aws 2.4.5 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. data/README.markdown +9 -75
  2. data/lib/acf/acf_interface.rb +6 -4
  3. data/lib/aws.rb +2 -1
  4. data/lib/awsbase/awsbase.rb +98 -65
  5. data/lib/awsbase/errors.rb +9 -5
  6. data/lib/awsbase/parsers.rb +226 -226
  7. data/lib/awsbase/utils.rb +255 -207
  8. data/lib/ec2/ec2.rb +243 -105
  9. data/lib/ec2/mon_interface.rb +2 -1
  10. data/lib/iam/iam.rb +31 -25
  11. data/lib/right_aws.rb +1 -1
  12. data/lib/s3/bucket.rb +7 -8
  13. data/lib/s3/grantee.rb +238 -238
  14. data/lib/s3/key.rb +281 -281
  15. data/lib/s3/s3.rb +2 -1
  16. data/lib/s3/s3_interface.rb +45 -35
  17. data/lib/sdb/active_sdb.rb +19 -22
  18. data/lib/sdb/sdb_interface.rb +4 -5
  19. data/lib/ses/ses.rb +123 -0
  20. data/lib/sqs/sqs.rb +5 -0
  21. data/lib/sqs/sqs_interface.rb +3 -3
  22. metadata +53 -104
  23. data/lib/awsbase/support.rb +0 -142
  24. data/test/acf/test_acf.rb +0 -148
  25. data/test/acf/test_helper.rb +0 -2
  26. data/test/ec2/test_ec2.rb +0 -205
  27. data/test/ec2/test_helper.rb +0 -2
  28. data/test/ec2/test_mon.rb +0 -17
  29. data/test/elb/test_elb.rb +0 -51
  30. data/test/http_connection.rb +0 -87
  31. data/test/iam/test_iam.rb +0 -36
  32. data/test/rds/test_rds.rb +0 -181
  33. data/test/s3/s3_test_base.rb +0 -23
  34. data/test/s3/test_helper.rb +0 -3
  35. data/test/s3/test_s3.rb +0 -162
  36. data/test/s3/test_s3_class.rb +0 -179
  37. data/test/s3/test_s3_rights.rb +0 -139
  38. data/test/s3/test_s3_stubbed.rb +0 -97
  39. data/test/sdb/test_active_sdb.rb +0 -338
  40. data/test/sdb/test_helper.rb +0 -3
  41. data/test/sdb/test_sdb.rb +0 -220
  42. data/test/sqs/test_helper.rb +0 -2
  43. data/test/sqs/test_sqs.rb +0 -232
  44. data/test/test_credentials.rb +0 -54
  45. data/test/ts_right_aws.rb +0 -13
@@ -24,9 +24,10 @@ module Aws
24
24
  end
25
25
 
26
26
  @@bench = Aws::AwsBenchmarkingBlock.new
27
- def self.bench
27
+ def self.bench
28
28
  @@bench
29
29
  end
30
+
30
31
  def self.bench_xml
31
32
  @@bench.xml
32
33
  end
@@ -6,16 +6,22 @@ module Aws
6
6
 
7
7
  include AwsBaseInterface
8
8
 
9
- API_VERSION = "2010-05-08"
10
- DEFAULT_HOST = "iam.amazonaws.com"
11
- DEFAULT_PATH = '/'
9
+ API_VERSION = "2010-05-08"
10
+ DEFAULT_HOST = "iam.amazonaws.com"
11
+ DEFAULT_PATH = '/'
12
12
  DEFAULT_PROTOCOL = 'https'
13
- DEFAULT_PORT = 443
13
+ DEFAULT_PORT = 443
14
14
 
15
- @@bench = AwsBenchmarkingBlock.new
16
- def self.bench
15
+ def self.connection_name
16
+ :iam_connection
17
+ end
18
+
19
+ @@bench = AwsBenchmarkingBlock.new
20
+
21
+ def self.bench
17
22
  @@bench
18
23
  end
24
+
19
25
  def self.bench_xml
20
26
  @@bench.xml
21
27
  end
@@ -33,12 +39,12 @@ module Aws
33
39
 
34
40
 
35
41
  def initialize(aws_access_key_id=nil, aws_secret_access_key=nil, params={})
36
- init({:name => 'IAM',
37
- :default_host => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).host : DEFAULT_HOST,
38
- :default_port => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).port : DEFAULT_PORT,
39
- :default_service => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).path : DEFAULT_PATH,
42
+ init({:name => 'IAM',
43
+ :default_host => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).host : DEFAULT_HOST,
44
+ :default_port => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).port : DEFAULT_PORT,
45
+ :default_service => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).path : DEFAULT_PATH,
40
46
  :default_protocol => ENV['IAM_URL'] ? URI.parse(ENV['IAM_URL']).scheme : DEFAULT_PROTOCOL,
41
- :api_version => API_VERSION},
47
+ :api_version => API_VERSION},
42
48
  aws_access_key_id || ENV['AWS_ACCESS_KEY_ID'],
43
49
  aws_secret_access_key|| ENV['AWS_SECRET_ACCESS_KEY'],
44
50
  params)
@@ -48,19 +54,19 @@ module Aws
48
54
  link = generate_request(action, params)
49
55
  p link[:request]
50
56
  resp = request_info_xml_simple(:iam_connection, @params, link, @logger,
51
- :group_tags =>{"LoadBalancersDescriptions"=>"LoadBalancersDescription",
52
- "DBParameterGroups" =>"DBParameterGroup",
53
- "DBSecurityGroups" =>"DBSecurityGroup",
54
- "EC2SecurityGroups" =>"EC2SecurityGroup",
55
- "IPRanges" =>"IPRange"},
56
- :force_array =>["DBInstances",
57
- "DBParameterGroups",
58
- "DBSecurityGroups",
59
- "EC2SecurityGroups",
60
- "IPRanges"],
57
+ :group_tags =>{"LoadBalancersDescriptions"=>"LoadBalancersDescription",
58
+ "DBParameterGroups" =>"DBParameterGroup",
59
+ "DBSecurityGroups" =>"DBSecurityGroup",
60
+ "EC2SecurityGroups" =>"EC2SecurityGroup",
61
+ "IPRanges" =>"IPRange"},
62
+ :force_array =>["DBInstances",
63
+ "DBParameterGroups",
64
+ "DBSecurityGroups",
65
+ "EC2SecurityGroups",
66
+ "IPRanges"],
61
67
  :pull_out_array =>options[:pull_out_array],
62
68
  :pull_out_single=>options[:pull_out_single],
63
- :wrapper =>options[:wrapper])
69
+ :wrapper =>options[:wrapper])
64
70
  end
65
71
 
