aws 2.4.5 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.markdown +9 -75
- data/lib/acf/acf_interface.rb +6 -4
- data/lib/aws.rb +2 -1
- data/lib/awsbase/awsbase.rb +98 -65
- data/lib/awsbase/errors.rb +9 -5
- data/lib/awsbase/parsers.rb +226 -226
- data/lib/awsbase/utils.rb +255 -207
- data/lib/ec2/ec2.rb +243 -105
- data/lib/ec2/mon_interface.rb +2 -1
- data/lib/iam/iam.rb +31 -25
- data/lib/right_aws.rb +1 -1
- data/lib/s3/bucket.rb +7 -8
- data/lib/s3/grantee.rb +238 -238
- data/lib/s3/key.rb +281 -281
- data/lib/s3/s3.rb +2 -1
- data/lib/s3/s3_interface.rb +45 -35
- data/lib/sdb/active_sdb.rb +19 -22
- data/lib/sdb/sdb_interface.rb +4 -5
- data/lib/ses/ses.rb +123 -0
- data/lib/sqs/sqs.rb +5 -0
- data/lib/sqs/sqs_interface.rb +3 -3
- metadata +53 -104
- data/lib/awsbase/support.rb +0 -142
- data/test/acf/test_acf.rb +0 -148
- data/test/acf/test_helper.rb +0 -2
- data/test/ec2/test_ec2.rb +0 -205
- data/test/ec2/test_helper.rb +0 -2
- data/test/ec2/test_mon.rb +0 -17
- data/test/elb/test_elb.rb +0 -51
- data/test/http_connection.rb +0 -87
- data/test/iam/test_iam.rb +0 -36
- data/test/rds/test_rds.rb +0 -181
- data/test/s3/s3_test_base.rb +0 -23
- data/test/s3/test_helper.rb +0 -3
- data/test/s3/test_s3.rb +0 -162
- data/test/s3/test_s3_class.rb +0 -179
- data/test/s3/test_s3_rights.rb +0 -139
- data/test/s3/test_s3_stubbed.rb +0 -97
- data/test/sdb/test_active_sdb.rb +0 -338
- data/test/sdb/test_helper.rb +0 -3
- data/test/sdb/test_sdb.rb +0 -220
- data/test/sqs/test_helper.rb +0 -2
- data/test/sqs/test_sqs.rb +0 -232
- data/test/test_credentials.rb +0 -54
- data/test/ts_right_aws.rb +0 -13
data/lib/ec2/mon_interface.rb
CHANGED
data/lib/iam/iam.rb
CHANGED
@@ -6,16 +6,22 @@ module Aws
|
|
6
6
|
|
7
7
|
include AwsBaseInterface
|
8
8
|
|
9
|
-
API_VERSION
|
10
|
-
DEFAULT_HOST
|
11
|
-
DEFAULT_PATH
|
9
|
+
API_VERSION = "2010-05-08"
|
10
|
+
DEFAULT_HOST = "iam.amazonaws.com"
|
11
|
+
DEFAULT_PATH = '/'
|
12
12
|
DEFAULT_PROTOCOL = 'https'
|
13
|
-
DEFAULT_PORT
|
13
|
+
DEFAULT_PORT = 443
|
14
14
|
|
15
|
-
|
16
|
-
|
15
|
+
def self.connection_name
|
16
|
+
:iam_connection
|
17
|
+
end
|
18
|
+
|
19
|
+
@@bench = AwsBenchmarkingBlock.new
|
20
|
+
|
21
|
+
def self.bench
|
17
22
|
@@bench
|
18
23
|
end
|
24
|
+
|
19
25
|
def self.bench_xml
|
20
26
|
@@bench.xml
|
21
27
|
end
|
@@ -33,12 +39,12 @@ module Aws
|
|
33
39
|
|
34
40
|
|
35
41
|
def initialize(aws_access_key_id=nil, aws_secret_access_key=nil, params={})
|
36
|
-
init({:name
|
37
|
-
:default_host
|
38
|
-
:default_port
|
39
|
-
:default_service
|
42
|
+
init({:name => 'IAM',
|
43
|
+
:default_host => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).host : DEFAULT_HOST,
|
44
|
+
:default_port => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).port : DEFAULT_PORT,
|
45
|
+
:default_service => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).path : DEFAULT_PATH,
|
40
46
|
:default_protocol => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).scheme : DEFAULT_PROTOCOL,
|
41
|
-
:api_version
|
47
|
+
:api_version => API_VERSION},
|
42
48
|
