com.amazonaws.services.s3.model.Grant Java Examples
The following examples show how to use
com.amazonaws.services.s3.model.Grant.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: S3GlobalAccessAutoFix.java From pacbot with Apache License 2.0 | 6 votes |
|
@Override
public boolean backupExistingConfigForResource(final String resourceId, final String resourceType,
Map<String, Object> clientMap, Map<String, String> ruleParams,Map<String, String> issue) throws AutoFixException {
LOGGER.debug(String.format("backing up the config for %s" , resourceId));
AmazonS3 client = (AmazonS3) clientMap.get("client");
Gson gson = new Gson();
AccessControlList bucketAcl = client.getBucketAcl(resourceId);
List<Grant> grants = bucketAcl.getGrantsAsList();
String oldConfig = gson.toJson(grants);
backupOldConfig(resourceId, BUCKET_ACL, oldConfig);
BucketPolicy bucketPolicy = client.getBucketPolicy(resourceId);
if (!Strings.isNullOrEmpty(bucketPolicy.getPolicyText())) {
backupOldConfig(resourceId, BUCKET_POLICY, bucketPolicy.getPolicyText());
}
LOGGER.debug("backup complete for " + resourceId);
return true;
}
Example #2
| Source File: S3PacbotUtils.java From pacbot with Apache License 2.0 | 6 votes |
|
/**
* This method is to check whether s3 bucket has read/write/full control
*
* @param grants
* @param accessTypeToCheck
* @return List<Permission>, if permissions found else empty
*/
private static Set<Permission> checkAnyGrantHasOpenToReadOrWriteAccess(List<Grant> grants, String accessTypeToCheck) {
Set<Permission> permissions = new HashSet();
for (Grant grant : grants) {
if ((PacmanRuleConstants.ANY_S3_AUTHENTICATED_USER_URI
.equalsIgnoreCase(grant.getGrantee().getIdentifier()) || PacmanRuleConstants.ALL_S3_USER_URI
.equalsIgnoreCase(grant.getGrantee().getIdentifier()))
&&
(accessTypeToCheck.contains(grant.getPermission()
.toString()) || grant.getPermission().toString()
.equalsIgnoreCase(PacmanRuleConstants.FULL_CONTROL))) {
permissions.add(grant.getPermission());
}
}
return permissions;
}
Example #3
| Source File: S3PacbotUtils.java From pacbot with Apache License 2.0 | 6 votes |
|
/**
* @param awsS3Client
* @param s3BucketName
* @param accessType
* @return
*/
public static Set<Permission> checkACLPermissions(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
AccessControlList bucketAcl;
Set<Permission> permissionList = new HashSet<>();
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
if (!CollectionUtils.isNullOrEmpty(grants)) {
permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
}
} catch (AmazonS3Exception s3Exception) {
logger.error("error : ", s3Exception);
throw new RuleExecutionFailedExeption(s3Exception.getMessage());
}
return permissionList;
}
Example #4
| Source File: PacmanUtils.java From pacbot with Apache License 2.0 | 6 votes |
|
public static boolean checkACLAccess(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
logger.info("inside the checkACLAccess method");
Boolean openAcces = false;
AccessControlList bucketAcl;
List<Permission> permissionList = null;
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
// Check grants has which permission
if (!CollectionUtils.isNullOrEmpty(grants)) {
permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
if (!CollectionUtils.isNullOrEmpty(permissionList)) {
openAcces = true;
}
}
} catch (AmazonS3Exception s3Exception) {
logger.error("error : ", s3Exception);
throw new RuleExecutionFailedExeption(s3Exception.getMessage());
}
return openAcces;
}
Example #5
| Source File: PacmanUtils.java From pacbot with Apache License 2.0 | 6 votes |
|
/**
* This method is to check whether s3 bucket has read/write/full control
*
* @param grants
* @param accessTypeToCheck
* @return List<Permission>, if permissions found else empty
*/
private static List<Permission> checkAnyGrantHasOpenToReadOrWriteAccess(List<Grant> grants, String accessTypeToCheck) {
List<Permission> permissions = new ArrayList<>();
for (Grant grant : grants) {
if ((PacmanRuleConstants.ANY_S3_AUTHENTICATED_USER_URI.equalsIgnoreCase(grant.getGrantee().getIdentifier()) || PacmanRuleConstants.ALL_S3_USER_URI
.equalsIgnoreCase(grant.getGrantee().getIdentifier()))
&&
(grant.getPermission().toString().contains(accessTypeToCheck) || grant.getPermission().toString()
.equalsIgnoreCase(PacmanRuleConstants.FULL_CONTROL))) {
permissions.add(grant.getPermission());
}
}
return permissions;
}
Example #6
| Source File: GetAcl.java From aws-doc-sdk-examples with Apache License 2.0 | 6 votes |
|
public static void getBucketAcl(String bucket_name) {
System.out.println("Retrieving ACL for bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
AccessControlList acl = s3.getBucketAcl(bucket_name);
List<Grant> grants = acl.getGrantsAsList();
for (Grant grant : grants) {
System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(),
grant.getPermission().toString());
}
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
Example #7
| Source File: GetAcl.java From aws-doc-sdk-examples with Apache License 2.0 | 6 votes |
|
public static void getObjectAcl(String bucket_name, String object_key) {
System.out.println("Retrieving ACL for object: " + object_key);
System.out.println(" in bucket: " + bucket_name);
final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
try {
AccessControlList acl = s3.getObjectAcl(bucket_name, object_key);
List<Grant> grants = acl.getGrantsAsList();
for (Grant grant : grants) {
System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(),
grant.getPermission().toString());
}
} catch (AmazonServiceException e) {
System.err.println(e.getErrorMessage());
System.exit(1);
}
}
Example #8
| Source File: S3GlobalAccessAutoFix.java From pacbot with Apache License 2.0 | 5 votes |
|
/**
* revokes all ACL permissions.
