist? S3 Bucket :" + bucketName); AccessControlList acl = new AccessControlList(); acl.grantPermission(GroupGrantee.AllUsers, Permission.Read); s3client.putObject(new PutObjectRequest(bucketName, getAPKDownloadFilePathWithFile(fileToUpload.getName()), fileToUpload).withAccessControlList(acl)); SagLogger.logInfo(session, "Finished uploading to S3"); } catch (Exception e) { SagLogger.logException(session, e); throw new S3Exception(e); } }
@Override public boolean hasFullControlPermission(final String bucketName) throws AmazonClientException, AmazonServiceException, AmazonS3Exception { LOGGER.info("Checking full controll permission on bucket.."); boolean hasFullControl = false; final AccessControlList acl = getBucketAccessControlList(bucketName); final List<Grant> grantList = acl.getGrantsAsList(); for (final Grant grant : grantList) { if(Permission.FullControl.equals(grant.getPermission())){ hasFullControl = true; LOGGER.info("Permissions validated, hasFullControl: {}", hasFullControl); break; } } return hasFullControl; }
@Override public boolean checkBucketPermission(final String bucketName, final Permission permission) throws AmazonClientException, AmazonServiceException, AmazonS3Exception { LOGGER.info("Checking bucket permission.."); boolean hasPermission = false; final AccessControlList acl = getBucketAccessControlList(bucketName); final List<Grant> grantList = acl.getGrantsAsList(); for (final Grant grant : grantList) { if(permission.equals(grant.getPermission())){ hasPermission = true; LOGGER.info("Permissions validated,hasPermission: {}",hasPermission); break; } } return hasPermission; }
@Override public boolean checkObjectPermission(final String bucketName, final String key, final Permission permission) throws AmazonClientException, AmazonServiceException, AmazonS3Exception { LOGGER.info("Checking object permission.."); boolean hasPermission = false; final AccessControlList objectAcl = s3client.getObjectAcl(bucketName, key); final List<Grant> grantList = objectAcl.getGrantsAsList(); for (final Grant grant : grantList) { if(permission.equals(grant.getPermission())){ hasPermission = true; LOGGER.info("Permissions validated,hasPermission: {}",hasPermission); break; } } return hasPermission; }
@Test public void testUpdateBlobXmlAcls() throws Exception { assumeTrue(!Quirks.NO_BLOB_ACCESS_CONTROL.contains(blobStoreType)); String blobName = "testUpdateBlobXmlAcls-blob"; ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(BYTE_SOURCE.size()); client.putObject(containerName, blobName, BYTE_SOURCE.openStream(), metadata); AccessControlList acl = client.getObjectAcl(containerName, blobName); acl.grantPermission(GroupGrantee.AllUsers, Permission.Read); client.setObjectAcl(containerName, blobName, acl); assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl); acl.revokeAllPermissions(GroupGrantee.AllUsers); client.setObjectAcl(containerName, blobName, acl); assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl); acl.grantPermission(GroupGrantee.AllUsers, Permission.Write); try { client.setObjectAcl(containerName, blobName, acl); Fail.failBecauseExceptionWasNotThrown(AmazonS3Exception.class); } catch (AmazonS3Exception e) { assertThat(e.getErrorCode()).isEqualTo("NotImplemented"); } }
@Override public boolean isPublicEntity(String bucketName, String keyName) { LOG.info("Gets the AccessControlList (ACL) for the specified object " + keyName + " in the specified bucket " + bucketName); final String GROUPS_USERS = "http://acs.amazonaws.com/groups/global/AllUsers"; try { AccessControlList accessControlList = amazonS3Client.getObjectAcl(bucketName, keyName); for (Iterator<Grant> iterator = accessControlList.getGrants().iterator(); iterator.hasNext();) { Grant grant = iterator.next(); if (grant.getPermission().equals(Permission.Read) && grant.getGrantee().getIdentifier().equals(GROUPS_USERS)) { return true; } } } catch (AmazonServiceException ase) { LOG.warn(ase.getMessage(), ase); } catch (AmazonClientException ace) { LOG.warn(ace.getMessage(), ace); } return false; }