aws_access_key_id || ENV['AWS_ACCESS_KEY_ID'],
|
43
49
|
aws_secret_access_key|| ENV['AWS_SECRET_ACCESS_KEY'],
|
44
50
|
params)
|
@@ -48,19 +54,19 @@ module Aws
|
|
48
54
|
link = generate_request(action, params)
|
49
55
|
p link[:request]
|
50
56
|
resp = request_info_xml_simple(:iam_connection, @params, link, @logger,
|
51
|
-
:group_tags
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
:force_array
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
57
|
+
:group_tags =>{"LoadBalancersDescriptions"=>"LoadBalancersDescription",
|
58
|
+
"DBParameterGroups" =>"DBParameterGroup",
|
59
|
+
"DBSecurityGroups" =>"DBSecurityGroup",
|
60
|
+
"EC2SecurityGroups" =>"EC2SecurityGroup",
|
61
|
+
"IPRanges" =>"IPRange"},
|
62
|
+
:force_array =>["DBInstances",
|
63
|
+
"DBParameterGroups",
|
64
|
+
"DBSecurityGroups",
|
65
|
+
"EC2SecurityGroups",
|
66
|
+
"IPRanges"],
|
61
67
|
:pull_out_array =>options[:pull_out_array],
|
62
68
|
:pull_out_single=>options[:pull_out_single],
|
63
|
-
:wrapper
|
69
|
+
:wrapper =>options[:wrapper])
|
64
70
|
end
|
65
71
|
|
66
72
|
|
@@ -96,10 +102,10 @@ module Aws
|
|
96
102
|
# :path => specify a path you want it stored in
|
97
103
|
# :certificate_chain => contents of certificate chain
|
98
104
|
def upload_server_certificate(name, public_key, private_key, options={})
|
99
|
-
params
|
105
|
+
params = {}
|
100
106
|
params['ServerCertificateName'] = name
|
101
|
-
params['PrivateKey']
|
102
|
-
params['CertificateBody']
|
107
|
+
params['PrivateKey'] = private_key
|
108
|
+
params['CertificateBody'] = public_key
|
103
109
|
|
104
110
|
params['CertificateChain'] = options[:certificate_chain] if options[:certificate_chain]
|
105
111
|
params['Path'] = options[:path] if options[:path]
|
data/lib/right_aws.rb
CHANGED
data/lib/s3/bucket.rb
CHANGED
@@ -85,8 +85,8 @@ module Aws
|
|
85
85
|
# bucket.enable_logging(:targetbucket=>"mylogbucket", :targetprefix=>"loggylogs/")
|
86
86
|
# => true
|
87
87
|
def enable_logging(params)
|
88
|
-
|
89
|
-
|
88
|
+
Utils.mandatory_arguments([:targetbucket, :targetprefix], params)
|
89
|
+
Utils.allow_only([:targetbucket, :targetprefix], params)
|
90
90
|
xmldoc = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><BucketLoggingStatus xmlns=\"http://doc.s3.amazonaws.com/2006-03-01\"><LoggingEnabled><TargetBucket>#{params[:targetbucket]}</TargetBucket><TargetPrefix>#{params[:targetprefix]}</TargetPrefix></LoggingEnabled></BucketLoggingStatus>"
|
91
91
|
@s3.interface.put_logging(:bucket => @name, :xmldoc => xmldoc)
|
92
92
|
end
|
@@ -120,7 +120,6 @@ module Aws
|
|
120
120
|
opt = {}; options.each { |key, value| opt[key.to_s] = value }
|
121
121
|
service_data = {}
|
122
122
|
service_list = {}
|
123
|
-
thislist = {}
|
124
123
|
list = []
|
125
124
|
@s3.interface.incrementally_list_bucket(@name, opt) do |thislist|
|
126
125
|
service_list = thislist
|
@@ -148,7 +147,7 @@ module Aws
|
|
148
147
|
# key.head
|
149
148
|
#
|
150
149
|
def key(key_name, head=false)
|
151
|
-
raise 'Key name can not be empty.' if
|
150
|
+
raise 'Key name can not be empty.' if Aws::Utils.blank?(key_name)
