com.amazonaws.services.s3.model.AccessControlList Java Examples
The following examples show how to use
com.amazonaws.services.s3.model.AccessControlList.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SetAcl.java From aws-doc-sdk-examples with Apache License 2.0 | 6 votes |
|
public static void setObjectAcl(String bucket_name, String object_key, String email, String access) {
System.out.format("Setting %s access for %s\n", access, email);
System.out.println("for object: " + object_key);
System.out.println(" in bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
// get the current ACL
AccessControlList acl = s3.getObjectAcl(bucket_name, object_key);
// set access for the grantee
EmailAddressGrantee grantee = new EmailAddressGrantee(email);
Permission permission = Permission.valueOf(access);
acl.grantPermission(grantee, permission);
s3.setObjectAcl(bucket_name, object_key, acl);
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
Example #2
| Source File: AwsSdkTest.java From s3proxy with Apache License 2.0 | 6 votes |
|
@Test
public void testUpdateBlobXmlAcls() throws Exception {
assumeTrue(!Quirks.NO_BLOB_ACCESS_CONTROL.contains(blobStoreType));
String blobName = "testUpdateBlobXmlAcls-blob";
ObjectMetadata metadata = new ObjectMetadata();
metadata.setContentLength(BYTE_SOURCE.size());
client.putObject(containerName, blobName, BYTE_SOURCE.openStream(),
metadata);
AccessControlList acl = client.getObjectAcl(containerName, blobName);
acl.grantPermission(GroupGrantee.AllUsers, Permission.Read);
client.setObjectAcl(containerName, blobName, acl);
assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl);
acl.revokeAllPermissions(GroupGrantee.AllUsers);
client.setObjectAcl(containerName, blobName, acl);
assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl);
acl.grantPermission(GroupGrantee.AllUsers, Permission.Write);
try {
client.setObjectAcl(containerName, blobName, acl);
Fail.failBecauseExceptionWasNotThrown(AmazonS3Exception.class);
} catch (AmazonS3Exception e) {
assertThat(e.getErrorCode()).isEqualTo("NotImplemented");
}
}
Example #3
| Source File: SetAcl.java From aws-doc-sdk-examples with Apache License 2.0 | 6 votes |
|
public static void setBucketAcl(String bucket_name, String email, String access) {
System.out.format("Setting %s access for %s\n", access, email);
System.out.println("on bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
// get the current ACL
AccessControlList acl = s3.getBucketAcl(bucket_name);
// set access for the grantee
EmailAddressGrantee grantee = new EmailAddressGrantee(email);
Permission permission = Permission.valueOf(access);
acl.grantPermission(grantee, permission);
s3.setBucketAcl(bucket_name, acl);
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
Example #4
| Source File: GetAcl.java From aws-doc-sdk-examples with Apache License 2.0 | 6 votes |
|
public static void getObjectAcl(String bucket_name, String object_key) {
System.out.println("Retrieving ACL for object: " + object_key);
System.out.println(" in bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
AccessControlList acl = s3.getObjectAcl(bucket_name, object_key);
List<Grant> grants = acl.getGrantsAsList();
for (Grant grant : grants) {
System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(),
grant.getPermission().toString());
}
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
Example #5
| Source File: GetAcl.java From aws-doc-sdk-examples with Apache License 2.0 | 6 votes |
|
public static void getBucketAcl(String bucket_name) {
System.out.println("Retrieving ACL for bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
AccessControlList acl = s3.getBucketAcl(bucket_name);
List<Grant> grants = acl.getGrantsAsList();
for (Grant grant : grants) {
System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(),
grant.getPermission().toString());
}
