下面列出了com.amazonaws.services.s3.model.CanonicalGrantee#com.amazonaws.services.s3.model.AccessControlList 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public boolean backupExistingConfigForResource(final String resourceId, final String resourceType,
Map<String, Object> clientMap, Map<String, String> ruleParams,Map<String, String> issue) throws AutoFixException {
LOGGER.debug(String.format("backing up the config for %s" , resourceId));
AmazonS3 client = (AmazonS3) clientMap.get("client");
Gson gson = new Gson();
AccessControlList bucketAcl = client.getBucketAcl(resourceId);
List<Grant> grants = bucketAcl.getGrantsAsList();
String oldConfig = gson.toJson(grants);
backupOldConfig(resourceId, BUCKET_ACL, oldConfig);
BucketPolicy bucketPolicy = client.getBucketPolicy(resourceId);
if (!Strings.isNullOrEmpty(bucketPolicy.getPolicyText())) {
backupOldConfig(resourceId, BUCKET_POLICY, bucketPolicy.getPolicyText());
}
LOGGER.debug("backup complete for " + resourceId);
return true;
}
/**
* @param awsS3Client
* @param s3BucketName
* @param accessType
* @return
*/
public static Set<Permission> checkACLPermissions(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
AccessControlList bucketAcl;
Set<Permission> permissionList = new HashSet<>();
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
if (!CollectionUtils.isNullOrEmpty(grants)) {
permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
}
} catch (AmazonS3Exception s3Exception) {
logger.error("error : ", s3Exception);
throw new RuleExecutionFailedExeption(s3Exception.getMessage());
}
return permissionList;
}
public static boolean checkACLAccess(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
logger.info("inside the checkACLAccess method");
Boolean openAcces = false;
AccessControlList bucketAcl;
List<Permission> permissionList = null;
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
// Check grants has which permission
if (!CollectionUtils.isNullOrEmpty(grants)) {
permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
if (!CollectionUtils.isNullOrEmpty(permissionList)) {
openAcces = true;
}
}
} catch (AmazonS3Exception s3Exception) {
logger.error("error : ", s3Exception);
throw new RuleExecutionFailedExeption(s3Exception.getMessage());
}
return openAcces;
}
@Test
public void testUnknownContainerExists() {
TestExtendedS3FileSystem fs = new TestExtendedS3FileSystem();
AmazonS3 mockedS3Client = mock(AmazonS3.class);
Owner owner = new Owner();
owner.setId("2350f639447f872b12d9e2298200704aa3b70cea0e127d544748da0351f79118");
when(mockedS3Client.doesBucketExistV2(any(String.class))).thenReturn(true);
when(mockedS3Client.getS3AccountOwner()).thenReturn(owner);
AccessControlList acl = getAcl(mockedS3Client);
when(mockedS3Client.getBucketAcl(any(String.class))).thenReturn(acl);
fs.setCustomClient(mockedS3Client);
try {
assertNotNull(fs.getUnknownContainer("testunknown"));
} catch (IOException e) {
fail(e.getMessage());
}
}
public static void getBucketAcl(String bucket_name) {
System.out.println("Retrieving ACL for bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
AccessControlList acl = s3.getBucketAcl(bucket_name);
List<Grant> grants = acl.getGrantsAsList();
for (Grant grant : grants) {
System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(),
grant.getPermission().toString());
}
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
public static void getObjectAcl(String bucket_name, String object_key) {
System.out.println("Retrieving ACL for object: " + object_key);
System.out.println(" in bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
AccessControlList acl = s3.getObjectAcl(bucket_name, object_key);
List<Grant> grants = acl.getGrantsAsList();
for (Grant grant : grants) {
System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(),
grant.getPermission().toString());
}
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
public static void setBucketAcl(String bucket_name, String email, String access) {
System.out.format("Setting %s access for %s\n", access, email);
System.out.println("on bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
// get the current ACL
