List of usage examples for com.amazonaws.services.s3.model Permission FullControl
Permission FullControl
To view the source code for com.amazonaws.services.s3.model Permission FullControl.
Click Source Link
From source file:alluxio.underfs.s3a.S3AUtils.java
License:Apache License
/** * Translates S3 bucket ACL to Alluxio owner mode. * * @param acl the acl of S3 bucket/* ww w . ja va 2 s. co m*/ * @param userId the S3 user id of the Alluxio owner * @return the translated posix mode in short format */ public static short translateBucketAcl(AccessControlList acl, String userId) { short mode = (short) 0; for (Grant grant : acl.getGrantsAsList()) { Permission perm = grant.getPermission(); Grantee grantee = grant.getGrantee(); if (perm.equals(Permission.Read)) { if (isUserIdInGrantee(grantee, userId)) { // If the bucket is readable by the user, add r and x to the owner mode. mode |= (short) 0500; } } else if (perm.equals(Permission.Write)) { if (isUserIdInGrantee(grantee, userId)) { // If the bucket is writable by the user, +w to the owner mode. mode |= (short) 0200; } } else if (perm.equals(Permission.FullControl)) { if (isUserIdInGrantee(grantee, userId)) { // If the user has full control to the bucket, +rwx to the owner mode. mode |= (short) 0700; } } } return mode; }
From source file:cloudExplorer.Acl.java
License:Open Source License
void setAccess(String id, int what, String access_key, String secret_key, String endpoint, String bucket) { try {// ww w .j a v a 2 s.c om Collection<Grant> grantCollection = new ArrayList<Grant>(); AWSCredentials credentials = new BasicAWSCredentials(access_key, secret_key); AmazonS3 s3Client = new AmazonS3Client(credentials, new ClientConfiguration().withSignerOverride("S3SignerType")); s3Client.setEndpoint(endpoint); AccessControlList bucketAcl = s3Client.getBucketAcl(bucket); Grant grant = null; if (what == 0) { grant = new Grant(new CanonicalGrantee(id), Permission.Read); grantCollection.add(grant); } if (what == 1) { grant = new Grant(new CanonicalGrantee(id), Permission.FullControl); grantCollection.add(grant); } if (what == 3) { bucketAcl.getGrants().clear(); } bucketAcl.getGrants().addAll(grantCollection); s3Client.setBucketAcl(bucket, bucketAcl); } catch (AmazonServiceException ase) { NewJFrame.jTextArea1.append("\n\nError: " + ase.getErrorMessage()); } }
From source file:com.github.abhinavmishra14.aws.s3.service.impl.AwsS3IamServiceImpl.java
License:Open Source License
@Override public boolean hasFullControlPermission(final String bucketName) throws AmazonClientException, AmazonServiceException, AmazonS3Exception { LOGGER.info("Checking full controll permission on bucket.."); boolean hasFullControl = false; final AccessControlList acl = getBucketAccessControlList(bucketName); final List<Grant> grantList = acl.getGrantsAsList(); for (final Grant grant : grantList) { if (Permission.FullControl.equals(grant.getPermission())) { hasFullControl = true;//w w w. j a va 2 s . c o m LOGGER.info("Permissions validated, hasFullControl: {}", hasFullControl); break; } } return hasFullControl; }
From source file:com.upplication.s3fs.S3FileSystemProvider.java
License:Open Source License
@Override public void checkAccess(Path path, AccessMode... modes) throws IOException { S3Path s3Path = (S3Path) path; Preconditions.checkArgument(s3Path.isAbsolute(), "path must be absolute: %s", s3Path); AmazonS3Client client = s3Path.getFileSystem().getClient(); // get ACL and check if the file exists as a side-effect AccessControlList acl = getAccessControl(s3Path); for (AccessMode accessMode : modes) { switch (accessMode) { case EXECUTE: throw new AccessDeniedException(s3Path.toString(), null, "file is not executable"); case READ: if (!hasPermissions(acl, client.getS3AccountOwner(), EnumSet.of(Permission.FullControl, Permission.Read))) { throw new AccessDeniedException(s3Path.toString(), null, "file is not readable"); }/*from w ww . j av a2 s . c om*/ break; case WRITE: if (!hasPermissions(acl, client.getS3AccountOwner(), EnumSet.of(Permission.FullControl, Permission.Write))) { throw new AccessDeniedException(s3Path.toString(), null, format("bucket '%s' is not writable", s3Path.getBucket())); } break; } } }