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
Example #6
| Source File: S3GlobalAccessAutoFix.java From pacbot with Apache License 2.0 | 6 votes |
|
@Override
public boolean backupExistingConfigForResource(final String resourceId, final String resourceType,
Map<String, Object> clientMap, Map<String, String> ruleParams,Map<String, String> issue) throws AutoFixException {
LOGGER.debug(String.format("backing up the config for %s" , resourceId));
AmazonS3 client = (AmazonS3) clientMap.get("client");
Gson gson = new Gson();
AccessControlList bucketAcl = client.getBucketAcl(resourceId);
List<Grant> grants = bucketAcl.getGrantsAsList();
String oldConfig = gson.toJson(grants);
backupOldConfig(resourceId, BUCKET_ACL, oldConfig);
BucketPolicy bucketPolicy = client.getBucketPolicy(resourceId);
if (!Strings.isNullOrEmpty(bucketPolicy.getPolicyText())) {
backupOldConfig(resourceId, BUCKET_POLICY, bucketPolicy.getPolicyText());
}
LOGGER.debug("backup complete for " + resourceId);
return true;
}
Example #7
| Source File: TestS3FileSystem.java From dremio-oss with Apache License 2.0 | 6 votes |
|
@Test
public void testUnknownContainerExists() {
TestExtendedS3FileSystem fs = new TestExtendedS3FileSystem();
AmazonS3 mockedS3Client = mock(AmazonS3.class);
Owner owner = new Owner();
owner.setId("2350f639447f872b12d9e2298200704aa3b70cea0e127d544748da0351f79118");
when(mockedS3Client.doesBucketExistV2(any(String.class))).thenReturn(true);
when(mockedS3Client.getS3AccountOwner()).thenReturn(owner);
AccessControlList acl = getAcl(mockedS3Client);
when(mockedS3Client.getBucketAcl(any(String.class))).thenReturn(acl);
fs.setCustomClient(mockedS3Client);
try {
assertNotNull(fs.getUnknownContainer("testunknown"));
} catch (IOException e) {
fail(e.getMessage());
}
}
Example #8
| Source File: PacmanUtils.java From pacbot with Apache License 2.0 | 6 votes |
|
public static boolean checkACLAccess(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
logger.info("inside the checkACLAccess method");
Boolean openAcces = false;
AccessControlList bucketAcl;
List<Permission> permissionList = null;
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
// Check grants has which permission
if (!CollectionUtils.isNullOrEmpty(grants)) {
permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
if (!CollectionUtils.isNullOrEmpty(permissionList)) {
openAcces = true;
}
}
} catch (AmazonS3Exception s3Exception) {
logger.error("error : ", s3Exception);
throw new RuleExecutionFailedExeption(s3Exception.getMessage());
}
return openAcces;
}
Example #9
| Source File: S3PacbotUtils.java From pacbot with Apache License 2.0 | 6 votes |
|
/**
* @param awsS3Client
* @param s3BucketName
* @param accessType
* @return
*/
public static Set<Permission> checkACLPermissions(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
AccessControlList bucketAcl;
Set<Permission> permissionList = new HashSet<>();
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
if (!CollectionUtils.isNullOrEmpty(grants)) {
permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
}
} catch (AmazonS3Exception s3Exception) {
logger.error("error : ", s3Exception);
throw new RuleExecutionFailedExeption(s3Exception.getMessage());
}
return permissionList;
}
Example #10
| Source File: S3CossEndpoint.java From super-cloudops with Apache License 2.0 | 5 votes |
|
@Override
public S3ObjectAcl getObjectAcl(String bucketName, String key) {
S3ObjectAcl acl = new S3ObjectAcl();
AccessControlList s3Acl = s3Client.getObjectAcl(bucketName, key);
acl.setOwner(new Owner(s3Acl.getOwner().getId(), s3Acl.getOwner().getDisplayName()));
// TODO
// acl.setAcl(ACL.parse(s3Acl.getGrantsAsList()));
return acl;
}
Example #11
| Source File: AmazonS3Mock.java From Scribengin with GNU Affero General Public License v3.0 | 5 votes |
|
@Override
public AccessControlList getBucketAcl(String bucketName) throws AmazonClientException, AmazonServiceException {