AccessControlList acl = s3.getBucketAcl(bucket_name);
// set access for the grantee
EmailAddressGrantee grantee = new EmailAddressGrantee(email);
Permission permission = Permission.valueOf(access);
acl.grantPermission(grantee, permission);
s3.setBucketAcl(bucket_name, acl);
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
public static void setObjectAcl(String bucket_name, String object_key, String email, String access) {
System.out.format("Setting %s access for %s\n", access, email);
System.out.println("for object: " + object_key);
System.out.println(" in bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
// get the current ACL
AccessControlList acl = s3.getObjectAcl(bucket_name, object_key);
// set access for the grantee
EmailAddressGrantee grantee = new EmailAddressGrantee(email);
Permission permission = Permission.valueOf(access);
acl.grantPermission(grantee, permission);
s3.setObjectAcl(bucket_name, object_key, acl);
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
@Test
public void testUpdateBlobXmlAcls() throws Exception {
assumeTrue(!Quirks.NO_BLOB_ACCESS_CONTROL.contains(blobStoreType));
String blobName = "testUpdateBlobXmlAcls-blob";
ObjectMetadata metadata = new ObjectMetadata();
metadata.setContentLength(BYTE_SOURCE.size());
client.putObject(containerName, blobName, BYTE_SOURCE.openStream(),
metadata);
AccessControlList acl = client.getObjectAcl(containerName, blobName);
acl.grantPermission(GroupGrantee.AllUsers, Permission.Read);
client.setObjectAcl(containerName, blobName, acl);
assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl);
acl.revokeAllPermissions(GroupGrantee.AllUsers);
client.setObjectAcl(containerName, blobName, acl);
assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl);
acl.grantPermission(GroupGrantee.AllUsers, Permission.Write);
try {
client.setObjectAcl(containerName, blobName, acl);
Fail.failBecauseExceptionWasNotThrown(AmazonS3Exception.class);
} catch (AmazonS3Exception e) {
assertThat(e.getErrorCode()).isEqualTo("NotImplemented");
}
}
/**
* revokes all ACL permissions.
*
* @param awsS3Client the aws S 3 client
* @param s3BucketName the s 3 bucket name
*/
private void revokeACLPublicPermission(AmazonS3Client awsS3Client, String s3BucketName) {
AccessControlList bucketAcl;
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
if (!CollectionUtils.isNullOrEmpty(grants)) {
for (Grant grant : grants) {
if ((PacmanSdkConstants.ANY_S3_AUTHENTICATED_USER_URI
.equalsIgnoreCase(grant.getGrantee().getIdentifier())
|| PacmanSdkConstants.ALL_S3_USER_URI.equalsIgnoreCase(grant.getGrantee().getIdentifier()))
&&
(grant.getPermission().toString().equalsIgnoreCase(PacmanSdkConstants.READ_ACCESS) || (grant
.getPermission().toString().equalsIgnoreCase(PacmanSdkConstants.WRITE_ACCESS)
|| (grant.getPermission().toString()
.equalsIgnoreCase(PacmanSdkConstants.READ_ACP_ACCESS)
|| (grant.getPermission().toString()
.equalsIgnoreCase(PacmanSdkConstants.WRITE_ACP_ACCESS)
|| grant.getPermission().toString()
.equalsIgnoreCase(PacmanSdkConstants.FULL_CONTROL)))))) {
bucketAcl.revokeAllPermissions(grant.getGrantee());
}
}
awsS3Client.setBucketAcl(s3BucketName, bucketAcl);
}
} catch (AmazonS3Exception s3Exception) {
LOGGER.error(String.format("AmazonS3Exception in revokeACLPublicPermission: %s", s3Exception.getMessage()));
throw new RuleEngineRunTimeException(s3Exception);
}
}
@Override
public S3ObjectAcl getObjectAcl(String bucketName, String key) {
S3ObjectAcl acl = new S3ObjectAcl();
AccessControlList s3Acl = s3Client.getObjectAcl(bucketName, key);
acl.setOwner(new Owner(s3Acl.getOwner().getId(), s3Acl.getOwner().getDisplayName()));
// TODO
// acl.setAcl(ACL.parse(s3Acl.getGrantsAsList()));
return acl;
}
@Override
public void prepareCommit() throws Exception {
logger.info("prepareCommit");
if (!validS3Sink) {
// check if bucket exist
if (!s3Client.doesBucketExist(bucketName)) {
System.out.println("bucket does not exist.");
logger.info("Bucket does not Exist");
s3Client.createBucket(bucketName);
}
logger.info("Bucket Exist");
/*
* BucketVersioningConfiguration configuration = new
