@Override public void init(Configuration conf, String keyPrefix) { bucketName = conf.get(keyPrefix + S3_BUCKET_NAME); String endpoint = conf.get(keyPrefix + S3_ENDPOINT_NAME); String key = conf.get(keyPrefix + S3_ACCESS_KEY); String secret = conf.get(keyPrefix + S3_ACCESS_SECRET); System.setProperty(SDKGlobalConfiguration.ACCESS_KEY_SYSTEM_PROPERTY, key); System.setProperty(SDKGlobalConfiguration.SECRET_KEY_SYSTEM_PROPERTY, secret); AWSCredentialsProvider provider = new SystemPropertiesCredentialsProvider(); client = new AmazonS3Client(provider); client.setEndpoint(endpoint); override = conf.getBoolean(keyPrefix + "override", true); acls = new AccessControlList(); acls.grantPermission(GroupGrantee.AllUsers, Permission.FullControl); acls.grantPermission(GroupGrantee.AllUsers, Permission.Read); acls.grantPermission(GroupGrantee.AllUsers, Permission.Write); }
public static void setBucketAcl(String bucket_name, String email, String access) { System.out.format("Setting %s access for %s\n", access, email); System.out.println("on bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { // get the current ACL AccessControlList acl = s3.getBucketAcl(bucket_name); // set access for the grantee EmailAddressGrantee grantee = new EmailAddressGrantee(email); Permission permission = Permission.valueOf(access); acl.grantPermission(grantee, permission); s3.setBucketAcl(bucket_name, acl); } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
public static void setObjectAcl(String bucket_name, String object_key, String email, String access) { System.out.format("Setting %s access for %s\n", access, email); System.out.println("for object: " + object_key); System.out.println(" in bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { // get the current ACL AccessControlList acl = s3.getObjectAcl(bucket_name, object_key); // set access for the grantee EmailAddressGrantee grantee = new EmailAddressGrantee(email); Permission permission = Permission.valueOf(access); acl.grantPermission(grantee, permission); s3.setObjectAcl(bucket_name, object_key, acl); } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
@Test public void testPut() { ModelBucket bucket = getService(ModelBucket.class); InputStream stream = new ByteArrayInputStream("file content".getBytes()); ArgumentCaptor<PutObjectRequest> requestCaptor = ArgumentCaptor.forClass(PutObjectRequest.class); PutObjectResult expected = new PutObjectResult(); when(amazonS3Client.putObject(requestCaptor.capture())).thenReturn(expected); assertEquals(expected, bucket.put("path", stream, 12L)); PutObjectRequest request = requestCaptor.getValue(); assertEquals("model-bucket", request.getBucketName()); assertEquals("path", request.getKey()); assertEquals(stream, request.getInputStream()); assertEquals(12L, request.getMetadata().getContentLength()); List<Grant> grants = request.getAccessControlList().getGrantsAsList(); assertEquals(1, grants.size()); assertEquals(GroupGrantee.AllUsers, grants.get(0).getGrantee()); assertEquals(Permission.Read, grants.get(0).getPermission()); }
static public void uploadToAmazonS3(HttpSession session, File fileToUpload) throws S3Exception { try { AmazonS3 s3client = getS3(); String bucketName = getDownloadS3Bucket(); if(!s3client.doesBucketExist(bucketName)) SagLogger.logError(session, "Does not exist? S3 Bucket :" + bucketName); AccessControlList acl = new AccessControlList(); acl.grantPermission(GroupGrantee.AllUsers, Permission.Read); s3client.putObject(new PutObjectRequest(bucketName, getAPKDownloadFilePathWithFile(fileToUpload.getName()), fileToUpload).withAccessControlList(acl)); SagLogger.logInfo(session, "Finished uploading to S3"); } catch (Exception e) { SagLogger.logException(session, e); throw new S3Exception(e); } }