protected AccessControlList getAccessControlList(MirrorOptions options, String key) throws Exception { Exception ex = null; AccessControlList acl = null; for (int tries = 0; tries < options.getMaxRetries(); tries++) { try { context.getStats().getCount.incrementAndGet(); acl = s3Client.getObjectAcl(options.getSourceBucket(), key); break; } catch (Exception e) { ex = e; if (tries >= options.getMaxRetries()) { if (options.isVerbose()) { log.error("getObjectAcl({}) failed (try #{}), giving up", key, tries); } break; } else if (options.isVerbose()) { log.warn("getObjectAcl({}) failed (try #{}), retrying...", key, tries); } } } if(acl != null){ return acl; }else { throw ex; } }
/** * Create an amazon bucket in the specified region * @param bucket - The s3 bucket name * @param region - The S3 region the bucket should be created in * @param accessList - The access control list settings for the bucket */ public void createBucket(final String bucket, final Region region, final CannedAccessControlList cannedACL, final AccessControlList accessList){ final CreateBucketRequest request = new CreateBucketRequest(bucket, region); if(cannedACL!=null){ request.withCannedAcl(cannedACL); } if(accessList!=null){ request.withAccessControlList(accessList); } this.client.createBucket(request); }
@Override public AccessControlList getObjectAcl(GetObjectAclRequest getObjectAclRequest) { getObjectAclRequest = beforeClientExecution(getObjectAclRequest); rejectNull(getObjectAclRequest, "The request parameter must be specified when requesting an object's ACL"); rejectNull(getObjectAclRequest.getBucketName(), "The bucket name parameter must be specified when requesting an object's ACL"); rejectNull(getObjectAclRequest.getKey(), "The key parameter must be specified when requesting an object's ACL"); return getAcl(getObjectAclRequest.getBucketName(), getObjectAclRequest.getKey(), getObjectAclRequest.getVersionId(), getObjectAclRequest.isRequesterPays(), getObjectAclRequest); }
/** * Same as {@link #setObjectAcl(String, String, String, AccessControlList)} * but allows specifying a request metric collector. */ public void setObjectAcl(String bucketName, String key, String versionId, AccessControlList acl, RequestMetricCollector requestMetricCollector) throws SdkClientException, AmazonServiceException { setObjectAcl(new SetObjectAclRequest(bucketName, key, versionId, acl) .<SetObjectAclRequest> withRequestMetricCollector(requestMetricCollector)); }
@Override public AccessControlList getBucketAcl(GetBucketAclRequest getBucketAclRequest) throws SdkClientException, AmazonServiceException { getBucketAclRequest = beforeClientExecution(getBucketAclRequest); String bucketName = getBucketAclRequest.getBucketName(); rejectNull(bucketName, "The bucket name parameter must be specified when requesting a bucket's ACL"); return getAcl(bucketName, null, null, false, getBucketAclRequest); }
/** * Same as {@link #setBucketAcl(String, AccessControlList)} * but allows specifying a request metric collector. */ public void setBucketAcl(String bucketName, AccessControlList acl, RequestMetricCollector requestMetricCollector) { SetBucketAclRequest request = new SetBucketAclRequest(bucketName, acl) .withRequestMetricCollector(requestMetricCollector); setBucketAcl(request); }
