com.amazonaws.services.s3.model.Grant Java Examples

The following examples show how to use com.amazonaws.services.s3.model.Grant. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: S3GlobalAccessAutoFix.java    From pacbot with Apache License 2.0 6 votes vote down vote up
@Override
public boolean backupExistingConfigForResource(final String resourceId, final String resourceType,
        Map<String, Object> clientMap, Map<String, String> ruleParams,Map<String, String> issue) throws AutoFixException {
    LOGGER.debug(String.format("backing up the config for %s" , resourceId));
    AmazonS3 client = (AmazonS3) clientMap.get("client");
    Gson gson = new Gson();
    AccessControlList bucketAcl = client.getBucketAcl(resourceId);
    List<Grant> grants = bucketAcl.getGrantsAsList();
    String oldConfig = gson.toJson(grants);
    backupOldConfig(resourceId, BUCKET_ACL, oldConfig);
    BucketPolicy bucketPolicy = client.getBucketPolicy(resourceId);
    if (!Strings.isNullOrEmpty(bucketPolicy.getPolicyText())) {
        backupOldConfig(resourceId, BUCKET_POLICY, bucketPolicy.getPolicyText());
    }
    LOGGER.debug("backup complete for " + resourceId);
    return true;
}
 
Example #2
Source File: S3PacbotUtils.java    From pacbot with Apache License 2.0 6 votes vote down vote up
/**
 * This method is to check whether s3 bucket has read/write/full control
 * 
 * @param grants
 * @param accessTypeToCheck
 * @return List<Permission>, if permissions found else empty
 */
private static Set<Permission> checkAnyGrantHasOpenToReadOrWriteAccess(List<Grant> grants, String accessTypeToCheck) {

	Set<Permission> permissions = new HashSet();
	for (Grant grant : grants) {
		if ((PacmanRuleConstants.ANY_S3_AUTHENTICATED_USER_URI
				.equalsIgnoreCase(grant.getGrantee().getIdentifier()) || PacmanRuleConstants.ALL_S3_USER_URI
				.equalsIgnoreCase(grant.getGrantee().getIdentifier()))

				&&

				(accessTypeToCheck.contains(grant.getPermission()
						.toString()) || grant.getPermission().toString()
						.equalsIgnoreCase(PacmanRuleConstants.FULL_CONTROL))) {
			permissions.add(grant.getPermission());
		}
	}
	return permissions;
}
 
Example #3
Source File: S3PacbotUtils.java    From pacbot with Apache License 2.0 6 votes vote down vote up
/**
 * @param awsS3Client
 * @param s3BucketName
 * @param accessType
 * @return
 */
public static Set<Permission> checkACLPermissions(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
	AccessControlList bucketAcl;
	Set<Permission> permissionList = new HashSet<>();
	try {
		bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
		List<Grant> grants = bucketAcl.getGrantsAsList();
		if (!CollectionUtils.isNullOrEmpty(grants)) {
			permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
		}
	} catch (AmazonS3Exception s3Exception) {
		logger.error("error : ", s3Exception);
		throw new RuleExecutionFailedExeption(s3Exception.getMessage());
	}
	return permissionList;
}
 
Example #4
Source File: PacmanUtils.java    From pacbot with Apache License 2.0 6 votes vote down vote up
public static boolean checkACLAccess(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
    logger.info("inside the checkACLAccess method");
    Boolean openAcces = false;
    AccessControlList bucketAcl;
    List<Permission> permissionList = null;
    try {
        bucketAcl = awsS3Client.getBucketAcl(s3BucketName);

        List<Grant> grants = bucketAcl.getGrantsAsList();

        // Check grants has which permission
        if (!CollectionUtils.isNullOrEmpty(grants)) {

            permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
            if (!CollectionUtils.isNullOrEmpty(permissionList)) {
                openAcces = true;
            }
        }

    } catch (AmazonS3Exception s3Exception) {
        logger.error("error : ", s3Exception);
        throw new RuleExecutionFailedExeption(s3Exception.getMessage());
    }
    return openAcces;
}
 
Example #5
Source File: PacmanUtils.java    From pacbot with Apache License 2.0 6 votes vote down vote up
/**
 * This method is to check whether s3 bucket has read/write/full control
 * 
 * @param grants
 * @param accessTypeToCheck
 * @return List<Permission>, if permissions found else empty
 */
private static List<Permission> checkAnyGrantHasOpenToReadOrWriteAccess(List<Grant> grants, String accessTypeToCheck) {

    List<Permission> permissions = new ArrayList<>();
    for (Grant grant : grants) {
        if ((PacmanRuleConstants.ANY_S3_AUTHENTICATED_USER_URI.equalsIgnoreCase(grant.getGrantee().getIdentifier()) || PacmanRuleConstants.ALL_S3_USER_URI
                .equalsIgnoreCase(grant.getGrantee().getIdentifier()))

                &&

                (grant.getPermission().toString().contains(accessTypeToCheck) || grant.getPermission().toString()
                        .equalsIgnoreCase(PacmanRuleConstants.FULL_CONTROL))) {
            permissions.add(grant.getPermission());
        }
    }
    return permissions;
}
 