|
152
151
|
key_instance = nil
|
153
152
|
# if this key exists - find it ....
|
154
153
|
keys({'prefix'=>key_name}, head).each do |key|
|
@@ -182,9 +181,9 @@ module Aws
|
|
182
181
|
# key = bucket.get('logs/today/1.log') #=>
|
183
182
|
# puts key.data #=> 'sasfasfasdf'
|
184
183
|
#
|
185
|
-
def get(key,
|
186
|
-
key = S3::Key.create(self, key.to_s) unless key.is_a?(S3::Key)
|
187
|
-
key
|
184
|
+
def get(key,headers={})
|
185
|
+
key = S3::Key.create(self, key.to_s, headers) unless key.is_a?(S3::Key)
|
186
|
+
return key
|
188
187
|
end
|
189
188
|
|
190
189
|
# Rename object. Returns Aws::S3::Key instance.
|
@@ -259,7 +258,7 @@ module Aws
|
|
259
258
|
# Return a list of grantees.
|
260
259
|
#
|
261
260
|
def grantees
|
262
|
-
Grantee::grantees(self)
|
261
|
+
S3::Grantee::grantees(self)
|
263
262
|
end
|
264
263
|
|
265
264
|
end
|
data/lib/s3/grantee.rb
CHANGED
@@ -1,238 +1,238 @@
|
|
1
|
-
module Aws
|
2
|
-
|
3
|
-
# There are 2 ways to set permissions for a bucket or key (called a +thing+ below):
|
4
|
-
#
|
5
|
-
# 1 . Use +perms+ param to set 'Canned Access Policies' when calling the <tt>bucket.create</tt>,
|
6
|
-
# <tt>bucket.put</tt> and <tt>key.put</tt> methods.
|
7
|
-
# The +perms+ param can take these values: 'private', 'public-read', 'public-read-write' and
|
8
|
-
# 'authenticated-read'.
|
9
|
-
# (see http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAccessPolicy.html).
|
10
|
-
#
|
11
|
-
# bucket = s3.bucket('bucket_for_kd_test_13', true, 'public-read')
|
12
|
-
# key.put('Woohoo!','public-read-write' )
|
13
|
-
#
|
14
|
-
# 2 . Use Grantee instances (the permission is a +String+ or an +Array+ of: 'READ', 'WRITE',
|
15
|
-
# 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'):
|
16
|
-
#
|
17
|
-
# bucket = s3.bucket('my_awesome_bucket', true)
|
18
|
-
# grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL, :apply)
|
19
|
-
# grantee2 = Aws::S3::Grantee.new(bucket, 'xy3v3...5fhp', [READ, WRITE], :apply)
|
20
|
-
#
|
21
|
-
# There is only one way to get and to remove permission (via Grantee instances):
|
22
|
-
#
|
23
|
-
# grantees = bucket.grantees # a list of Grantees that have any access for this bucket
|
24
|
-
# grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c')
|
25
|
-
# grantee1.perms #=> returns a list of perms for this grantee to that bucket
|
26
|
-
# ...
|
27
|
-
# grantee1.drop # remove all perms for this grantee
|
28
|
-
# grantee2.revoke('WRITE') # revoke write access only
|
29
|
-
#
|
30
|
-
class S3::Grantee
|
31
|
-
# A bucket or a key the grantee has an access to.
|
32
|
-
attr_reader :thing
|
33
|
-
# Grantee Amazon id.
|
34
|
-
attr_reader :id
|
35
|
-
# Grantee display name.
|
36
|
-
attr_reader :name
|
37
|
-
# Array of permissions.
|
38
|
-
attr_accessor :perms
|
39
|
-
|
40
|
-
# Retrieve Owner information and a list of Grantee instances that have
|
41
|
-
# a access to this thing (bucket or key).
|
42
|
-
#
|
43
|
-
# bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
|
44
|
-
# ...
|
45
|
-
# Aws::S3::Grantee.owner_and_grantees(bucket) #=> [owner, grantees]
|
46
|
-
#
|
47
|
-
def self.owner_and_grantees(thing)
|
48
|
-
if thing.is_a?(Bucket)
|
49
|
-
bucket, key = thing, ''
|
50
|
-
else
|
51
|
-
bucket, key = thing.bucket, thing
|
52
|
-
end
|
53
|
-
hash = bucket.s3.interface.get_acl_parse(bucket.to_s, key.to_s)
|
54
|
-
owner = Owner.new(hash[:owner][:id], hash[:owner][:display_name])
|
55
|
-
|
56
|
-
grantees = []
|
57
|
-
hash[:grantees].each do |id, params|
|
58
|
-
grantees << new(thing, id, params[:permissions], nil, params[:display_name])
|
59
|
-
end
|
60
|
-
[owner, grantees]
|
61
|
-
end
|
62
|
-
|
63
|
-
# Retrieves a list of Grantees instances that have an access to this thing(bucket or key).
|
64
|
-
#
|
65
|
-
# bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
|
66
|
-
# ...
|
67
|
-
# Aws::S3::Grantee.grantees(bucket) #=> grantees
|
68
|
-
#
|
69
|
-
def self.grantees(thing)
|
70
|
-
owner_and_grantees(thing)[1]
|
71
|
-
end
|
72
|
-
|
73
|
-
def self.put_acl(thing, owner, grantees) #:nodoc:
|
74
|
-
if thing.is_a?(Bucket)
|
75
|
-
bucket, key = thing, ''
|
76
|
-
else
|
77
|
-
bucket, key = thing.bucket, thing
|
78
|
-
end
|
79
|
-
body = "<AccessControlPolicy>" +
|
80
|
-
"<Owner>" +
|
81
|
-
"<ID>#{owner.id}</ID>" +
|
82
|
-
"<DisplayName>#{owner.name}</DisplayName>" +
|
83
|
-
"</Owner>" +
|
84
|
-
"<AccessControlList>" +
|
85
|
-
grantees.map { |grantee| grantee.to_xml }.join +
|
86
|
-
"</AccessControlList>" +
|
87
|
-
"</AccessControlPolicy>"
|
88
|
-
bucket.s3.interface.put_acl(bucket.to_s, key.to_s, body)
|
89
|
-
end
|
90
|
-
|
91
|
-
# Create a new Grantee instance.
|
92
|
-
# Grantee +id+ must exist on S3. If +action+ == :refresh, then retrieve
|
93
|
-
# permissions from S3 and update @perms. If +action+ == :apply, then apply
|
94
|
-
# perms to +thing+ at S3. If +action+ == :apply_and_refresh then it performs.
|
95
|
-
# both the actions. This is used for the new grantees that had no perms to
|
96
|
-
# this thing before. The default action is :refresh.
|
97
|
-
#
|
98
|
-
# bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
|
99
|
-
# grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL)
|
100
|
-
# ...
|
101
|
-
# grantee2 = Aws::S3::Grantee.new(bucket, 'abcde...asdf', [FULL_CONTROL, READ], :apply)
|
102
|
-
# grantee3 = Aws::S3::Grantee.new(bucket, 'aaaaa...aaaa', 'READ', :apply_and_refresh)
|
103
|
-
#
|
104
|
-
def initialize(thing, id, perms=[], action=:refresh, name=nil)
|
105
|
-
@thing = thing
|
106
|
-
@id = id
|
107
|
-
@name = name
|
108
|
-
@perms = perms.to_a
|
109
|
-
case action
|
110
|
-
when :apply then
|
111
|
-
apply
|
112
|
-
when :refresh then
|
113
|
-
refresh
|
114
|
-
when :apply_and_refresh then
|
115
|
-
apply; refresh
|
116
|
-
end
|
117
|
-
end
|
118
|
-
|
119
|
-
# Return +true+ if the grantee has any permissions to the thing.
|
120
|
-
def exists?