@Override public boolean hasFullControlPermission(final String bucketName) throws AmazonClientException, AmazonServiceException, AmazonS3Exception { LOGGER.info("Checking full controll permission on bucket.."); boolean hasFullControl = false; final AccessControlList acl = getBucketAccessControlList(bucketName); final List<Grant> grantList = acl.getGrantsAsList(); for (final Grant grant : grantList) { if(Permission.FullControl.equals(grant.getPermission())){ hasFullControl = true; LOGGER.info("Permissions validated, hasFullControl: {}", hasFullControl); break; } } return hasFullControl; }
@Override public boolean checkBucketPermission(final String bucketName, final Permission permission) throws AmazonClientException, AmazonServiceException, AmazonS3Exception { LOGGER.info("Checking bucket permission.."); boolean hasPermission = false; final AccessControlList acl = getBucketAccessControlList(bucketName); final List<Grant> grantList = acl.getGrantsAsList(); for (final Grant grant : grantList) { if(permission.equals(grant.getPermission())){ hasPermission = true; LOGGER.info("Permissions validated,hasPermission: {}",hasPermission); break; } } return hasPermission; }
@Override public boolean checkObjectPermission(final String bucketName, final String key, final Permission permission) throws AmazonClientException, AmazonServiceException, AmazonS3Exception { LOGGER.info("Checking object permission.."); boolean hasPermission = false; final AccessControlList objectAcl = s3client.getObjectAcl(bucketName, key); final List<Grant> grantList = objectAcl.getGrantsAsList(); for (final Grant grant : grantList) { if(permission.equals(grant.getPermission())){ hasPermission = true; LOGGER.info("Permissions validated,hasPermission: {}",hasPermission); break; } } return hasPermission; }
/** * Test method for {@link com.github.abhinavmishra14.aws.s3.service.AwsS3IamService#getBucketPermissions(java.lang.String)}. * * @throws Exception the exception */ @Test public void testGetBucketPermissions() throws Exception{ //Create bucket for test awsS3IamService.createBucket(AWS_S3_BUCKET); List<Grant> bucketAcl = awsS3IamService.getBucketPermissions(AWS_S3_BUCKET); assertEquals(true, Permission.FullControl.equals(bucketAcl.get(0).getPermission())); }
@Test public void testUpdateBlobXmlAcls() throws Exception { assumeTrue(!Quirks.NO_BLOB_ACCESS_CONTROL.contains(blobStoreType)); String blobName = "testUpdateBlobXmlAcls-blob"; ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(BYTE_SOURCE.size()); client.putObject(containerName, blobName, BYTE_SOURCE.openStream(), metadata); AccessControlList acl = client.getObjectAcl(containerName, blobName); acl.grantPermission(GroupGrantee.AllUsers, Permission.Read); client.setObjectAcl(containerName, blobName, acl); assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl); acl.revokeAllPermissions(GroupGrantee.AllUsers); client.setObjectAcl(containerName, blobName, acl); assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl); acl.grantPermission(GroupGrantee.AllUsers, Permission.Write); try { client.setObjectAcl(containerName, blobName, acl); Fail.failBecauseExceptionWasNotThrown(AmazonS3Exception.class); } catch (AmazonS3Exception e) { assertThat(e.getErrorCode()).isEqualTo("NotImplemented"); } }
@Override public boolean isPublicEntity(String bucketName, String keyName) { LOG.info("Gets the AccessControlList (ACL) for the specified object " + keyName + " in the specified bucket " + bucketName); final String GROUPS_USERS = "http://acs.amazonaws.com/groups/global/AllUsers"; try { AccessControlList accessControlList = amazonS3Client.getObjectAcl(bucketName, keyName); for (Iterator<Grant> iterator = accessControlList.getGrants().iterator(); iterator.hasNext();) { Grant grant = iterator.next(); if (grant.getPermission().equals(Permission.Read) && grant.getGrantee().getIdentifier().equals(GROUPS_USERS)) { return true; } } } catch (AmazonServiceException ase) { LOG.warn(ase.getMessage(), ase); } catch (AmazonClientException ace) { LOG.warn(ace.getMessage(), ace); } return false; }