throwException(getBucketAclException);
AccessControlList acl = new AccessControlList();
acl.grantPermission(GroupGrantee.AllUsers, Permission.FullControl);
return acl;
}
Example #12
| Source File: AmazonS3MockUnitTest.java From Scribengin with GNU Affero General Public License v3.0 | 5 votes |
|
@Test
public void testGetBucketAcl() {
AmazonS3Mock s3sinkMock = new AmazonS3Mock();
AccessControlList acl = s3sinkMock.getBucketAcl("test");
assertTrue(acl != null);
}
Example #13
| Source File: S3SinkStreamWriter.java From Scribengin with GNU Affero General Public License v3.0 | 5 votes |
|
@Override
public void prepareCommit() throws Exception {
logger.info("prepareCommit");
if (!validS3Sink) {
// check if bucket exist
if (!s3Client.doesBucketExist(bucketName)) {
System.out.println("bucket does not exist.");
logger.info("Bucket does not Exist");
s3Client.createBucket(bucketName);
}
logger.info("Bucket Exist");
/*
* BucketVersioningConfiguration configuration = new
* BucketVersioningConfiguration( bucketVersionConfig);
* SetBucketVersioningConfigurationRequest request = new
* SetBucketVersioningConfigurationRequest( bucketName, configuration);
* s3Client.setBucketVersioningConfiguration(request);
*/
AccessControlList acl = s3Client.getBucketAcl(bucketName);
List<Permission> permissions = new ArrayList<Permission>();
for (Grant grant : acl.getGrants()) {
permissions.add(grant.getPermission());
}
if (permissions.contains(Permission.FullControl) || permissions.contains(Permission.Write)) {
validS3Sink = true;
}
} else {
validS3Sink = true;
}
logger.info("validS3Sink = " + validS3Sink);
System.out.println("validS3Sink = " + validS3Sink);
}
Example #14
| Source File: S3GlobalAccessAutoFix.java From pacbot with Apache License 2.0 | 5 votes |
|
/**
* revokes all ACL permissions.
*
* @param awsS3Client the aws S 3 client
* @param s3BucketName the s 3 bucket name
*/
private void revokeACLPublicPermission(AmazonS3Client awsS3Client, String s3BucketName) {
AccessControlList bucketAcl;
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
if (!CollectionUtils.isNullOrEmpty(grants)) {
for (Grant grant : grants) {
if ((PacmanSdkConstants.ANY_S3_AUTHENTICATED_USER_URI
.equalsIgnoreCase(grant.getGrantee().getIdentifier())
|| PacmanSdkConstants.ALL_S3_USER_URI.equalsIgnoreCase(grant.getGrantee().getIdentifier()))
&&
(grant.getPermission().toString().equalsIgnoreCase(PacmanSdkConstants.READ_ACCESS) || (grant
.getPermission().toString().equalsIgnoreCase(PacmanSdkConstants.WRITE_ACCESS)
|| (grant.getPermission().toString()
.equalsIgnoreCase(PacmanSdkConstants.READ_ACP_ACCESS)
|| (grant.getPermission().toString()
.equalsIgnoreCase(PacmanSdkConstants.WRITE_ACP_ACCESS)
|| grant.getPermission().toString()
.equalsIgnoreCase(PacmanSdkConstants.FULL_CONTROL)))))) {
bucketAcl.revokeAllPermissions(grant.getGrantee());
}
}
awsS3Client.setBucketAcl(s3BucketName, bucketAcl);
}
} catch (AmazonS3Exception s3Exception) {
LOGGER.error(String.format("AmazonS3Exception in revokeACLPublicPermission: %s", s3Exception.getMessage()));
throw new RuleEngineRunTimeException(s3Exception);
}
}
Example #15
| Source File: AmazonS3Mock.java From Scribengin with GNU Affero General Public License v3.0 | 4 votes |
|
@Override
public void setBucketAcl(String bucketName, AccessControlList acl) throws AmazonClientException,
AmazonServiceException {
// TODO Auto-generated method stub
}
Example #16
| Source File: AmazonS3Mock.java From Scribengin with GNU Affero General Public License v3.0 | 4 votes |
|
@Override
public AccessControlList getBucketAcl(GetBucketAclRequest getBucketAclRequest) throws AmazonClientException,
AmazonServiceException {
// TODO Auto-generated method stub
return null;
}
Example #17
| Source File: AmazonS3Mock.java From Scribengin with GNU Affero General Public License v3.0 | 4 votes |
|
@Override