From source file:com.upplication.s3fs.util.AmazonS3ClientMock.java
License:Open Source License
private AccessControlList createAllPermission() { AccessControlList res = new AccessControlList(); res.setOwner(getS3AccountOwner());// ww w . ja va 2 s . co m Grantee grant = new Grantee() { @Override public void setIdentifier(String id) { } @Override public String getTypeIdentifier() { return getS3AccountOwner().getId(); } @Override public String getIdentifier() { return getS3AccountOwner().getId(); } }; res.grantPermission(grant, Permission.FullControl); res.grantPermission(grant, Permission.Read); res.grantPermission(grant, Permission.Write); return res; }
From source file:io.druid.storage.s3.S3Utils.java
License:Apache License
static AccessControlList grantFullControlToBucketOwner(AmazonS3 s3Client, String bucket) { final AccessControlList acl = s3Client.getBucketAcl(bucket); acl.grantAllPermissions(new Grant(new CanonicalGrantee(acl.getOwner().getId()), Permission.FullControl)); return acl;/* w w w . j a v a 2s.co m*/ }
From source file:org.apache.druid.storage.s3.S3Utils.java
License:Apache License
static AccessControlList grantFullControlToBucketOwner(ServerSideEncryptingAmazonS3 s3Client, String bucket) { final AccessControlList acl = s3Client.getBucketAcl(bucket); acl.grantAllPermissions(new Grant(new CanonicalGrantee(acl.getOwner().getId()), Permission.FullControl)); return acl;/*ww w . j a va2 s . c om*/ }
From source file:org.apache.nifi.processors.aws.s3.AbstractS3Processor.java
License:Apache License
/** * Create AccessControlList if appropriate properties are configured. * * @param context ProcessContext//from www. j a v a 2 s . c o m * @param flowFile FlowFile * @return AccessControlList or null if no ACL properties were specified */ protected final AccessControlList createACL(final ProcessContext context, final FlowFile flowFile) { // lazy-initialize ACL, as it should not be used if no properties were specified AccessControlList acl = null; final String ownerId = context.getProperty(OWNER).evaluateAttributeExpressions(flowFile).getValue(); if (!StringUtils.isEmpty(ownerId)) { final Owner owner = new Owner(); owner.setId(ownerId); if (acl == null) { acl = new AccessControlList(); } acl.setOwner(owner); } for (final Grantee grantee : createGrantees( context.getProperty(FULL_CONTROL_USER_LIST).evaluateAttributeExpressions(flowFile).getValue())) { if (acl == null) { acl = new AccessControlList(); } acl.grantPermission(grantee, Permission.FullControl); } for (final Grantee grantee : createGrantees( context.getProperty(READ_USER_LIST).evaluateAttributeExpressions(flowFile).getValue())) { if (acl == null) { acl = new AccessControlList(); } acl.grantPermission(grantee, Permission.Read); } for (final Grantee grantee : createGrantees( context.getProperty(WRITE_USER_LIST).evaluateAttributeExpressions(flowFile).getValue())) { if (acl == null) { acl = new AccessControlList(); } acl.grantPermission(grantee, Permission.Write); } for (final Grantee grantee : createGrantees( context.getProperty(READ_ACL_LIST).evaluateAttributeExpressions(flowFile).getValue())) { if (acl == null) { acl = new AccessControlList(); } acl.grantPermission(grantee, Permission.ReadAcp); } for (final Grantee grantee : createGrantees( context.getProperty(WRITE_ACL_LIST).evaluateAttributeExpressions(flowFile).getValue())) { if (acl == null) { acl = new AccessControlList(); } acl.grantPermission(grantee, Permission.WriteAcp); } return acl; }