|
121
|
-
self.class.grantees(@thing).each do |grantee|
|
122
|
-
return true if @id == grantee.id
|
123
|
-
end
|
124
|
-
false
|
125
|
-
end
|
126
|
-
|
127
|
-
# Return Grantee type (+String+): "Group" or "CanonicalUser".
|
128
|
-
def type
|
129
|
-
@id[/^http:/] ? "Group" : "CanonicalUser"
|
130
|
-
end
|
131
|
-
|
132
|
-
# Return a name or an id.
|
133
|
-
def to_s
|
134
|
-
@name || @id
|
135
|
-
end
|
136
|
-
|
137
|
-
# Add permissions for grantee.
|
138
|
-
# Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'.
|
139
|
-
# See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
|
140
|
-
# Returns +true+.
|
141
|
-
#
|
142
|
-
# grantee.grant('FULL_CONTROL') #=> true
|
143
|
-
# grantee.grant('FULL_CONTROL','WRITE','READ') #=> true
|
144
|
-
# grantee.grant(['WRITE_ACP','READ','READ_ACP']) #=> true
|
145
|
-
#
|
146
|
-
def grant(*permissions)
|
147
|
-
permissions.flatten!
|
148
|
-
old_perms = @perms.dup
|
149
|
-
@perms += permissions
|
150
|
-
@perms.uniq!
|
151
|
-
return true if @perms == old_perms
|
152
|
-
apply
|
153
|
-
end
|
154
|
-
|
155
|
-
# Revoke permissions for grantee.
|
156
|
-
# Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'
|
157
|
-
# See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
|
158
|
-
# Default value is 'FULL_CONTROL'.
|
159
|
-
# Returns +true+.
|
160
|
-
#
|
161
|
-
# grantee.revoke('READ') #=> true
|
162
|
-
# grantee.revoke('FULL_CONTROL','WRITE') #=> true
|
163
|
-
# grantee.revoke(['READ_ACP','WRITE_ACP']) #=> true
|
164
|
-
#
|
165
|
-
def revoke(*permissions)
|
166
|
-
permissions.flatten!
|
167
|
-
old_perms = @perms.dup
|
168
|
-
@perms -= permissions
|
169
|
-
@perms.uniq!
|
170
|
-
return true if @perms == old_perms
|
171
|
-
apply
|
172
|
-
end
|
173
|
-
|
174
|
-
# Revoke all permissions for this grantee.
|
175
|
-
# Returns +true+.
|
176
|
-
#
|
177
|
-
# grantee.drop #=> true
|
178
|
-
#
|
179
|
-
def drop
|
180
|
-
@perms = []
|
181
|
-
apply
|
182
|
-
end
|
183
|
-
|
184
|
-
# Refresh grantee perms for its +thing+.
|
185
|
-
# Returns +true+ if the grantee has perms for this +thing+ or
|
186
|
-
# +false+ otherwise, and updates @perms value as a side-effect.
|
187
|
-
#
|
188
|
-
# grantee.grant('FULL_CONTROL') #=> true
|
189
|
-
# grantee.refresh #=> true
|
190
|
-
# grantee.drop #=> true
|
191
|
-
# grantee.refresh #=> false
|
192
|
-
#
|
193
|
-
def refresh
|
194
|
-
@perms = []
|
195
|
-
self.class.grantees(@thing).each do |grantee|
|
196
|
-
if @id == grantee.id
|
197
|
-
@name = grantee.name
|
198
|
-
@perms = grantee.perms
|
199
|
-
return true
|
200
|
-
end
|
201
|
-
end
|
202
|
-
false
|
203
|
-
end
|
204
|
-
|
205
|
-
# Apply current grantee @perms to +thing+. This method is called internally by the +grant+
|
206
|
-
# and +revoke+ methods. In normal use this method should not
|
207
|
-
# be called directly.
|
208
|
-
#
|
209
|
-
# grantee.perms = ['FULL_CONTROL']
|
210
|
-
# grantee.apply #=> true
|
211
|
-
#
|
212
|
-
def apply
|
213
|
-
@perms.uniq!