* BucketVersioningConfiguration( bucketVersionConfig);
* SetBucketVersioningConfigurationRequest request = new
* SetBucketVersioningConfigurationRequest( bucketName, configuration);
* s3Client.setBucketVersioningConfiguration(request);
*/
AccessControlList acl = s3Client.getBucketAcl(bucketName);
List<Permission> permissions = new ArrayList<Permission>();
for (Grant grant : acl.getGrants()) {
permissions.add(grant.getPermission());
}
if (permissions.contains(Permission.FullControl) || permissions.contains(Permission.Write)) {
validS3Sink = true;
}
} else {
validS3Sink = true;
}
logger.info("validS3Sink = " + validS3Sink);
System.out.println("validS3Sink = " + validS3Sink);
}
@Test
public void testGetBucketAcl() {
AmazonS3Mock s3sinkMock = new AmazonS3Mock();
AccessControlList acl = s3sinkMock.getBucketAcl("test");
assertTrue(acl != null);
}
@Override
public AccessControlList getBucketAcl(String bucketName) throws AmazonClientException, AmazonServiceException {
throwException(getBucketAclException);
AccessControlList acl = new AccessControlList();
acl.grantPermission(GroupGrantee.AllUsers, Permission.FullControl);
return acl;
}
private AccessControlList getAcl(final AmazonS3 s3Client) {
ArrayList<Grant> grantCollection = new ArrayList<>();
// Grant the account owner full control.
Grant grant1 = new Grant(new CanonicalGrantee(s3Client.getS3AccountOwner().getId()), Permission.FullControl);
grantCollection.add(grant1);
// Save grants by replacing all current ACL grants with the two we just created.
AccessControlList bucketAcl = new AccessControlList();
bucketAcl.grantAllPermissions(grantCollection.toArray(new Grant[0]));
return bucketAcl;
}
/** Unsupported Operation. */
@Override public AccessControlList getObjectAcl(String bucketName,
String key) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
/** Unsupported Operation. */
@Override public AccessControlList getObjectAcl(String bucketName, String key,
String verId) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
/** Unsupported Operation. */
@Override public AccessControlList getObjectAcl(GetObjectAclRequest getObjAclReq) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
/** Unsupported Operation. */
@Override public void setObjectAcl(String bucketName, String key, AccessControlList acl) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
/** Unsupported Operation. */
@Override public void setObjectAcl(String bucketName, String key, String verId,
AccessControlList acl) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
/** Unsupported Operation. */
@Override public AccessControlList getBucketAcl(String bucketName) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
/** Unsupported Operation. */
@Override public AccessControlList getBucketAcl(GetBucketAclRequest getBucketAclReq) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
/** Unsupported Operation. */
@Override public void setBucketAcl(String bucketName, AccessControlList acl) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
@Override
public AccessControlList getObjectAcl(String bucketName, String key) throws AmazonClientException,
AmazonServiceException {
// TODO Auto-generated method stub
return null;
}
@Override
public AccessControlList getObjectAcl(String bucketName, String key, String versionId) throws AmazonClientException,
AmazonServiceException {
// TODO Auto-generated method stub
return null;
}
@Override
public void setObjectAcl(String bucketName, String key, AccessControlList acl) throws AmazonClientException,
AmazonServiceException {
// TODO Auto-generated method stub
}
@Override
public void setObjectAcl(String bucketName, String key, String versionId, AccessControlList acl)
throws AmazonClientException, AmazonServiceException {
// TODO Auto-generated method stub
}
@Override
public AccessControlList getBucketAcl(GetBucketAclRequest getBucketAclRequest) throws AmazonClientException,
AmazonServiceException {
// TODO Auto-generated method stub
return null;
}
@Override
public void setBucketAcl(String bucketName, AccessControlList acl) throws AmazonClientException,
AmazonServiceException {
// TODO Auto-generated method stub
}