Merge pull request #480 from dblock/put-object-acl

[storage|aws] extended put_object_acl and put_bucket_acl to support canned ACLs

lib/fog/aws/requests/storage/hash_to_acl.rb

@@ -0,0 +1,45 @@
+module Fog
+  module Storage
+    class AWS
+      private
+        def self.hash_to_acl(acl)
+          data =
+<<-DATA
+<AccessControlPolicy>
+  <Owner>
+    <ID>#{acl['Owner']['ID']}</ID>
+    <DisplayName>#{acl['Owner']['DisplayName']}</DisplayName>
+  </Owner>
+  <AccessControlList>
+DATA
+
+          acl['AccessControlList'].each do |grant|
+            data << "    <Grant>\n"
+            type = case grant['Grantee'].keys.sort
+            when ['DisplayName', 'ID']
+              'CanonicalUser'
+            when ['EmailAddress']
+              'AmazonCustomerByEmail'
+            when ['URI']
+              'Group'
+            end
+            data << "      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">\n"
+            for key, value in grant['Grantee']
+              data << "        <#{key}>#{value}</#{key}>\n"
+            end
+            data << "      </Grantee>\n"
+            data << "      <Permission>#{grant['Permission']}</Permission>\n"
+            data << "    </Grant>\n"
+          end
+          
+          data <<
+<<-DATA
+  </AccessControlList>
+</AccessControlPolicy>
+DATA
+          data
+        end
+    end
+  end      
+end
+

lib/fog/aws/requests/storage/put_bucket_acl.rb

@@ -3,6 +3,8 @@ module Fog
     class AWS
       class Real
 
+        require 'fog/aws/requests/storage/hash_to_acl'
+      
         # Change access control list for an S3 bucket
         #
         # ==== Parameters
@@ -20,57 +22,52 @@ module Fog
         #       or
         #         * 'URI'<~String> - URI of group to grant access for
         #     * Permission<~String> - Permission, in [FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP]
+        # * acl<~String> - Permissions, must be in ['private', 'public-read', 'public-read-write', 'authenticated-read']
         #
         # ==== See Also
         # http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTacl.html
 
         def put_bucket_acl(bucket_name, acl)
-          data =
-<<-DATA
-<AccessControlPolicy>
-  <Owner>
-    <ID>#{acl['Owner']['ID']}</ID>
-    <DisplayName>#{acl['Owner']['DisplayName']}</DisplayName>
-  </Owner>
-  <AccessControlList>
-DATA
-
-          acl['AccessControlList'].each do |grant|
-            data << "    <Grant>"
-            type = case grant['Grantee'].keys.sort
-            when ['DisplayName', 'ID']
-              'CanonicalUser'
-            when ['EmailAddress']
-              'AmazonCustomerByEmail'
-            when ['URI']
-              'Group'
+          data = ""
+          headers = {}
+          
+          if acl.is_a?(Hash)
+            data = Fog::Storage::AWS.hash_to_acl(acl)
+          else
+            if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
+              raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
             end
-            data << "      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">"
-            for key, value in grant['Grantee']
-              data << "        <#{key}>#{value}</#{key}>"
-            end
-            data << "      </Grantee>"
-            data << "      <Permission>#{grant['Permission']}</Permission>"
-            data << "    </Grant>"
+            headers['x-amz-acl'] = acl
           end
 