/** * Sets the access control headers for the request given. */ private static void addAclHeaders(Request<? extends AmazonWebServiceRequest> request, AccessControlList acl) { List<Grant> grants = acl.getGrantsAsList(); Map<Permission, Collection<Grantee>> grantsByPermission = new HashMap<Permission, Collection<Grantee>>(); for ( Grant grant : grants ) { if ( !grantsByPermission.containsKey(grant.getPermission()) ) { grantsByPermission.put(grant.getPermission(), new LinkedList<Grantee>()); } grantsByPermission.get(grant.getPermission()).add(grant.getGrantee()); } for ( Permission permission : Permission.values() ) { if ( grantsByPermission.containsKey(permission) ) { Collection<Grantee> grantees = grantsByPermission.get(permission); boolean seenOne = false; StringBuilder granteeString = new StringBuilder(); for ( Grantee grantee : grantees ) { if ( !seenOne ) seenOne = true; else granteeString.append(", "); granteeString.append(grantee.getTypeIdentifier()).append("=").append("\"") .append(grantee.getIdentifier()).append("\""); } request.addHeader(permission.getHeaderName(), granteeString.toString()); } } }
/** * Converts the specified AccessControlList object to an XML fragment that * can be sent to Amazon S3. * * @param acl * The AccessControlList to convert to XML. * * @return an XML representation of the Access Control List object, suitable * to send in a request to Amazon S3. */ public byte[] convertToXmlByteArray(AccessControlList acl) throws SdkClientException { Owner owner = acl.getOwner(); if (owner == null) { throw new SdkClientException("Invalid AccessControlList: missing an S3Owner"); } XmlWriter xml = new XmlWriter(); xml.start("AccessControlPolicy", "xmlns", Constants.XML_NAMESPACE); xml.start("Owner"); if (owner.getId() != null) { xml.start("ID").value(owner.getId()).end(); } if (owner.getDisplayName() != null) { xml.start("DisplayName").value(owner.getDisplayName()).end(); } xml.end(); xml.start("AccessControlList"); for (Grant grant : acl.getGrantsAsList()) { xml.start("Grant"); convertToXml(grant.getGrantee(), xml); xml.start("Permission").value(grant.getPermission().toString()).end(); xml.end(); } xml.end(); xml.end(); return xml.getBytes(); }
public Object put(String path, InputStream fileInputStream, Long contentLenght) { if (contentLenght == null || contentLenght <= 0) { FindContentLengthResult result = findContentLength(fileInputStream); contentLenght = result.getContentLength(); fileInputStream = result.getFileInputStream(); } ObjectMetadata meta = new ObjectMetadata(); meta.setContentLength(contentLenght); AccessControlList acl = new AccessControlList(); acl.grantPermission(GroupGrantee.AllUsers, Permission.Read); return amazonS3Client.putObject(new PutObjectRequest(getBucketName(), path, fileInputStream, meta).withAccessControlList(acl)); }
private void createBucket(String bucketName) { AccessControlList configuration = null; try { configuration = s3Client.getBucketAcl(bucketName); } catch (Exception e) { LOG.info("Bucket " + bucketName + " does not exist."); } if (configuration == null) { Bucket bucket = s3Client.createBucket(bucketName); LOG.info("Created bucket " + bucket.getName() + " at " + bucket.getCreationDate()); } }
public void createBucket(String bucketName) { AccessControlList configuration = s3Client.getBucketAcl(bucketName); if (configuration == null) { Bucket bucket = s3Client.createBucket(bucketName); LOG.info("Created bucket " + bucket.getName() + " at " + bucket.getCreationDate()); } }
protected AccessControlList getAccessControlList(MirrorOptions options, String key) throws Exception { Exception ex = null; AccessControlList acl = null; for (int tries = 0; tries < options.getMaxRetries(); tries++) { try { context.getStats().getCount.incrementAndGet(); acl = client.getObjectAcl(options.getSourceBucket(), key); break; } catch (Exception e) { ex = e; if (tries >= options.getMaxRetries()) { if (options.isVerbose()) { log.error("getObjectAcl( {} ) failed (try # {} ), giving up", key, tries); } break; } else if (options.isVerbose()) { log.warn("getObjectAcl( {} ) failed (try # {} ), retrying...", key, tries); } } } if (acl != null) { return acl; } else { throw ex; } }