public void setObjectAcl(String bucketName, String key, String versionId, AccessControlList acl)
throws AmazonClientException, AmazonServiceException {
// TODO Auto-generated method stub
}
Example #18
| Source File: AmazonS3Mock.java From Scribengin with GNU Affero General Public License v3.0 | 4 votes |
|
@Override
public void setObjectAcl(String bucketName, String key, AccessControlList acl) throws AmazonClientException,
AmazonServiceException {
// TODO Auto-generated method stub
}
Example #19
| Source File: AmazonS3Mock.java From Scribengin with GNU Affero General Public License v3.0 | 4 votes |
|
@Override
public AccessControlList getObjectAcl(String bucketName, String key, String versionId) throws AmazonClientException,
AmazonServiceException {
// TODO Auto-generated method stub
return null;
}
Example #20
| Source File: AmazonS3Mock.java From Scribengin with GNU Affero General Public License v3.0 | 4 votes |
|
@Override
public AccessControlList getObjectAcl(String bucketName, String key) throws AmazonClientException,
AmazonServiceException {
// TODO Auto-generated method stub
return null;
}
Example #21
| Source File: DummyS3Client.java From ignite with Apache License 2.0 | 4 votes |
|
/** Unsupported Operation. */
@Override public void setBucketAcl(String bucketName, AccessControlList acl) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
Example #22
| Source File: DummyS3Client.java From ignite with Apache License 2.0 | 4 votes |
|
/** Unsupported Operation. */
@Override public AccessControlList getBucketAcl(GetBucketAclRequest getBucketAclReq) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
Example #23
| Source File: DummyS3Client.java From ignite with Apache License 2.0 | 4 votes |
|
/** Unsupported Operation. */
@Override public AccessControlList getBucketAcl(String bucketName) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
Example #24
| Source File: DummyS3Client.java From ignite with Apache License 2.0 | 4 votes |
|
/** Unsupported Operation. */
@Override public void setObjectAcl(String bucketName, String key, String verId,
AccessControlList acl) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
Example #25
| Source File: DummyS3Client.java From ignite with Apache License 2.0 | 4 votes |
|
/** Unsupported Operation. */
@Override public void setObjectAcl(String bucketName, String key, AccessControlList acl) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
Example #26
| Source File: DummyS3Client.java From ignite with Apache License 2.0 | 4 votes |
|
/** Unsupported Operation. */
@Override public AccessControlList getObjectAcl(GetObjectAclRequest getObjAclReq) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
Example #27
| Source File: DummyS3Client.java From ignite with Apache License 2.0 | 4 votes |
|
/** Unsupported Operation. */
@Override public AccessControlList getObjectAcl(String bucketName, String key,
String verId) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
Example #28
| Source File: DummyS3Client.java From ignite with Apache License 2.0 | 4 votes |
|
/** Unsupported Operation. */
@Override public AccessControlList getObjectAcl(String bucketName,
String key) throws SdkClientException {
throw new UnsupportedOperationException("Operation not supported");
}
Example #29
| Source File: TestS3FileSystem.java From dremio-oss with Apache License 2.0 | 4 votes |
|
private AccessControlList getAcl(final AmazonS3 s3Client) {
ArrayList<Grant> grantCollection = new ArrayList<>();
// Grant the account owner full control.
Grant grant1 = new Grant(new CanonicalGrantee(s3Client.getS3AccountOwner().getId()), Permission.FullControl);
grantCollection.add(grant1);
// Save grants by replacing all current ACL grants with the two we just created.
AccessControlList bucketAcl = new AccessControlList();
bucketAcl.grantAllPermissions(grantCollection.toArray(new Grant[0]));
return bucketAcl;
}