*
* @param awsS3Client the aws S 3 client
* @param s3BucketName the s 3 bucket name
*/
private void revokeACLPublicPermission(AmazonS3Client awsS3Client, String s3BucketName) {
AccessControlList bucketAcl;
try {
bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
List<Grant> grants = bucketAcl.getGrantsAsList();
if (!CollectionUtils.isNullOrEmpty(grants)) {
for (Grant grant : grants) {
if ((PacmanSdkConstants.ANY_S3_AUTHENTICATED_USER_URI
.equalsIgnoreCase(grant.getGrantee().getIdentifier())
|| PacmanSdkConstants.ALL_S3_USER_URI.equalsIgnoreCase(grant.getGrantee().getIdentifier()))
&&
(grant.getPermission().toString().equalsIgnoreCase(PacmanSdkConstants.READ_ACCESS) || (grant
.getPermission().toString().equalsIgnoreCase(PacmanSdkConstants.WRITE_ACCESS)
|| (grant.getPermission().toString()
.equalsIgnoreCase(PacmanSdkConstants.READ_ACP_ACCESS)
|| (grant.getPermission().toString()
.equalsIgnoreCase(PacmanSdkConstants.WRITE_ACP_ACCESS)
|| grant.getPermission().toString()
.equalsIgnoreCase(PacmanSdkConstants.FULL_CONTROL)))))) {
bucketAcl.revokeAllPermissions(grant.getGrantee());
}
}
awsS3Client.setBucketAcl(s3BucketName, bucketAcl);
}
} catch (AmazonS3Exception s3Exception) {
LOGGER.error(String.format("AmazonS3Exception in revokeACLPublicPermission: %s", s3Exception.getMessage()));
throw new RuleEngineRunTimeException(s3Exception);
}
}
Example #9
| Source File: S3SinkStreamWriter.java From Scribengin with GNU Affero General Public License v3.0 | 5 votes |
|
@Override
public void prepareCommit() throws Exception {
logger.info("prepareCommit");
if (!validS3Sink) {
// check if bucket exist
if (!s3Client.doesBucketExist(bucketName)) {
System.out.println("bucket does not exist.");
logger.info("Bucket does not Exist");
s3Client.createBucket(bucketName);
}
logger.info("Bucket Exist");
/*
* BucketVersioningConfiguration configuration = new
* BucketVersioningConfiguration( bucketVersionConfig);
* SetBucketVersioningConfigurationRequest request = new
* SetBucketVersioningConfigurationRequest( bucketName, configuration);
* s3Client.setBucketVersioningConfiguration(request);
*/
AccessControlList acl = s3Client.getBucketAcl(bucketName);
List<Permission> permissions = new ArrayList<Permission>();
for (Grant grant : acl.getGrants()) {
permissions.add(grant.getPermission());
}
if (permissions.contains(Permission.FullControl) || permissions.contains(Permission.Write)) {
validS3Sink = true;
}
} else {
validS3Sink = true;
}
logger.info("validS3Sink = " + validS3Sink);
System.out.println("validS3Sink = " + validS3Sink);
}
Example #10
| Source File: TestS3FileSystem.java From dremio-oss with Apache License 2.0 | 4 votes |
|
private AccessControlList getAcl(final AmazonS3 s3Client) {
ArrayList<Grant> grantCollection = new ArrayList<>();
// Grant the account owner full control.
Grant grant1 = new Grant(new CanonicalGrantee(s3Client.getS3AccountOwner().getId()), Permission.FullControl);
grantCollection.add(grant1);
// Save grants by replacing all current ACL grants with the two we just created.
AccessControlList bucketAcl = new AccessControlList();
bucketAcl.grantAllPermissions(grantCollection.toArray(new Grant[0]));
return bucketAcl;
}
