下面列出了怎么用com.amazonaws.services.s3.model.Permission的API类实例代码及写法,或者点击链接到github查看源代码。
/**
* This method is to check whether s3 bucket has read/write/full control
*
* @param grants
* @param accessTypeToCheck
* @return List<Permission>, if permissions found else empty
*/
private static Set<Permission> checkAnyGrantHasOpenToReadOrWriteAccess(List<Grant> grants, String accessTypeToCheck) {
Set<Permission> permissions = new HashSet();
for (Grant grant : grants) {
if ((PacmanRuleConstants.ANY_S3_AUTHENTICATED_USER_URI
.equalsIgnoreCase(grant.getGrantee().getIdentifier()) || PacmanRuleConstants.ALL_S3_USER_URI
.equalsIgnoreCase(grant.getGrantee().getIdentifier()))
&&
(accessTypeToCheck.contains(grant.getPermission()
.toString()) || grant.getPermission().toString()
.equalsIgnoreCase(PacmanRuleConstants.FULL_CONTROL))) {
permissions.add(grant.getPermission());
}
}
return permissions;
}
/**
* @param awsS3Client
* @param s3BucketName
* @param accessType
* @return
*/
public static Set<Permission> checkACLPermissions(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
AccessControlList bucketAcl;
Set<Permission> permissionList = new HashSet<>();
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
if (!CollectionUtils.isNullOrEmpty(grants)) {
permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
}
} catch (AmazonS3Exception s3Exception) {
logger.error("error : ", s3Exception);
throw new RuleExecutionFailedExeption(s3Exception.getMessage());
}
return permissionList;
}
public static boolean checkACLAccess(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
logger.info("inside the checkACLAccess method");
Boolean openAcces = false;
AccessControlList bucketAcl;
List<Permission> permissionList = null;
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
// Check grants has which permission
if (!CollectionUtils.isNullOrEmpty(grants)) {
permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
if (!CollectionUtils.isNullOrEmpty(permissionList)) {
openAcces = true;
}
}
} catch (AmazonS3Exception s3Exception) {
logger.error("error : ", s3Exception);
throw new RuleExecutionFailedExeption(s3Exception.getMessage());
}
return openAcces;
}
/**
* This method is to check whether s3 bucket has read/write/full control
*
* @param grants
* @param accessTypeToCheck
* @return List<Permission>, if permissions found else empty
*/
private static List<Permission> checkAnyGrantHasOpenToReadOrWriteAccess(List<Grant> grants, String accessTypeToCheck) {
List<Permission> permissions = new ArrayList<>();
for (Grant grant : grants) {
if ((PacmanRuleConstants.ANY_S3_AUTHENTICATED_USER_URI.equalsIgnoreCase(grant.getGrantee().getIdentifier()) || PacmanRuleConstants.ALL_S3_USER_URI
.equalsIgnoreCase(grant.getGrantee().getIdentifier()))
&&
(grant.getPermission().toString().contains(accessTypeToCheck) || grant.getPermission().toString()
.equalsIgnoreCase(PacmanRuleConstants.FULL_CONTROL))) {
permissions.add(grant.getPermission());
}
}
return permissions;
}
public static void setBucketAcl(String bucket_name, String email, String access) {
System.out.format("Setting %s access for %s\n", access, email);
System.out.println("on bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
// get the current ACL
AccessControlList acl = s3.getBucketAcl(bucket_name);
// set access for the grantee
EmailAddressGrantee grantee = new EmailAddressGrantee(email);
Permission permission = Permission.valueOf(access);
acl.grantPermission(grantee, permission);
s3.setBucketAcl(bucket_name, acl);
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
public static void setObjectAcl(String bucket_name, String object_key, String email, String access) {
System.out.format("Setting %s access for %s\n", access, email);
System.out.println("for object: " + object_key);
System.out.println(" in bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
// get the current ACL
AccessControlList acl = s3.getObjectAcl(bucket_name, object_key);
// set access for the grantee
EmailAddressGrantee grantee = new EmailAddressGrantee(email);
Permission permission = Permission.valueOf(access);
acl.grantPermission(grantee, permission);
s3.setObjectAcl(bucket_name, object_key, acl);
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
@Test
public void testUpdateBlobXmlAcls() throws Exception {
assumeTrue(!Quirks.NO_BLOB_ACCESS_CONTROL.contains(blobStoreType));
String blobName = "testUpdateBlobXmlAcls-blob";
ObjectMetadata metadata = new ObjectMetadata();
metadata.setContentLength(BYTE_SOURCE.size());
client.putObject(containerName, blobName, BYTE_SOURCE.openStream(),
metadata);
AccessControlList acl = client.getObjectAcl(containerName, blobName);
acl.grantPermission(GroupGrantee.AllUsers, Permission.Read);
client.setObjectAcl(containerName, blobName, acl);
assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl);
acl.revokeAllPermissions(GroupGrantee.AllUsers);
client.setObjectAcl(containerName, blobName, acl);
assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl);
acl.grantPermission(GroupGrantee.AllUsers, Permission.Write);
try {
client.setObjectAcl(containerName, blobName, acl);
Fail.failBecauseExceptionWasNotThrown(AmazonS3Exception.class);
} catch (AmazonS3Exception e) {
assertThat(e.getErrorCode()).isEqualTo("NotImplemented");
}
}
private AccessControlList getAcl(final AmazonS3 s3Client) {
ArrayList<Grant> grantCollection = new ArrayList<>();
// Grant the account owner full control.
Grant grant1 = new Grant(new CanonicalGrantee(s3Client.getS3AccountOwner().getId()), Permission.FullControl);
grantCollection.add(grant1);
// Save grants by replacing all current ACL grants with the two we just created.
AccessControlList bucketAcl = new AccessControlList();
bucketAcl.grantAllPermissions(grantCollection.toArray(new Grant[0]));
return bucketAcl;
}
@Override
public void prepareCommit() throws Exception {
logger.info("prepareCommit");
if (!validS3Sink) {
// check if bucket exist
if (!s3Client.doesBucketExist(bucketName)) {
System.out.println("bucket does not exist.");
logger.info("Bucket does not Exist");
s3Client.createBucket(bucketName);
}
logger.info("Bucket Exist");
/*
* BucketVersioningConfiguration configuration = new
* BucketVersioningConfiguration( bucketVersionConfig);
* SetBucketVersioningConfigurationRequest request = new
* SetBucketVersioningConfigurationRequest( bucketName, configuration);
* s3Client.setBucketVersioningConfiguration(request);
*/
AccessControlList acl = s3Client.getBucketAcl(bucketName);
List<Permission> permissions = new ArrayList<Permission>();
for (Grant grant : acl.getGrants()) {
permissions.add(grant.getPermission());
}
if (permissions.contains(Permission.FullControl) || permissions.contains(Permission.Write)) {
validS3Sink = true;
}
} else {
validS3Sink = true;
}
logger.info("validS3Sink = " + validS3Sink);
System.out.println("validS3Sink = " + validS3Sink);
}
@Override
public AccessControlList getBucketAcl(String bucketName) throws AmazonClientException, AmazonServiceException {
throwException(getBucketAclException);
AccessControlList acl = new AccessControlList();
acl.grantPermission(GroupGrantee.AllUsers, Permission.FullControl);
return acl;
}