|
214
|
-
owner, grantees = self.class.owner_and_grantees(@thing)
|
215
|
-
# walk through all the grantees and replace the data for the current one and ...
|
216
|
-
grantees.map! { |grantee| grantee.id == @id ? self : grantee }
|
217
|
-
# ... if this grantee is not known - add this bad boy to a list
|
218
|
-
grantees << self unless grantees.include?(self)
|
219
|
-
# set permissions
|
220
|
-
self.class.put_acl(@thing, owner, grantees)
|
221
|
-
end
|
222
|
-
|
223
|
-
def to_xml # :nodoc:
|
224
|
-
id_str = @id[/^http/] ? "<URI>#{@id}</URI>" : "<ID>#{@id}</ID>"
|
225
|
-
grants = ''
|
226
|
-
@perms.each do |perm|
|
227
|
-
grants << "<Grant>" +
|
228
|
-
"<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " +
|
229
|
-
"xsi:type=\"#{type}\">#{id_str}</Grantee>" +
|
230
|
-
"<Permission>#{perm}</Permission>" +
|
231
|
-
"</Grant>"
|
232
|
-
end
|
233
|
-
grants
|
234
|
-
end
|
235
|
-
|
236
|
-
end
|
237
|
-
|
238
|
-
end
|
1
|
+
module Aws
|
2
|
+
|
3
|
+
# There are 2 ways to set permissions for a bucket or key (called a +thing+ below):
|
4
|
+
#
|
5
|
+
# 1 . Use +perms+ param to set 'Canned Access Policies' when calling the <tt>bucket.create</tt>,
|
6
|
+
# <tt>bucket.put</tt> and <tt>key.put</tt> methods.
|
7
|
+
# The +perms+ param can take these values: 'private', 'public-read', 'public-read-write' and
|
8
|
+
# 'authenticated-read'.
|
9
|
+
# (see http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAccessPolicy.html).
|
10
|
+
#
|
11
|
+
# bucket = s3.bucket('bucket_for_kd_test_13', true, 'public-read')
|
12
|
+
# key.put('Woohoo!','public-read-write' )
|
13
|
+
#
|
14
|
+
# 2 . Use Grantee instances (the permission is a +String+ or an +Array+ of: 'READ', 'WRITE',
|
15
|
+
# 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'):
|
16
|
+
#
|
17
|
+
# bucket = s3.bucket('my_awesome_bucket', true)
|
18
|
+
# grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL, :apply)
|
19
|
+
# grantee2 = Aws::S3::Grantee.new(bucket, 'xy3v3...5fhp', [READ, WRITE], :apply)
|
20
|
+
#
|
21
|
+
# There is only one way to get and to remove permission (via Grantee instances):
|
22
|
+
#
|
23
|
+
# grantees = bucket.grantees # a list of Grantees that have any access for this bucket
|
24
|
+
# grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c')
|
25
|
+
# grantee1.perms #=> returns a list of perms for this grantee to that bucket
|
26
|
+
# ...
|
27
|
+
# grantee1.drop # remove all perms for this grantee
|
28
|
+
# grantee2.revoke('WRITE') # revoke write access only
|
29
|
+
#
|
30
|
+
class S3::Grantee
|
31
|
+
# A bucket or a key the grantee has an access to.
|
32
|
+
attr_reader :thing
|
33
|
+
# Grantee Amazon id.
|
34
|
+
attr_reader :id
|
35
|
+
# Grantee display name.
|
36
|
+
attr_reader :name
|
37
|
+
# Array of permissions.
|
38
|
+
attr_accessor :perms
|
39
|
+
|
40
|
+
# Retrieve Owner information and a list of Grantee instances that have
|
41
|
+
# a access to this thing (bucket or key).
|
42
|
+
#
|
43
|
+
# bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
|
44
|
+
# ...
|
45
|
+
# Aws::S3::Grantee.owner_and_grantees(bucket) #=> [owner, grantees]
|
46
|
+
#
|
47
|
+
def self.owner_and_grantees(thing)
|
48
|
+
if thing.is_a?(S3::Bucket)
|
49
|
+
bucket, key = thing, ''
|
50
|
+
else
|
51
|
+
bucket, key = thing.bucket, thing
|
52
|
+
end
|
53
|
+
hash = bucket.s3.interface.get_acl_parse(bucket.to_s, key.to_s)
|
54
|
+
owner = S3::Owner.new(hash[:owner][:id], hash[:owner][:display_name])
|
55
|
+
|
56
|
+
grantees = []
|
57
|
+
hash[:grantees].each do |id, params|
|
58
|
+
grantees << new(thing, id, params[:permissions], nil, params[:display_name])
|
59
|
+
end
|
60
|
+
[owner, grantees]
