Merge pull request #115 from nabbar/aws_bucket_acl

Package AWS : Bucket ACL
nabbar · Jan 13, 2022 · b95e1a6 · b95e1a6
2 parents 726807c + 10b2d5e
commit b95e1a6
Show file tree

Hide file tree

Showing 2 changed files with 142 additions and 0 deletions.
diff --git a/aws/bucket/acl.go b/aws/bucket/acl.go
@@ -0,0 +1,137 @@
+/*
+ *  MIT License
+ *
+ *  Copyright (c) 2020 Nicolas JUHEL
+ *
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy
+ *  of this software and associated documentation files (the "Software"), to deal
+ *  in the Software without restriction, including without limitation the rights
+ *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the Software is
+ *  furnished to do so, subject to the following conditions:
+ *
+ *  The above copyright notice and this permission notice shall be included in all
+ *  copies or substantial portions of the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ *  SOFTWARE.
+ *
+ */
+
+package bucket
+
+import (
+	adkaws "github.com/aws/aws-sdk-go-v2/aws"
+	sdksss "github.com/aws/aws-sdk-go-v2/service/s3"
+	sdkstp "github.com/aws/aws-sdk-go-v2/service/s3/types"
+	libhlp "github.com/nabbar/golib/aws/helper"
+	liberr "github.com/nabbar/golib/errors"
+)
+
+type ACLHeader uint8
+
+const (
+	ACLHeaderFullControl ACLHeader = iota + 1
+	ACLHeaderWrite
+	ACLHeaderRead
+	ACLHeaderWriteACP
+	ACLHeaderReadACP
+)
+
+type ACLHeaders map[ACLHeader]string
+
+// for GetACL
+// see : https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
+
+func (cli *client) GetACL() (*sdkstp.AccessControlPolicy, liberr.Error) {
+	out, err := cli.s3.GetBucketAcl(cli.GetContext(), &sdksss.GetBucketAclInput{
+		Bucket: cli.GetBucketAws(),
+	})
+
+	res := &sdkstp.AccessControlPolicy{
+		Owner: &sdkstp.Owner{
+			DisplayName: nil,
+			ID:          nil,
+		},
+		Grants: make([]sdkstp.Grant, 0),
+	}
+
+	if err != nil {
+		return nil, cli.GetError(err)
+	} else if out == nil {
+		return nil, libhlp.ErrorResponse.Error(nil)
+	} else if out.Owner == nil || out.Grants == nil || len(out.Grants) < 1 {
+		return res, nil
+	}
+
+	res.Owner = out.Owner
+	res.Grants = out.Grants
+
+	// MarshalValue always return error as nil
+	return res, nil
+}
+
+// for SetACL
+//example value : emailAddress="[email protected]"
+//example value : uri="http://acs.amazonaws.com/groups/global/AllUsers"
+//example value : uri="http://acs.amazonaws.com/groups/s3/LogDelivery", emailAddress="[email protected]"
+// for more info, see : https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html#API_PutBucketAcl_RequestSyntax
+
+func (cli *client) SetACL(ACP *sdkstp.AccessControlPolicy, cannedACL sdkstp.BucketCannedACL, header ACLHeaders) liberr.Error {
+	in := &sdksss.PutBucketAclInput{
+		Bucket: cli.GetBucketAws(),
+	}
+
+	return cli.setACLInput(in, ACP, cannedACL, header)
+}
+
+func (cli *client) SetACLPolicy(ACP *sdkstp.AccessControlPolicy) liberr.Error {
+	in := &sdksss.PutBucketAclInput{
+		Bucket: cli.GetBucketAws(),
+	}
+
+	return cli.setACLInput(in, ACP, "", nil)
+}
+
+func (cli *client) SetACLHeader(cannedACL sdkstp.BucketCannedACL, header ACLHeaders) liberr.Error {
+	in := &sdksss.PutBucketAclInput{
+		Bucket: cli.GetBucketAws(),
+	}
+
+	return cli.setACLInput(in, nil, cannedACL, header)
+}
+
+func (cli *client) setACLInput(in *sdksss.PutBucketAclInput, ACP *sdkstp.AccessControlPolicy, cannedACL sdkstp.BucketCannedACL, header ACLHeaders) liberr.Error {
+	if ACP != nil {
+		in.AccessControlPolicy = ACP
+	}
+
+	if cannedACL != "" {
+		in.ACL = cannedACL
+	}
+
+	if header != nil {
+		for k, v := range header {
+			switch k {
+			case ACLHeaderFullControl:
+				in.GrantFullControl = adkaws.String(v)
+			case ACLHeaderRead:
+				in.GrantRead = adkaws.String(v)
+			case ACLHeaderWrite:
+				in.GrantWrite = adkaws.String(v)
+			case ACLHeaderReadACP:
+				in.GrantReadACP = adkaws.String(v)
+			case ACLHeaderWriteACP:
+				in.GrantWriteACP = adkaws.String(v)
+			}
+		}
+	}
+
+	_, err := cli.s3.PutBucketAcl(cli.GetContext(), in)
+	return cli.GetError(err)
+}
diff --git a/aws/bucket/interface.go b/aws/bucket/interface.go
@@ -62,6 +62,11 @@ type Bucket interface {
 
 	SetCORS(cors []sdkstp.CORSRule) liberr.Error
 	GetCORS() ([]sdkstp.CORSRule, liberr.Error)
+
+	GetACL() (*sdkstp.AccessControlPolicy, liberr.Error)
+	SetACL(ACP *sdkstp.AccessControlPolicy, cannedACL sdkstp.BucketCannedACL, header ACLHeaders) liberr.Error
+	SetACLPolicy(ACP *sdkstp.AccessControlPolicy) liberr.Error
+	SetACLHeader(cannedACL sdkstp.BucketCannedACL, header ACLHeaders) liberr.Error
 }
 
 func New(ctx context.Context, bucket, region string, iam *sdkiam.Client, s3 *sdksss.Client) Bucket {