mirror of
https://github.com/fog/fog.git
synced 2022-11-09 13:51:43 -05:00
Merge pull request #480 from dblock/put-object-acl
[storage|aws] extended put_object_acl and put_bucket_acl to support canned ACLs
This commit is contained in:
commit
33a3677369
5 changed files with 180 additions and 68 deletions
45
lib/fog/aws/requests/storage/hash_to_acl.rb
Normal file
45
lib/fog/aws/requests/storage/hash_to_acl.rb
Normal file
|
@ -0,0 +1,45 @@
|
|||
module Fog
|
||||
module Storage
|
||||
class AWS
|
||||
private
|
||||
def self.hash_to_acl(acl)
|
||||
data =
|
||||
<<-DATA
|
||||
<AccessControlPolicy>
|
||||
<Owner>
|
||||
<ID>#{acl['Owner']['ID']}</ID>
|
||||
<DisplayName>#{acl['Owner']['DisplayName']}</DisplayName>
|
||||
</Owner>
|
||||
<AccessControlList>
|
||||
DATA
|
||||
|
||||
acl['AccessControlList'].each do |grant|
|
||||
data << " <Grant>\n"
|
||||
type = case grant['Grantee'].keys.sort
|
||||
when ['DisplayName', 'ID']
|
||||
'CanonicalUser'
|
||||
when ['EmailAddress']
|
||||
'AmazonCustomerByEmail'
|
||||
when ['URI']
|
||||
'Group'
|
||||
end
|
||||
data << " <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">\n"
|
||||
for key, value in grant['Grantee']
|
||||
data << " <#{key}>#{value}</#{key}>\n"
|
||||
end
|
||||
data << " </Grantee>\n"
|
||||
data << " <Permission>#{grant['Permission']}</Permission>\n"
|
||||
data << " </Grant>\n"
|
||||
end
|
||||
|
||||
data <<
|
||||
<<-DATA
|
||||
</AccessControlList>
|
||||
</AccessControlPolicy>
|
||||
DATA
|
||||
data
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -3,6 +3,8 @@ module Fog
|
|||
class AWS
|
||||
class Real
|
||||
|
||||
require 'fog/aws/requests/storage/hash_to_acl'
|
||||
|
||||
# Change access control list for an S3 bucket
|
||||
#
|
||||
# ==== Parameters
|
||||
|
@ -20,57 +22,52 @@ module Fog
|
|||
# or
|
||||
# * 'URI'<~String> - URI of group to grant access for
|
||||
# * Permission<~String> - Permission, in [FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP]
|
||||
# * acl<~String> - Permissions, must be in ['private', 'public-read', 'public-read-write', 'authenticated-read']
|
||||
#
|
||||
# ==== See Also
|
||||
# http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUTacl.html
|
||||
|
||||
def put_bucket_acl(bucket_name, acl)
|
||||
data =
|
||||
<<-DATA
|
||||
<AccessControlPolicy>
|
||||
<Owner>
|
||||
<ID>#{acl['Owner']['ID']}</ID>
|
||||
<DisplayName>#{acl['Owner']['DisplayName']}</DisplayName>
|
||||
</Owner>
|
||||
<AccessControlList>
|
||||
DATA
|
||||
data = ""
|
||||
headers = {}
|
||||
|
||||
acl['AccessControlList'].each do |grant|
|
||||
data << " <Grant>"
|
||||
type = case grant['Grantee'].keys.sort
|
||||
when ['DisplayName', 'ID']
|
||||
'CanonicalUser'
|
||||
when ['EmailAddress']
|
||||
'AmazonCustomerByEmail'
|
||||
when ['URI']
|
||||
'Group'
|
||||
if acl.is_a?(Hash)
|
||||
data = Fog::Storage::AWS.hash_to_acl(acl)
|
||||
else
|
||||
if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
|
||||
raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
|
||||
end
|
||||
data << " <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">"
|
||||
for key, value in grant['Grantee']
|
||||
data << " <#{key}>#{value}</#{key}>"
|
||||
end
|
||||
data << " </Grantee>"
|
||||
data << " <Permission>#{grant['Permission']}</Permission>"
|
||||
data << " </Grant>"
|
||||
headers['x-amz-acl'] = acl
|
||||
end
|
||||
|
||||
data <<
|
||||
<<-DATA
|
||||
</AccessControlList>
|
||||
</AccessControlPolicy>
|
||||
DATA
|
||||
headers['Content-MD5'] = Base64.encode64(Digest::MD5.digest(data)).strip
|
||||
headers['Content-Type'] = 'application/json'
|
||||
headers['Date'] = Fog::Time.now.to_date_header
|
||||
|
||||
request({
|
||||
:body => data,
|
||||
:expects => 200,
|
||||
:headers => {},
|
||||
