From 10b2d5e06b65efcf9d01e82ace7fdfb3bd2f24fb Mon Sep 17 00:00:00 2001 From: Nicolas JUHEL Date: Thu, 13 Jan 2022 16:35:49 +0100 Subject: [PATCH] - Add Bucket ACL - Add Sub method for Set Bucket ACL to simplify small call --- aws/bucket/acl.go | 137 ++++++++++++++++++++++++++++++++++++++++ aws/bucket/interface.go | 5 ++ 2 files changed, 142 insertions(+) create mode 100644 aws/bucket/acl.go diff --git a/aws/bucket/acl.go b/aws/bucket/acl.go new file mode 100644 index 00000000..15369160 --- /dev/null +++ b/aws/bucket/acl.go @@ -0,0 +1,137 @@ +/* + * MIT License + * + * Copyright (c) 2020 Nicolas JUHEL + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + */ + +package bucket + +import ( + adkaws "github.com/aws/aws-sdk-go-v2/aws" + sdksss "github.com/aws/aws-sdk-go-v2/service/s3" + sdkstp "github.com/aws/aws-sdk-go-v2/service/s3/types" + libhlp "github.com/nabbar/golib/aws/helper" + liberr "github.com/nabbar/golib/errors" +) + +type ACLHeader uint8 + +const ( + ACLHeaderFullControl ACLHeader = iota + 1 + ACLHeaderWrite + ACLHeaderRead + ACLHeaderWriteACP + ACLHeaderReadACP +) + +type ACLHeaders map[ACLHeader]string + +// for GetACL +// see : https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html + +func (cli *client) GetACL() (*sdkstp.AccessControlPolicy, liberr.Error) { + out, err := cli.s3.GetBucketAcl(cli.GetContext(), &sdksss.GetBucketAclInput{ + Bucket: cli.GetBucketAws(), + }) + + res := &sdkstp.AccessControlPolicy{ + Owner: &sdkstp.Owner{ + DisplayName: nil, + ID: nil, + }, + Grants: make([]sdkstp.Grant, 0), + } + + if err != nil { + return nil, cli.GetError(err) + } else if out == nil { + return nil, libhlp.ErrorResponse.Error(nil) + } else if out.Owner == nil || out.Grants == nil || len(out.Grants) < 1 { + return res, nil + } + + res.Owner = out.Owner + res.Grants = out.Grants + + // MarshalValue always return error as nil + return res, nil +} + +// for SetACL +//example value : emailAddress="xyz@amazon.com" +//example value : uri="http://acs.amazonaws.com/groups/global/AllUsers" +//example value : uri="http://acs.amazonaws.com/groups/s3/LogDelivery", emailAddress="xyz@amazon.com" +// for more info, see : https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html#API_PutBucketAcl_RequestSyntax + +func (cli *client) SetACL(ACP *sdkstp.AccessControlPolicy, cannedACL sdkstp.BucketCannedACL, header ACLHeaders) liberr.Error { + in := &sdksss.PutBucketAclInput{ + Bucket: cli.GetBucketAws(), + } + + return cli.setACLInput(in, ACP, cannedACL, header) +} + +func (cli *client) SetACLPolicy(ACP *sdkstp.AccessControlPolicy) liberr.Error { + in := &sdksss.PutBucketAclInput{ + Bucket: cli.GetBucketAws(), + } + + return cli.setACLInput(in, ACP, "", nil) +} + +func (cli *client) SetACLHeader(cannedACL sdkstp.BucketCannedACL, header ACLHeaders) liberr.Error { + in := &sdksss.PutBucketAclInput{ + Bucket: cli.GetBucketAws(), + } + + return cli.setACLInput(in, nil, cannedACL, header) +} + +func (cli *client) setACLInput(in *sdksss.PutBucketAclInput, ACP *sdkstp.AccessControlPolicy, cannedACL sdkstp.BucketCannedACL, header ACLHeaders) liberr.Error { + if ACP != nil { + in.AccessControlPolicy = ACP + } + + if cannedACL != "" { + in.ACL = cannedACL + } + + if header != nil { + for k, v := range header { + switch k { + case ACLHeaderFullControl: + in.GrantFullControl = adkaws.String(v) + case ACLHeaderRead: + in.GrantRead = adkaws.String(v) + case ACLHeaderWrite: + in.GrantWrite = adkaws.String(v) + case ACLHeaderReadACP: + in.GrantReadACP = adkaws.String(v) + case ACLHeaderWriteACP: + in.GrantWriteACP = adkaws.String(v) + } + } + } + + _, err := cli.s3.PutBucketAcl(cli.GetContext(), in) + return cli.GetError(err) +} diff --git a/aws/bucket/interface.go b/aws/bucket/interface.go index d7bcb35d..7b554dfb 100644 --- a/aws/bucket/interface.go +++ b/aws/bucket/interface.go @@ -62,6 +62,11 @@ type Bucket interface { SetCORS(cors []sdkstp.CORSRule) liberr.Error GetCORS() ([]sdkstp.CORSRule, liberr.Error) + + GetACL() (*sdkstp.AccessControlPolicy, liberr.Error) + SetACL(ACP *sdkstp.AccessControlPolicy, cannedACL sdkstp.BucketCannedACL, header ACLHeaders) liberr.Error + SetACLPolicy(ACP *sdkstp.AccessControlPolicy) liberr.Error + SetACLHeader(cannedACL sdkstp.BucketCannedACL, header ACLHeaders) liberr.Error } func New(ctx context.Context, bucket, region string, iam *sdkiam.Client, s3 *sdksss.Client) Bucket {