com.amazonaws.services.s3.model.Permission Java Examples

The following examples show how to use com.amazonaws.services.s3.model.Permission. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: S3PacbotUtils.java    From pacbot with Apache License 2.0 6 votes vote down vote up
/**
 * This method is to check whether s3 bucket has read/write/full control
 * 
 * @param grants
 * @param accessTypeToCheck
 * @return List<Permission>, if permissions found else empty
 */
private static Set<Permission> checkAnyGrantHasOpenToReadOrWriteAccess(List<Grant> grants, String accessTypeToCheck) {

	Set<Permission> permissions = new HashSet();
	for (Grant grant : grants) {
		if ((PacmanRuleConstants.ANY_S3_AUTHENTICATED_USER_URI
				.equalsIgnoreCase(grant.getGrantee().getIdentifier()) || PacmanRuleConstants.ALL_S3_USER_URI
				.equalsIgnoreCase(grant.getGrantee().getIdentifier()))

				&&

				(accessTypeToCheck.contains(grant.getPermission()
						.toString()) || grant.getPermission().toString()
						.equalsIgnoreCase(PacmanRuleConstants.FULL_CONTROL))) {
			permissions.add(grant.getPermission());
		}
	}
	return permissions;
}
 
Example #2
Source File: S3PacbotUtils.java    From pacbot with Apache License 2.0 6 votes vote down vote up
/**
 * @param awsS3Client
 * @param s3BucketName
 * @param accessType
 * @return
 */
public static Set<Permission> checkACLPermissions(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
	AccessControlList bucketAcl;
	Set<Permission> permissionList = new HashSet<>();
	try {
		bucketAcl = awsS3Client.getBucketAcl(s3BucketName);
		List<Grant> grants = bucketAcl.getGrantsAsList();
		if (!CollectionUtils.isNullOrEmpty(grants)) {
			permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
		}
	} catch (AmazonS3Exception s3Exception) {
		logger.error("error : ", s3Exception);
		throw new RuleExecutionFailedExeption(s3Exception.getMessage());
	}
	return permissionList;
}
 
Example #3
Source File: PacmanUtils.java    From pacbot with Apache License 2.0 6 votes vote down vote up
public static boolean checkACLAccess(AmazonS3Client awsS3Client, String s3BucketName, String accessType) {
    logger.info("inside the checkACLAccess method");
    Boolean openAcces = false;
    AccessControlList bucketAcl;
    List<Permission> permissionList = null;
    try {
        bucketAcl = awsS3Client.getBucketAcl(s3BucketName);

        List<Grant> grants = bucketAcl.getGrantsAsList();

        // Check grants has which permission
        if (!CollectionUtils.isNullOrEmpty(grants)) {

            permissionList = checkAnyGrantHasOpenToReadOrWriteAccess(grants, accessType);
            if (!CollectionUtils.isNullOrEmpty(permissionList)) {
                openAcces = true;
            }
        }

    } catch (AmazonS3Exception s3Exception) {
        logger.error("error : ", s3Exception);
        throw new RuleExecutionFailedExeption(s3Exception.getMessage());
    }
    return openAcces;
}
 
Example #4
Source File: PacmanUtils.java    From pacbot with Apache License 2.0 6 votes vote down vote up
/**
 * This method is to check whether s3 bucket has read/write/full control
 * 
 * @param grants
 * @param accessTypeToCheck
 * @return List<Permission>, if permissions found else empty
 */
private static List<Permission> checkAnyGrantHasOpenToReadOrWriteAccess(List<Grant> grants, String accessTypeToCheck) {

    List<Permission> permissions = new ArrayList<>();
    for (Grant grant : grants) {
        if ((PacmanRuleConstants.ANY_S3_AUTHENTICATED_USER_URI.equalsIgnoreCase(grant.getGrantee().getIdentifier()) || PacmanRuleConstants.ALL_S3_USER_URI
                .equalsIgnoreCase(grant.getGrantee().getIdentifier()))

                &&

                (grant.getPermission().toString().contains(accessTypeToCheck) || grant.getPermission().toString()
                        .equalsIgnoreCase(PacmanRuleConstants.FULL_CONTROL))) {
            permissions.add(grant.getPermission());
        }
    }
    return permissions;
}
 
Example #5
Source File: SetAcl.java    From aws-doc-sdk-examples with Apache License 2.0 6 votes vote down vote up
public static void setBucketAcl(String bucket_name, String email, String access) {
    System.out.format("Setting %s access for %s\n", access, email);
    System.out.println("on bucket: " + bucket_name);

    final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    try {
        // get the current ACL
        AccessControlList acl = s3.getBucketAcl(bucket_name);
        // set access for the grantee
        EmailAddressGrantee grantee = new EmailAddressGrantee(email);
        Permission permission = Permission.valueOf(access);
        acl.grantPermission(grantee, permission);
        s3.setBucketAcl(bucket_name, acl);
    } catch (AmazonServiceException e) {
        System.err.println(e.getErrorMessage());
        System.exit(1);
    }
}
 