-          data <<
-<<-DATA
-  </AccessControlList>
-</AccessControlPolicy>
-DATA
+          headers['Content-MD5'] = Base64.encode64(Digest::MD5.digest(data)).strip
+          headers['Content-Type'] = 'application/json'
+          headers['Date'] = Fog::Time.now.to_date_header
 
           request({
             :body     => data,
             :expects  => 200,
-            :headers  => {},
+            :headers  => headers,
             :host     => "#{bucket_name}.#{@host}",
             :method   => 'PUT',
             :query    => {'acl' => nil}
           })
         end
-
       end
+        
+      class Mock
+        def put_bucket_acl(bucket_name, acl)
+          if acl.is_a?(Hash)
+            self.data[:acls][:bucket][bucket_name] = Fog::Storage::AWS.hash_to_acl(acl)
+          else
+            if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
+              raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
+            end
+            self.data[:acls][:bucket][bucket_name] = acl
+          end        
+        end
+      end
+
     end
   end
 end

lib/fog/aws/requests/storage/put_object_acl.rb

@@ -3,6 +3,8 @@ module Fog
     class AWS
       class Real
 
+        require 'fog/aws/requests/storage/hash_to_acl'
+
         # Change access control list for an S3 object
         #
         # ==== Parameters
@@ -21,6 +23,7 @@ module Fog
         #       or
         #         * 'URI'<~String> - URI of group to grant access for
         #     * Permission<~String> - Permission, in [FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP]
+        # * acl<~String> - Permissions, must be in ['private', 'public-read', 'public-read-write', 'authenticated-read']
         # * options<~Hash>:
         #   * 'versionId'<~String> - specify a particular version to retrieve
         #
@@ -32,54 +35,48 @@ module Fog
           if version_id = options.delete('versionId')
             query['versionId'] = version_id
           end
-
-          data =
-<<-DATA
-<AccessControlPolicy>
-  <Owner>
-    <ID>#{acl['Owner']['ID']}</ID>
-    <DisplayName>#{acl['Owner']['DisplayName']}</DisplayName>
-  </Owner>
-  <AccessControlList>
-DATA
-
-          acl['AccessControlList'].each do |grant|
-            data << "    <Grant>"
-            type = case grant['Grantee'].keys.sort
-            when ['DisplayName', 'ID']
-              'CanonicalUser'
-            when ['EmailAddress']
-              'AmazonCustomerByEmail'
-            when ['URI']
-              'Group'
+          
+          data = ""
+          headers = {}
+          
+          if acl.is_a?(Hash)
+            data = Fog::Storage::AWS.hash_to_acl(acl)
+          else
+            if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
+              raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
             end
-            data << "      <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">"
-            for key, value in grant['Grantee']
-              data << "        <#{key}>#{value}</#{key}>"
-            end
-            data << "      </Grantee>"
-            data << "      <Permission>#{grant['Permission']}</Permission>"
-            data << "    </Grant>"
+            headers['x-amz-acl'] = acl
           end
 
-          data <<
-<<-DATA
-  </AccessControlList>
-</AccessControlPolicy>
-DATA
-
+          headers['Content-MD5'] = Base64.encode64(Digest::MD5.digest(data)).strip
+          headers['Content-Type'] = 'application/json'
+          headers['Date'] = Fog::Time.now.to_date_header
+          
           request({
             :body     => data,
             :expects  => 200,
-            :headers  => {},
+            :headers  => headers,
             :host     => "#{bucket_name}.#{@host}",
             :method   => 'PUT',
             :path       => CGI.escape(object_name),
             :query    => query
           })
         end
-
       end
+      
+      class Mock
+        def put_object_acl(bucket_name, object_name, acl, options = {})
+          if acl.is_a?(Hash)
+            self.data[:acls][:object][bucket_name][object_name] = Fog::Storage::AWS.hash_to_acl(acl)
+          else
+            if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
+              raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
+            end
+            self.data[:acls][:object][bucket_name][object_name] = acl
+          end        
+        end
+      end
+
     end
   end
 end

tests/storage/requests/aws/bucket_tests.rb

@@ -128,6 +128,39 @@ Shindo.tests('Fog::Storage[:aws] | bucket requests', [:aws]) do
       Fog::Storage[:aws].delete_bucket('fogbuckettests')
     end
 