@Override public void prepareCommit() throws Exception { logger.info("prepareCommit"); if (!validS3Sink) { // check if bucket exist if (!s3Client.doesBucketExist(bucketName)) { System.out.println("bucket does not exist."); logger.info("Bucket does not Exist"); s3Client.createBucket(bucketName); } logger.info("Bucket Exist"); /* * BucketVersioningConfiguration configuration = new * BucketVersioningConfiguration( bucketVersionConfig); * SetBucketVersioningConfigurationRequest request = new * SetBucketVersioningConfigurationRequest( bucketName, configuration); * s3Client.setBucketVersioningConfiguration(request); */ AccessControlList acl = s3Client.getBucketAcl(bucketName); List<Permission> permissions = new ArrayList<Permission>(); for (Grant grant : acl.getGrants()) { permissions.add(grant.getPermission()); } if (permissions.contains(Permission.FullControl) || permissions.contains(Permission.Write)) { validS3Sink = true; } } else { validS3Sink = true; } logger.info("validS3Sink = " + validS3Sink); System.out.println("validS3Sink = " + validS3Sink); }
@Test public void testGetBucketAcl() { AmazonS3Mock s3sinkMock = new AmazonS3Mock(); AccessControlList acl = s3sinkMock.getBucketAcl("test"); assertTrue(acl != null); }
@Override public AccessControlList getBucketAcl(String bucketName) throws AmazonClientException, AmazonServiceException { throwException(getBucketAclException); AccessControlList acl = new AccessControlList(); acl.grantPermission(GroupGrantee.AllUsers, Permission.FullControl); return acl; }
@Override public AccessControlList getObjectAcl(String bucketName, String key) throws AmazonClientException, AmazonServiceException { return delegate.getObjectAcl(bucketName, key); }
@Override public AccessControlList getObjectAcl(String bucketName, String key, String versionId) throws AmazonClientException, AmazonServiceException { return delegate.getObjectAcl(bucketName, key, versionId); }
@Override public AccessControlList getObjectAcl(GetObjectAclRequest getObjectAclRequest) throws AmazonClientException, AmazonServiceException { return delegate.getObjectAcl(getObjectAclRequest); }
@Override public void setObjectAcl(String bucketName, String key, AccessControlList acl) throws AmazonClientException, AmazonServiceException { delegate.setObjectAcl(bucketName, key, acl); }
@Override public void setObjectAcl(String bucketName, String key, String versionId, AccessControlList acl) throws AmazonClientException, AmazonServiceException { delegate.setObjectAcl(bucketName, key, versionId, acl); }
@Override public AccessControlList getBucketAcl(String bucketName) throws AmazonClientException, AmazonServiceException { return delegate.getBucketAcl(bucketName); }
@Override public AccessControlList getBucketAcl(GetBucketAclRequest getBucketAclRequest) throws AmazonClientException, AmazonServiceException { return delegate.getBucketAcl(getBucketAclRequest); }
@Override public void setBucketAcl(String bucketName, AccessControlList acl) throws AmazonClientException, AmazonServiceException { delegate.setBucketAcl(bucketName, acl); }
@Override public AccessControlList getObjectAcl(String bucketName, String key) throws AmazonClientException, AmazonServiceException { throw new UnsupportedOperationException(); }
@Override public AccessControlList getObjectAcl(String bucketName, String key, String versionId) throws AmazonClientException, AmazonServiceException { throw new UnsupportedOperationException(); }
@Override public void setObjectAcl(String bucketName, String key, AccessControlList acl) throws AmazonClientException, AmazonServiceException { throw new UnsupportedOperationException(); }
@Override public void setObjectAcl(String bucketName, String key, String versionId, AccessControlList acl) throws AmazonClientException, AmazonServiceException { throw new UnsupportedOperationException(); }
@Override public AccessControlList getBucketAcl(String bucketName) throws AmazonClientException, AmazonServiceException { throw new UnsupportedOperationException(); }