Example #6
Source File: SetAcl.java    From aws-doc-sdk-examples with Apache License 2.0 6 votes vote down vote up
public static void setObjectAcl(String bucket_name, String object_key, String email, String access) {
    System.out.format("Setting %s access for %s\n", access, email);
    System.out.println("for object: " + object_key);
    System.out.println(" in bucket: " + bucket_name);

    final AmazonS3 s3 = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    try {
        // get the current ACL
        AccessControlList acl = s3.getObjectAcl(bucket_name, object_key);
        // set access for the grantee
        EmailAddressGrantee grantee = new EmailAddressGrantee(email);
        Permission permission = Permission.valueOf(access);
        acl.grantPermission(grantee, permission);
        s3.setObjectAcl(bucket_name, object_key, acl);
    } catch (AmazonServiceException e) {
        System.err.println(e.getErrorMessage());
        System.exit(1);
    }
}
 
Example #7
Source File: AwsSdkTest.java    From s3proxy with Apache License 2.0 6 votes vote down vote up
@Test
public void testUpdateBlobXmlAcls() throws Exception {
    assumeTrue(!Quirks.NO_BLOB_ACCESS_CONTROL.contains(blobStoreType));
    String blobName = "testUpdateBlobXmlAcls-blob";
    ObjectMetadata metadata = new ObjectMetadata();
    metadata.setContentLength(BYTE_SOURCE.size());
    client.putObject(containerName, blobName, BYTE_SOURCE.openStream(),
            metadata);
    AccessControlList acl = client.getObjectAcl(containerName, blobName);

    acl.grantPermission(GroupGrantee.AllUsers, Permission.Read);
    client.setObjectAcl(containerName, blobName, acl);
    assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl);

    acl.revokeAllPermissions(GroupGrantee.AllUsers);
    client.setObjectAcl(containerName, blobName, acl);
    assertThat(client.getObjectAcl(containerName, blobName)).isEqualTo(acl);

    acl.grantPermission(GroupGrantee.AllUsers, Permission.Write);
    try {
        client.setObjectAcl(containerName, blobName, acl);
        Fail.failBecauseExceptionWasNotThrown(AmazonS3Exception.class);
    } catch (AmazonS3Exception e) {
        assertThat(e.getErrorCode()).isEqualTo("NotImplemented");
    }
}
 
Example #8
Source File: S3SinkStreamWriter.java    From Scribengin with GNU Affero General Public License v3.0 5 votes vote down vote up
@Override
public void prepareCommit() throws Exception {
  logger.info("prepareCommit");
  if (!validS3Sink) {

    // check if bucket exist
    if (!s3Client.doesBucketExist(bucketName)) {
      System.out.println("bucket does not exist.");
      logger.info("Bucket does not Exist");
      s3Client.createBucket(bucketName);

    }

    logger.info("Bucket Exist");
    /*
     * BucketVersioningConfiguration configuration = new
     * BucketVersioningConfiguration( bucketVersionConfig);
     * SetBucketVersioningConfigurationRequest request = new
     * SetBucketVersioningConfigurationRequest( bucketName, configuration);
     * s3Client.setBucketVersioningConfiguration(request);
     */
    AccessControlList acl = s3Client.getBucketAcl(bucketName);
    List<Permission> permissions = new ArrayList<Permission>();
    for (Grant grant : acl.getGrants()) {
      permissions.add(grant.getPermission());
    }
    if (permissions.contains(Permission.FullControl) || permissions.contains(Permission.Write)) {
      validS3Sink = true;
    }

  } else {
    validS3Sink = true;
  }
  logger.info("validS3Sink = " + validS3Sink);
  System.out.println("validS3Sink = " + validS3Sink);

}
 
Example #9
Source File: AmazonS3Mock.java    From Scribengin with GNU Affero General Public License v3.0 5 votes vote down vote up
@Override
public AccessControlList getBucketAcl(String bucketName) throws AmazonClientException, AmazonServiceException {
  throwException(getBucketAclException);
  AccessControlList acl = new AccessControlList();
  acl.grantPermission(GroupGrantee.AllUsers, Permission.FullControl);
  return acl;
}
 
Example #10
Source File: TestS3FileSystem.java    From dremio-oss with Apache License 2.0 4 votes vote down vote up
private AccessControlList getAcl(final AmazonS3 s3Client) {
  ArrayList<Grant> grantCollection = new ArrayList<>();

  // Grant the account owner full control.
  Grant grant1 = new Grant(new CanonicalGrantee(s3Client.getS3AccountOwner().getId()), Permission.FullControl);
  grantCollection.add(grant1);

  // Save grants by replacing all current ACL grants with the two we just created.
  AccessControlList bucketAcl = new AccessControlList();
  bucketAcl.grantAllPermissions(grantCollection.toArray(new Grant[0]));
  return bucketAcl;
}