:headers => headers,
|
||||
:host => "#{bucket_name}.#{@host}",
|
||||
:method => 'PUT',
|
||||
:query => {'acl' => nil}
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def put_bucket_acl(bucket_name, acl)
|
||||
if acl.is_a?(Hash)
|
||||
self.data[:acls][:bucket][bucket_name] = Fog::Storage::AWS.hash_to_acl(acl)
|
||||
else
|
||||
if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
|
||||
raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
|
||||
end
|
||||
self.data[:acls][:bucket][bucket_name] = acl
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,6 +3,8 @@ module Fog
|
|||
class AWS
|
||||
class Real
|
||||
|
||||
require 'fog/aws/requests/storage/hash_to_acl'
|
||||
|
||||
# Change access control list for an S3 object
|
||||
#
|
||||
# ==== Parameters
|
||||
|
@ -21,6 +23,7 @@ module Fog
|
|||
# or
|
||||
# * 'URI'<~String> - URI of group to grant access for
|
||||
# * Permission<~String> - Permission, in [FULL_CONTROL, WRITE, WRITE_ACP, READ, READ_ACP]
|
||||
# * acl<~String> - Permissions, must be in ['private', 'public-read', 'public-read-write', 'authenticated-read']
|
||||
# * options<~Hash>:
|
||||
# * 'versionId'<~String> - specify a particular version to retrieve
|
||||
#
|
||||
|
@ -33,53 +36,47 @@ module Fog
|
|||
query['versionId'] = version_id
|
||||
end
|
||||
|
||||
data =
|
||||
<<-DATA
|
||||
<AccessControlPolicy>
|
||||
<Owner>
|
||||
<ID>#{acl['Owner']['ID']}</ID>
|
||||
<DisplayName>#{acl['Owner']['DisplayName']}</DisplayName>
|
||||
</Owner>
|
||||
<AccessControlList>
|
||||
DATA
|
||||
data = ""
|
||||
headers = {}
|
||||
|
||||
acl['AccessControlList'].each do |grant|
|
||||
data << " <Grant>"
|
||||
type = case grant['Grantee'].keys.sort
|
||||
when ['DisplayName', 'ID']
|
||||
'CanonicalUser'
|
||||
when ['EmailAddress']
|
||||
'AmazonCustomerByEmail'
|
||||
when ['URI']
|
||||
'Group'
|
||||
if acl.is_a?(Hash)
|
||||
data = Fog::Storage::AWS.hash_to_acl(acl)
|
||||
else
|
||||
if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
|
||||
raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
|
||||
end
|
||||
data << " <Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"#{type}\">"
|
||||
for key, value in grant['Grantee']
|
||||
data << " <#{key}>#{value}</#{key}>"
|
||||
end
|
||||
data << " </Grantee>"
|
||||
data << " <Permission>#{grant['Permission']}</Permission>"
|
||||
data << " </Grant>"
|
||||
headers['x-amz-acl'] = acl
|
||||
end
|
||||
|
||||
data <<
|
||||
<<-DATA
|
||||
</AccessControlList>
|
||||
</AccessControlPolicy>
|
||||
DATA
|
||||
headers['Content-MD5'] = Base64.encode64(Digest::MD5.digest(data)).strip
|
||||
headers['Content-Type'] = 'application/json'
|
||||
headers['Date'] = Fog::Time.now.to_date_header
|
||||
|
||||
request({
|
||||
:body => data,
|
||||
:expects => 200,
|
||||
:headers => {},
|
||||
:headers => headers,
|
||||
:host => "#{bucket_name}.#{@host}",
|
||||
:method => 'PUT',
|
||||
:path => CGI.escape(object_name),
|
||||
:query => query
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def put_object_acl(bucket_name, object_name, acl, options = {})
|
||||
if acl.is_a?(Hash)
|
||||
self.data[:acls][:object][bucket_name][object_name] = Fog::Storage::AWS.hash_to_acl(acl)
|
||||
else
|
||||
if !['private', 'public-read', 'public-read-write', 'authenticated-read'].include?(acl)
|
||||
raise Excon::Errors::BadRequest.new('invalid x-amz-acl')
|
||||
end
|
||||
self.data[:acls][:object][bucket_name][object_name] = acl
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -128,6 +128,39 @@ Shindo.tests('Fog::Storage[:aws] | bucket requests', [:aws]) do
|
|||
Fog::Storage[:aws].delete_bucket('fogbuckettests')
|
||||
end
|
||||
|
||||
tests("#put_bucket_acl('fogbuckettests', 'private')").succeeds do
|
||||