+    tests("#put_bucket_acl('fogbuckettests', 'private')").succeeds do
+      Fog::Storage[:aws].put_bucket_acl('fogbuckettests', 'private')
+    end
+
+    tests("#put_bucket_acl('fogbuckettests', hash)").returns(true) do
+      Fog::Storage[:aws].put_bucket_acl('fogbuckettests', {
+        'Owner' => { 'ID' => "8a6925ce4adf5f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
+        'AccessControlList' => [
+          { 
+            'Grantee' => { 'ID' => "8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" }, 
+            'Permission' => "FULL_CONTROL" 
+          }
+        ]
+      })
+      Fog::Storage[:aws].get_bucket_acl('fogbuckettests').body == <<-BODY
+<AccessControlPolicy>
+  <Owner>
+    <ID>8a6925ce4adf5f21c32aa379004fef</ID>
+    <DisplayName>mtd@amazon.com</DisplayName>
+  </Owner>
+  <AccessControlList>
+    <Grant>
+      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
+        <ID>8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef</ID>
+        <DisplayName>mtd@amazon.com</DisplayName>
+      </Grantee>
+      <Permission>FULL_CONTROL</Permission>
+    </Grant>
+  </AccessControlList>
+</AccessControlPolicy>
+BODY
+    end
+
   end
 
   tests('failure') do
@@ -162,6 +195,10 @@ Shindo.tests('Fog::Storage[:aws] | bucket requests', [:aws]) do
       Fog::Storage[:aws].put_request_payment('fognonbucket', 'Requester')
     end
 
+    tests("#put_bucket_acl('fognonbucket', 'invalid')").raises(Excon::Errors::BadRequest) do
+      Fog::Storage[:aws].put_bucket_acl('fognonbucket', 'invalid')
+    end
+
   end
 
 end

tests/storage/requests/aws/object_tests.rb

@@ -30,6 +30,38 @@ Shindo.tests('AWS::Storage | object requests', ['aws']) do
       Fog::Storage[:aws].head_object(@directory.identity, 'fog_object')
     end
 
+    tests("#put_object_acl('#{@directory.identity}', 'fog_object', 'private')").succeeds do
+      Fog::Storage[:aws].put_object_acl(@directory.identity, 'fog_object', 'private')
+    end
+
+    tests("#put_object_acl('#{@directory.identity}', 'fog_object', hash)").returns(true) do
+      Fog::Storage[:aws].put_object_acl(@directory.identity, 'fog_object', {
+        'Owner' => { 'ID' => "8a6925ce4adf5f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
+        'AccessControlList' => [
+          { 
+            'Grantee' => { 'ID' => "8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" }, 
+            'Permission' => "FULL_CONTROL" 
+          }
+        ]})
+      Fog::Storage[:aws].get_object_acl(@directory.identity, 'fog_object').body == <<-BODY
+<AccessControlPolicy>
+  <Owner>
+    <ID>8a6925ce4adf5f21c32aa379004fef</ID>
+    <DisplayName>mtd@amazon.com</DisplayName>
+  </Owner>
+  <AccessControlList>
+    <Grant>
+      <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
+        <ID>8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef</ID>
+        <DisplayName>mtd@amazon.com</DisplayName>
+      </Grantee>
+      <Permission>FULL_CONTROL</Permission>
+    </Grant>
+  </AccessControlList>
+</AccessControlPolicy>
+BODY
+    end
+
     tests("#delete_object('#{@directory.identity}', 'fog_object')").succeeds do
       Fog::Storage[:aws].delete_object(@directory.identity, 'fog_object')
     end
@@ -74,6 +106,10 @@ Shindo.tests('AWS::Storage | object requests', ['aws']) do
       Fog::Storage[:aws].delete_object('fognonbucket', 'fog_non_object')
     end
 
+    tests("#put_object_acl('#{@directory.identity}', 'fog_object', 'invalid')").raises(Excon::Errors::BadRequest) do
+      Fog::Storage[:aws].put_object_acl('#{@directory.identity}', 'fog_object', 'invalid')
+    end
+
   end
 
   @directory.destroy