/** * Sets the access control headers for the request given. */ private static void addAclHeaders(Request<? extends AmazonWebServiceRequest> request, AccessControlList acl) { List<Grant> grants = acl.getGrantsAsList(); Map<Permission, Collection<Grantee>> grantsByPermission = new HashMap<Permission, Collection<Grantee>>(); for ( Grant grant : grants ) { if ( !grantsByPermission.containsKey(grant.getPermission()) ) { grantsByPermission.put(grant.getPermission(), new LinkedList<Grantee>()); } grantsByPermission.get(grant.getPermission()).add(grant.getGrantee()); } for ( Permission permission : Permission.values() ) { if ( grantsByPermission.containsKey(permission) ) { Collection<Grantee> grantees = grantsByPermission.get(permission); boolean seenOne = false; StringBuilder granteeString = new StringBuilder(); for ( Grantee grantee : grantees ) { if ( !seenOne ) seenOne = true; else granteeString.append(", "); granteeString.append(grantee.getTypeIdentifier()).append("=").append("\"") .append(grantee.getIdentifier()).append("\""); } request.addHeader(permission.getHeaderName(), granteeString.toString()); } } }
public Object put(String path, InputStream fileInputStream, Long contentLenght) { if (contentLenght == null || contentLenght <= 0) { FindContentLengthResult result = findContentLength(fileInputStream); contentLenght = result.getContentLength(); fileInputStream = result.getFileInputStream(); } ObjectMetadata meta = new ObjectMetadata(); meta.setContentLength(contentLenght); AccessControlList acl = new AccessControlList(); acl.grantPermission(GroupGrantee.AllUsers, Permission.Read); return amazonS3Client.putObject(new PutObjectRequest(getBucketName(), path, fileInputStream, meta).withAccessControlList(acl)); }
@Test public void testPutWithoutContentLenght() { ModelBucket bucket = getService(ModelBucket.class); InputStream stream = new ByteArrayInputStream("file content".getBytes()); ArgumentCaptor<PutObjectRequest> requestCaptor = ArgumentCaptor.forClass(PutObjectRequest.class); PutObjectResult expected = new PutObjectResult(); when(amazonS3Client.putObject(requestCaptor.capture())).thenReturn(expected); assertEquals(expected, bucket.put("path", stream, null)); PutObjectRequest request = requestCaptor.getValue(); Scanner scanner = new Scanner(request.getInputStream()); assertEquals("model-bucket", request.getBucketName()); assertEquals("path", request.getKey()); assertEquals("file content", scanner.useDelimiter("\\A").next()); assertEquals(12L, request.getMetadata().getContentLength()); List<Grant> grants = request.getAccessControlList().getGrantsAsList(); assertEquals(1, grants.size()); assertEquals(GroupGrantee.AllUsers, grants.get(0).getGrantee()); assertEquals(Permission.Read, grants.get(0).getPermission()); scanner.close(); }
/** * Test method for {@link com.github.abhinavmishra14.aws.s3.service.AwsS3IamService#checkBucketPermission(java.lang.String,com.amazonaws.services.s3.model.Permission)}. * * @throws Exception the exception */ @Test public void testCheckBucketPermission() throws Exception { awsS3IamService.createBucket(AWS_S3_BUCKET);//create bucket for test boolean checkPermission = awsS3IamService.checkBucketPermission(AWS_S3_BUCKET,Permission.FullControl); assertEquals(true, checkPermission); }
/** * Test method for {@link com.github.abhinavmishra14.aws.s3.service.AwsS3IamService#checkObjectPermission(java.lang.String,java.lang.String,com.amazonaws.services.s3.model.Permission)}. * * @throws Exception the exception */ @Test public void testCheckObjectPermission() throws Exception { awsS3IamService.createBucket(AWS_S3_BUCKET);//create bucket for test uploadObjectForTest(AWSUtilConstants.SAMPLE_FILE_NAME);// upload for test boolean checkPermission = awsS3IamService.checkObjectPermission(AWS_S3_BUCKET, AWSUtilConstants.SAMPLE_FILE_NAME, Permission.FullControl); assertEquals(true, checkPermission); }