Example #6
Source File: GetAcl.java    From aws-doc-sdk-examples with Apache License 2.0 6 votes vote down vote up
public static void getBucketAcl(String bucket_name) {
    System.out.println("Retrieving ACL for bucket: " + bucket_name);

    final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    try {
        AccessControlList acl = s3.getBucketAcl(bucket_name);
        List<Grant> grants = acl.getGrantsAsList();
        for (Grant grant : grants) {
            System.out.format("  %s: %s\n", grant.getGrantee().getIdentifier(),
                    grant.getPermission().toString());
        }
    } catch (AmazonServiceException e) {
        System.err.println(e.getErrorMessage());
        System.exit(1);
    }
}
 
Example #7
Source File: GetAcl.java    From aws-doc-sdk-examples with Apache License 2.0 6 votes vote down vote up
public static void getObjectAcl(String bucket_name, String object_key) {
    System.out.println("Retrieving ACL for object: " + object_key);
    System.out.println("                in bucket: " + bucket_name);

    final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    try {
        AccessControlList acl = s3.getObjectAcl(bucket_name, object_key);
        List<Grant> grants = acl.getGrantsAsList();
        for (Grant grant : grants) {
            System.out.format("  %s: %s\n", grant.getGrantee().getIdentifier(),
                    grant.getPermission().toString());
        }
    } catch (AmazonServiceException e) {
        System.err.println(e.getErrorMessage());
        System.exit(1);
    }
}
 
Example #8
Source File: S3GlobalAccessAutoFix.java    From pacbot with Apache License 2.0 5 votes vote down vote up
/**
 * revokes all ACL permissions.
 *
 * @param awsS3Client the aws S 3 client
 * @param s3BucketName the s 3 bucket name
 */
private void revokeACLPublicPermission(AmazonS3Client awsS3Client, String s3BucketName) {
    AccessControlList bucketAcl;
    try {
        bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
        List<Grant> grants = bucketAcl.getGrantsAsList();
        if (!CollectionUtils.isNullOrEmpty(grants)) {
            for (Grant grant : grants) {
                if ((PacmanSdkConstants.ANY_S3_AUTHENTICATED_USER_URI
                        .equalsIgnoreCase(grant.getGrantee().getIdentifier())
                        || PacmanSdkConstants.ALL_S3_USER_URI.equalsIgnoreCase(grant.getGrantee().getIdentifier()))

                        &&

                        (grant.getPermission().toString().equalsIgnoreCase(PacmanSdkConstants.READ_ACCESS) || (grant
                                .getPermission().toString().equalsIgnoreCase(PacmanSdkConstants.WRITE_ACCESS)
                                || (grant.getPermission().toString()
                                        .equalsIgnoreCase(PacmanSdkConstants.READ_ACP_ACCESS)
                                        || (grant.getPermission().toString()
                                                .equalsIgnoreCase(PacmanSdkConstants.WRITE_ACP_ACCESS)
                                                || grant.getPermission().toString()
                                                        .equalsIgnoreCase(PacmanSdkConstants.FULL_CONTROL)))))) {
                    bucketAcl.revokeAllPermissions(grant.getGrantee());
                }
            }
            awsS3Client.setBucketAcl(s3BucketName, bucketAcl);
        }

    } catch (AmazonS3Exception s3Exception) {
        LOGGER.error(String.format("AmazonS3Exception in revokeACLPublicPermission: %s", s3Exception.getMessage()));
        throw new RuleEngineRunTimeException(s3Exception);
    }
}
 
Example #9
Source File: S3SinkStreamWriter.java    From Scribengin with GNU Affero General Public License v3.0 5 votes vote down vote up
@Override
public void prepareCommit() throws Exception {
  logger.info("prepareCommit");
  if (!validS3Sink) {

    // check if bucket exist
    if (!s3Client.doesBucketExist(bucketName)) {
      System.out.println("bucket does not exist.");
      logger.info("Bucket does not Exist");
      s3Client.createBucket(bucketName);

    }

    logger.info("Bucket Exist");
    /*
     * BucketVersioningConfiguration configuration = new
     * BucketVersioningConfiguration( bucketVersionConfig);
     * SetBucketVersioningConfigurationRequest request = new
     * SetBucketVersioningConfigurationRequest( bucketName, configuration);
     * s3Client.setBucketVersioningConfiguration(request);
     */
    AccessControlList acl = s3Client.getBucketAcl(bucketName);
    List<Permission> permissions = new ArrayList<Permission>();
    for (Grant grant : acl.getGrants()) {
      permissions.add(grant.getPermission());
    }
    if (permissions.contains(Permission.FullControl) || permissions.contains(Permission.Write)) {
      validS3Sink = true;
    }

  } else {
    validS3Sink = true;
  }
  logger.info("validS3Sink = " + validS3Sink);
  System.out.println("validS3Sink = " + validS3Sink);

}
 
Example #10
Source File: TestS3FileSystem.java    From dremio-oss with Apache License 2.0 4 votes vote down vote up
private AccessControlList getAcl(final AmazonS3 s3Client) {
  ArrayList<Grant> grantCollection = new ArrayList<>();

  // Grant the account owner full control.
  Grant grant1 = new Grant(new CanonicalGrantee(s3Client.getS3AccountOwner().getId()), Permission.FullControl);
  grantCollection.add(grant1);

  // Save grants by replacing all current ACL grants with the two we just created.
  AccessControlList bucketAcl = new AccessControlList();
  bucketAcl.grantAllPermissions(grantCollection.toArray(new Grant[0]));
  return bucketAcl;
}