@Override public String toString() { return "AccessControlList [owner=" + owner + ", grants=" + getGrantsAsList() + "]"; }
owner.setId(ownerId); if (acl == null) { acl = new AccessControlList(); acl.setOwner(owner); acl = new AccessControlList(); acl.grantPermission(grantee, Permission.FullControl); acl = new AccessControlList(); acl.grantPermission(grantee, Permission.Read); acl = new AccessControlList(); acl.grantPermission(grantee, Permission.Write); acl = new AccessControlList(); acl.grantPermission(grantee, Permission.ReadAcp); acl = new AccessControlList(); acl.grantPermission(grantee, Permission.WriteAcp);
if (in("AccessControlPolicy", "Owner")) { if (name.equals("ID")) { accessControlList.getOwner().setId(getText()); } else if (name.equals("DisplayName")) { accessControlList.getOwner().setDisplayName(getText()); accessControlList.grantPermission( currentGrantee, currentPermission);
static AccessControlList grantFullControlToBucketOwner(ServerSideEncryptingAmazonS3 s3Client, String bucket) { final AccessControlList acl = s3Client.getBucketAcl(bucket); acl.grantAllPermissions(new Grant(new CanonicalGrantee(acl.getOwner().getId()), Permission.FullControl)); return acl; }
Owner owner = acl.getOwner(); if (owner == null) { throw new SdkClientException("Invalid AccessControlList: missing an S3Owner"); for (Grant grant : acl.getGrantsAsList()) { xml.start("Grant"); convertToXml(grant.getGrantee(), xml);
AccessControlList acl = new AccessControlList(); acl.grantPermission(GroupGrantee.AllUsers, Permission.Read);
/** * Adds a set of grantee/permission pairs to the access control list (ACL), where each item in the * set is a {@link Grant} object. * * @param grantsVarArg * A collection of {@link Grant} objects */ public void grantAllPermissions(Grant... grantsVarArg) { for (Grant gap : grantsVarArg) { grantPermission(gap.getGrantee(), gap.getPermission()); } }
try { bucketAcl = awsS3Client.getBucketAcl(s3BucketName); List<Grant> grants = bucketAcl.getGrantsAsList(); if (!CollectionUtils.isNullOrEmpty(grants)) { for (Grant grant : grants) { || grant.getPermission().toString() .equalsIgnoreCase(PacmanSdkConstants.FULL_CONTROL)))))) { bucketAcl.revokeAllPermissions(grant.getGrantee());
@Override protected void doStartElement( String uri, String name, String qName, Attributes attrs) { if (in("AccessControlPolicy")) { if (name.equals("Owner")) { accessControlList.setOwner(new Owner()); } } else if (in("AccessControlPolicy", "AccessControlList", "Grant")) { if (name.equals("Grantee")) { String type = XmlResponsesSaxParser .findAttributeValue( "xsi:type", attrs ); if ("AmazonCustomerByEmail".equals(type)) { currentGrantee = new EmailAddressGrantee(null); } else if ("CanonicalUser".equals(type)) { currentGrantee = new CanonicalGrantee(null); } else if ("Group".equals(type)) { /* * Nothing to do for GroupGrantees here since we * can't construct an empty enum value early. */ } } } }
@Test public void testSetACL() { AccessControlList acl = new AccessControlList(); EasyMock.reset(mockS3); EasyMock.expect(mockS3.getRegion()).andReturn(Region.US_Standard); mockS3.setObjectAcl(anyObject(String.class), anyObject(String.class), anyObject(String.class), eq(acl), eq((RequestMetricCollector) null)); EasyMock.expectLastCall().once(); EasyMock.replay(mockS3); mapper.getS3ClientCache().useClient(mockS3); S3Link link = mapper.createS3Link(bucket, key); link.setAcl(acl); EasyMock.verify(mockS3); }
/** * Gets the list of {@link Grant} objects in this access control list (ACL). * * @return The list of {@link Grant} objects in this ACL. */ public List<Grant> getGrantsAsList() { checkState(); if (grantList == null) { if (grantSet == null) { grantList = new LinkedList<Grant>(); } else { grantList = new LinkedList<Grant>(grantSet); grantSet = null; } } return grantList; }
result.setSize(metadata.getContentLength()); AccessControlList objectAcl = client.getObjectAcl(bucketName, key); result.setOwner(objectAcl.getOwner()); return result; } catch (AmazonS3Exception e) {
final Set<Grant> grants = acl.getGrants(); final Map<Permission, Collection<Grantee>> grantsByPermission = new HashMap<Permission, Collection<Grantee>>(); for (final Grant grant : grants) {
private void verifyAcls(AccessControlList acl1, AccessControlList acl2) { Assert.assertEquals(acl1.getOwner(), acl2.getOwner()); for (Grant grant : acl1.getGrantsAsList()) { Assert.assertTrue(acl2.getGrantsAsList().contains(grant)); } for (Grant grant : acl2.getGrantsAsList()) { Assert.assertTrue(acl1.getGrantsAsList().contains(grant)); } }
public static void setObjectAcl(String bucket_name, String object_key, String email, String access) { System.out.format("Setting %s access for %s\n", access, email); System.out.println("for object: " + object_key); System.out.println(" in bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { // get the current ACL AccessControlList acl = s3.getObjectAcl(bucket_name, object_key); // set access for the grantee EmailAddressGrantee grantee = new EmailAddressGrantee(email); Permission permission = Permission.valueOf(access); acl.grantPermission(grantee, permission); s3.setObjectAcl(bucket_name, object_key, acl); } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
@Override protected void doStartElement( String uri, String name, String qName, Attributes attrs) { if (in("AccessControlPolicy")) { if (name.equals("Owner")) { accessControlList.setOwner(new Owner()); } } else if (in("AccessControlPolicy", "AccessControlList", "Grant")) { if (name.equals("Grantee")) { final String type = XmlResponsesSaxParser .findAttributeValue("xsi:type", attrs); if ("AmazonCustomerByEmail".equals(type)) { currentGrantee = new EmailAddressGrantee(null); } else if ("CanonicalUser".equals(type)) { currentGrantee = new CanonicalGrantee(null); } else if ("Group".equals(type)) { /* * Nothing to do for GroupGrantees here since we can't * construct an empty enum value early. */ } } } }
static AccessControlList grantFullControlToBucketOwner(ServerSideEncryptingAmazonS3 s3Client, String bucket) { final AccessControlList acl = s3Client.getBucketAcl(bucket); acl.grantAllPermissions(new Grant(new CanonicalGrantee(acl.getOwner().getId()), Permission.FullControl)); return acl; }
protected AccessControlList getAccessControlList(MirrorOptions options, String key) throws Exception { Exception ex = null; for (int tries=0; tries<=options.getMaxRetries(); tries++) { try { context.getStats().s3getCount.incrementAndGet(); return client.getObjectAcl(options.getSourceBucket(), key); } catch (Exception e) { ex = e; if (tries >= options.getMaxRetries()) { // Annoyingly there can be two reasons for this to fail. It will fail if the IAM account // permissions are wrong, but it will also fail if we are copying an item that we don't // own ourselves. This may seem unusual, but it occurs when copying AWS Detailed Billing // objects since although they live in your bucket, the object owner is AWS. getLog().warn("Unable to obtain object ACL, copying item without ACL data."); return new AccessControlList(); } if (options.isVerbose()) { if (tries >= options.getMaxRetries()) { getLog().warn("getObjectAcl(" + key + ") failed (try #" + tries + "), giving up."); break; } else { getLog().warn("getObjectAcl("+key+") failed (try #"+tries+"), retrying..."); } } } } throw ex; }