@Override public void prepareCommit() throws Exception { logger.info("prepareCommit"); if (!validS3Sink) { // check if bucket exist if (!s3Client.doesBucketExist(bucketName)) { System.out.println("bucket does not exist."); logger.info("Bucket does not Exist"); s3Client.createBucket(bucketName); } logger.info("Bucket Exist"); /* * BucketVersioningConfiguration configuration = new * BucketVersioningConfiguration( bucketVersionConfig); * SetBucketVersioningConfigurationRequest request = new * SetBucketVersioningConfigurationRequest( bucketName, configuration); * s3Client.setBucketVersioningConfiguration(request); */ AccessControlList acl = s3Client.getBucketAcl(bucketName); List<Permission> permissions = new ArrayList<Permission>(); for (Grant grant : acl.getGrants()) { permissions.add(grant.getPermission()); } if (permissions.contains(Permission.FullControl) || permissions.contains(Permission.Write)) { validS3Sink = true; } } else { validS3Sink = true; } logger.info("validS3Sink = " + validS3Sink); System.out.println("validS3Sink = " + validS3Sink); }
@Override public AccessControlList getBucketAcl(String bucketName) throws AmazonClientException, AmazonServiceException { throwException(getBucketAclException); AccessControlList acl = new AccessControlList(); acl.grantPermission(GroupGrantee.AllUsers, Permission.FullControl); return acl; }
public void deploy(AwsKeyPair keyPair, String region, String inputDirectory, final String bucketName, final String outputBasePath, Proxy proxy) { final AWSCredentialsProvider credentials = new AWSStaticCredentialsProvider( new BasicAWSCredentials(keyPair.key, keyPair.secret)); ClientConfiguration cc = Util.createConfiguration(proxy); final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withCredentials(credentials).withClientConfiguration(cc) .withRegion(region).build(); if (inputDirectory == null) { throw new RuntimeException("must specify inputDirectory parameter in configuration"); } final Path root = new File(inputDirectory).toPath().toAbsolutePath(); try { Files.walkFileTree(root, new SimpleFileVisitor<Path>() { @Override public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException { AccessControlList acl = new AccessControlList(); acl.grantPermission(GroupGrantee.AllUsers, Permission.Read); String relativePath = root.relativize(file.toAbsolutePath()).toString(); String objectName; if (outputBasePath != null) { objectName = outputBasePath + "/" + relativePath; } else { objectName = relativePath; } log.info("uploading " + file.toFile() + " to " + bucketName + ":" + objectName); PutObjectRequest req = new PutObjectRequest(bucketName, objectName, file.toFile()) // .withAccessControlList(acl); s3.putObject(req); return FileVisitResult.CONTINUE; } }); log.info("uploaded files"); } catch (IOException e) { throw new RuntimeException(e); } }
/** * Check bucket permission.<br/> * If access to the given bucket is not valid then 'AccessDenied' error will be raised.<br/> * Read ACP permission should be available to user who is trying to check permission on bucket. * * @param bucketName the bucket name * @param permission the permission * @return true, if successful * @throws AmazonClientException the amazon client exception * @throws AmazonServiceException the amazon service exception * @throws AmazonS3Exception the amazon s3 exception * @see <a href="http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions">Permissions</a> */ boolean checkBucketPermission(final String bucketName,final Permission permission) throws AmazonClientException, AmazonServiceException, AmazonS3Exception;
/** * Check object permission.<br/> * If object is not available in given bucket, an exception will be thrown * * @param bucketName the bucket name * @param key the full path of object in given bucket * @param permission the permission * @return true, if successful * @throws AmazonClientException the amazon client exception * @throws AmazonServiceException the amazon service exception * @throws AmazonS3Exception the amazon s3 exception * @see <a href="http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions">Permissions</a> */ boolean checkObjectPermission(final String bucketName, final String key, final Permission permission) throws AmazonClientException, AmazonServiceException, AmazonS3Exception;