|
61
|
+
end
|
62
|
+
|
63
|
+
# Retrieves a list of Grantees instances that have an access to this thing(bucket or key).
|
64
|
+
#
|
65
|
+
# bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
|
66
|
+
# ...
|
67
|
+
# Aws::S3::Grantee.grantees(bucket) #=> grantees
|
68
|
+
#
|
69
|
+
def self.grantees(thing)
|
70
|
+
owner_and_grantees(thing)[1]
|
71
|
+
end
|
72
|
+
|
73
|
+
def self.put_acl(thing, owner, grantees) #:nodoc:
|
74
|
+
if thing.is_a?(S3::Bucket)
|
75
|
+
bucket, key = thing, ''
|
76
|
+
else
|
77
|
+
bucket, key = thing.bucket, thing
|
78
|
+
end
|
79
|
+
body = "<AccessControlPolicy>" +
|
80
|
+
"<Owner>" +
|
81
|
+
"<ID>#{owner.id}</ID>" +
|
82
|
+
"<DisplayName>#{owner.name}</DisplayName>" +
|
83
|
+
"</Owner>" +
|
84
|
+
"<AccessControlList>" +
|
85
|
+
grantees.map { |grantee| grantee.to_xml }.join +
|
86
|
+
"</AccessControlList>" +
|
87
|
+
"</AccessControlPolicy>"
|
88
|
+
bucket.s3.interface.put_acl(bucket.to_s, key.to_s, body)
|
89
|
+
end
|
90
|
+
|
91
|
+
# Create a new Grantee instance.
|
92
|
+
# Grantee +id+ must exist on S3. If +action+ == :refresh, then retrieve
|
93
|
+
# permissions from S3 and update @perms. If +action+ == :apply, then apply
|
94
|
+
# perms to +thing+ at S3. If +action+ == :apply_and_refresh then it performs.
|
95
|
+
# both the actions. This is used for the new grantees that had no perms to
|
96
|
+
# this thing before. The default action is :refresh.
|
97
|
+
#
|
98
|
+
# bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
|
99
|
+
# grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL)
|
100
|
+
# ...
|
101
|
+
# grantee2 = Aws::S3::Grantee.new(bucket, 'abcde...asdf', [FULL_CONTROL, READ], :apply)
|
102
|
+
# grantee3 = Aws::S3::Grantee.new(bucket, 'aaaaa...aaaa', 'READ', :apply_and_refresh)
|
103
|
+
#
|
104
|
+
def initialize(thing, id, perms=[], action=:refresh, name=nil)
|
105
|
+
@thing = thing
|
106
|
+
@id = id
|
107
|
+
@name = name
|
108
|
+
@perms = perms.to_a
|
109
|
+
case action
|
110
|
+
when :apply then
|
111
|
+
apply
|
112
|
+
when :refresh then
|
113
|
+
refresh
|
114
|
+
when :apply_and_refresh then
|
115
|
+
apply; refresh
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
# Return +true+ if the grantee has any permissions to the thing.
|
120
|
+
def exists?
|
121
|
+
self.class.grantees(@thing).each do |grantee|
|
122
|
+
return true if @id == grantee.id
|
123
|
+
end
|
124
|
+
false
|
125
|
+
end
|
126
|
+
|
127
|
+
# Return Grantee type (+String+): "Group" or "CanonicalUser".
|
128
|
+
def type
|
129
|
+
@id[/^http:/] ? "Group" : "CanonicalUser"
|
130
|
+
end
|
131
|
+
|
132
|
+
# Return a name or an id.
|
133
|
+
def to_s
|
134
|
+
@name || @id
|
135
|
+
end
|
136
|
+
|
137
|
+
# Add permissions for grantee.
|
138
|
+
# Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'.
|
139
|
+
# See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
|
140
|
+
# Returns +true+.
|
141
|
+
#
|
142
|
+
# grantee.grant('FULL_CONTROL') #=> true
|
143
|
+
# grantee.grant('FULL_CONTROL','WRITE','READ') #=> true
|
144
|
+
# grantee.grant(['WRITE_ACP','READ','READ_ACP']) #=> true
|
145
|
+
#
|
146
|
+
def grant(*permissions)
|
147
|
+
permissions.flatten!