Fog::Storage[:aws].put_bucket_acl('fogbuckettests', 'private')
|
||||
end
|
||||
|
||||
tests("#put_bucket_acl('fogbuckettests', hash)").returns(true) do
|
||||
Fog::Storage[:aws].put_bucket_acl('fogbuckettests', {
|
||||
'Owner' => { 'ID' => "8a6925ce4adf5f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
|
||||
'AccessControlList' => [
|
||||
{
|
||||
'Grantee' => { 'ID' => "8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
|
||||
'Permission' => "FULL_CONTROL"
|
||||
}
|
||||
]
|
||||
})
|
||||
Fog::Storage[:aws].get_bucket_acl('fogbuckettests').body == <<-BODY
|
||||
<AccessControlPolicy>
|
||||
<Owner>
|
||||
<ID>8a6925ce4adf5f21c32aa379004fef</ID>
|
||||
<DisplayName>mtd@amazon.com</DisplayName>
|
||||
</Owner>
|
||||
<AccessControlList>
|
||||
<Grant>
|
||||
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
|
||||
<ID>8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef</ID>
|
||||
<DisplayName>mtd@amazon.com</DisplayName>
|
||||
</Grantee>
|
||||
<Permission>FULL_CONTROL</Permission>
|
||||
</Grant>
|
||||
</AccessControlList>
|
||||
</AccessControlPolicy>
|
||||
BODY
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
tests('failure') do
|
||||
|
@ -162,6 +195,10 @@ Shindo.tests('Fog::Storage[:aws] | bucket requests', [:aws]) do
|
|||
Fog::Storage[:aws].put_request_payment('fognonbucket', 'Requester')
|
||||
end
|
||||
|
||||
tests("#put_bucket_acl('fognonbucket', 'invalid')").raises(Excon::Errors::BadRequest) do
|
||||
Fog::Storage[:aws].put_bucket_acl('fognonbucket', 'invalid')
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -30,6 +30,38 @@ Shindo.tests('AWS::Storage | object requests', ['aws']) do
|
|||
Fog::Storage[:aws].head_object(@directory.identity, 'fog_object')
|
||||
end
|
||||
|
||||
tests("#put_object_acl('#{@directory.identity}', 'fog_object', 'private')").succeeds do
|
||||
Fog::Storage[:aws].put_object_acl(@directory.identity, 'fog_object', 'private')
|
||||
end
|
||||
|
||||
tests("#put_object_acl('#{@directory.identity}', 'fog_object', hash)").returns(true) do
|
||||
Fog::Storage[:aws].put_object_acl(@directory.identity, 'fog_object', {
|
||||
'Owner' => { 'ID' => "8a6925ce4adf5f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
|
||||
'AccessControlList' => [
|
||||
{
|
||||
'Grantee' => { 'ID' => "8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef", 'DisplayName' => "mtd@amazon.com" },
|
||||
'Permission' => "FULL_CONTROL"
|
||||
}
|
||||
]})
|
||||
Fog::Storage[:aws].get_object_acl(@directory.identity, 'fog_object').body == <<-BODY
|
||||
<AccessControlPolicy>
|
||||
<Owner>
|
||||
<ID>8a6925ce4adf5f21c32aa379004fef</ID>
|
||||
<DisplayName>mtd@amazon.com</DisplayName>
|
||||
</Owner>
|
||||
<AccessControlList>
|
||||
<Grant>
|
||||
<Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
|
||||
<ID>8a6925ce4adf588a4532142d3f74dd8c71fa124b1ddee97f21c32aa379004fef</ID>
|
||||
<DisplayName>mtd@amazon.com</DisplayName>
|
||||
</Grantee>
|
||||
<Permission>FULL_CONTROL</Permission>
|
||||
</Grant>
|
||||
</AccessControlList>
|
||||
</AccessControlPolicy>
|
||||
BODY
|
||||
end
|
||||
|
||||
tests("#delete_object('#{@directory.identity}', 'fog_object')").succeeds do
|
||||
Fog::Storage[:aws].delete_object(@directory.identity, 'fog_object')
|
||||
end
|
||||
|
@ -74,6 +106,10 @@ Shindo.tests('AWS::Storage | object requests', ['aws']) do
|
|||
Fog::Storage[:aws].delete_object('fognonbucket', 'fog_non_object')
|
||||
end
|
||||
|
||||
tests("#put_object_acl('#{@directory.identity}', 'fog_object', 'invalid')").raises(Excon::Errors::BadRequest) do
|
||||
Fog::Storage[:aws].put_object_acl('#{@directory.identity}', 'fog_object', 'invalid')
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@directory.destroy
|
||||
|
|
Loading…
Reference in a new issue