|
148
|
+
old_perms = @perms.dup
|
149
|
+
@perms += permissions
|
150
|
+
@perms.uniq!
|
151
|
+
return true if @perms == old_perms
|
152
|
+
apply
|
153
|
+
end
|
154
|
+
|
155
|
+
# Revoke permissions for grantee.
|
156
|
+
# Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'
|
157
|
+
# See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
|
158
|
+
# Default value is 'FULL_CONTROL'.
|
159
|
+
# Returns +true+.
|
160
|
+
#
|
161
|
+
# grantee.revoke('READ') #=> true
|
162
|
+
# grantee.revoke('FULL_CONTROL','WRITE') #=> true
|
163
|
+
# grantee.revoke(['READ_ACP','WRITE_ACP']) #=> true
|
164
|
+
#
|
165
|
+
def revoke(*permissions)
|
166
|
+
permissions.flatten!
|
167
|
+
old_perms = @perms.dup
|
168
|
+
@perms -= permissions
|
169
|
+
@perms.uniq!
|
170
|
+
return true if @perms == old_perms
|
171
|
+
apply
|
172
|
+
end
|
173
|
+
|
174
|
+
# Revoke all permissions for this grantee.
|
175
|
+
# Returns +true+.
|
176
|
+
#
|
177
|
+
# grantee.drop #=> true
|
178
|
+
#
|
179
|
+
def drop
|
180
|
+
@perms = []
|
181
|
+
apply
|
182
|
+
end
|
183
|
+
|
184
|
+
# Refresh grantee perms for its +thing+.
|
185
|
+
# Returns +true+ if the grantee has perms for this +thing+ or
|
186
|
+
# +false+ otherwise, and updates @perms value as a side-effect.
|
187
|
+
#
|
188
|
+
# grantee.grant('FULL_CONTROL') #=> true
|
189
|
+
# grantee.refresh #=> true
|
190
|
+
# grantee.drop #=> true
|
191
|
+
# grantee.refresh #=> false
|
192
|
+
#
|
193
|
+
def refresh
|
194
|
+
@perms = []
|
195
|
+
self.class.grantees(@thing).each do |grantee|
|
196
|
+
if @id == grantee.id
|
197
|
+
@name = grantee.name
|
198
|
+
@perms = grantee.perms
|
199
|
+
return true
|
200
|
+
end
|
201
|
+
end
|
202
|
+
false
|
203
|
+
end
|
204
|
+
|
205
|
+
# Apply current grantee @perms to +thing+. This method is called internally by the +grant+
|
206
|
+
# and +revoke+ methods. In normal use this method should not
|
207
|
+
# be called directly.
|
208
|
+
#
|
209
|
+
# grantee.perms = ['FULL_CONTROL']
|
210
|
+
# grantee.apply #=> true
|
211
|
+
#
|
212
|
+
def apply
|
213
|
+
@perms.uniq!
|
214
|
+
owner, grantees = self.class.owner_and_grantees(@thing)
|
215
|
+
# walk through all the grantees and replace the data for the current one and ...
|
216
|
+
grantees.map! { |grantee| grantee.id == @id ? self : grantee }
|
217
|
+
# ... if this grantee is not known - add this bad boy to a list
|
218
|
+
grantees << self unless grantees.include?(self)
|
219
|
+
# set permissions
|
220
|
+
self.class.put_acl(@thing, owner, grantees)
|
221
|
+
end
|
222
|
+
|
223
|
+
def to_xml # :nodoc:
|
224
|
+
id_str = @id[/^http/] ? "<URI>#{@id}</URI>" : "<ID>#{@id}</ID>"
|
225
|
+
grants = ''
|
226
|
+
@perms.each do |perm|
|
227
|
+
grants << "<Grant>" +
|
228
|
+
"<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " +
|
229
|
+
"xsi:type=\"#{type}\">#{id_str}</Grantee>" +
|
230
|
+
"<Permission>#{perm}</Permission>" +
|
231
|
+
"</Grant>"
|
232
|
+
end
|
233
|
+
grants
|
234
|
+
end
|
235
|
+
|
236
|
+
end
|
237
|
+
|
238
|
+
end
|