66
72
 
@@ -96,10 +102,10 @@ module Aws
96
102
  # :path => specify a path you want it stored in
97
103
  # :certificate_chain => contents of certificate chain
98
104
  def upload_server_certificate(name, public_key, private_key, options={})
99
- params = {}
105
+ params = {}
100
106
  params['ServerCertificateName'] = name
101
- params['PrivateKey'] = private_key
102
- params['CertificateBody'] = public_key
107
+ params['PrivateKey'] = private_key
108
+ params['CertificateBody'] = public_key
103
109
 
104
110
  params['CertificateChain'] = options[:certificate_chain] if options[:certificate_chain]
105
111
  params['Path'] = options[:path] if options[:path]
@@ -36,7 +36,7 @@ require 'right_http_connection'
36
36
 
37
37
  $:.unshift(File.dirname(__FILE__))
38
38
  require 'awsbase/benchmark_fix'
39
- require 'awsbase/support'
39
+ #require 'awsbase/support'
40
40
  require 'awsbase/awsbase'
41
41
  require 'ec2/ec2'
42
42
  require 'ec2/mon_interface'
@@ -85,8 +85,8 @@ module Aws
85
85
  # bucket.enable_logging(:targetbucket=>"mylogbucket", :targetprefix=>"loggylogs/")
86
86
  # => true
87
87
  def enable_logging(params)
88
- AwsUtils.mandatory_arguments([:targetbucket, :targetprefix], params)
89
- AwsUtils.allow_only([:targetbucket, :targetprefix], params)
88
+ Utils.mandatory_arguments([:targetbucket, :targetprefix], params)
89
+ Utils.allow_only([:targetbucket, :targetprefix], params)
90
90
  xmldoc = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><BucketLoggingStatus xmlns=\"http://doc.s3.amazonaws.com/2006-03-01\"><LoggingEnabled><TargetBucket>#{params[:targetbucket]}</TargetBucket><TargetPrefix>#{params[:targetprefix]}</TargetPrefix></LoggingEnabled></BucketLoggingStatus>"
91
91
  @s3.interface.put_logging(:bucket => @name, :xmldoc => xmldoc)
92
92
  end
@@ -120,7 +120,6 @@ module Aws
120
120
  opt = {}; options.each { |key, value| opt[key.to_s] = value }
121
121
  service_data = {}
122
122
  service_list = {}
123
- thislist = {}
124
123
  list = []
125
124
  @s3.interface.incrementally_list_bucket(@name, opt) do |thislist|
126
125
  service_list = thislist
@@ -148,7 +147,7 @@ module Aws
148
147
  # key.head
149
148
  #
150
149
  def key(key_name, head=false)
151
- raise 'Key name can not be empty.' if key_name.blank?
150
+ raise 'Key name can not be empty.' if Aws::Utils.blank?(key_name)
152
151
  key_instance = nil
153
152
  # if this key exists - find it ....
154
153
  keys({'prefix'=>key_name}, head).each do |key|
@@ -182,9 +181,9 @@ module Aws
182
181
  # key = bucket.get('logs/today/1.log') #=>
183
182
  # puts key.data #=> 'sasfasfasdf'
184
183
  #
185
- def get(key, headers={})
186
- key = S3::Key.create(self, key.to_s) unless key.is_a?(S3::Key)
187
- key.get(headers)
184
+ def get(key,headers={})
185
+ key = S3::Key.create(self, key.to_s, headers) unless key.is_a?(S3::Key)
186
+ return key
188
187
  end
189
188
 
190
189
  # Rename object. Returns Aws::S3::Key instance.
@@ -259,7 +258,7 @@ module Aws
259
258
  # Return a list of grantees.
260
259
  #
261
260
  def grantees
262
- Grantee::grantees(self)
261
+ S3::Grantee::grantees(self)
263
262
  end
264
263
 
265
264
  end
@@ -1,238 +1,238 @@
1
- module Aws
2
-
3
- # There are 2 ways to set permissions for a bucket or key (called a +thing+ below):
4
- #
5
- # 1 . Use +perms+ param to set 'Canned Access Policies' when calling the <tt>bucket.create</tt>,
6
- # <tt>bucket.put</tt> and <tt>key.put</tt> methods.
7
- # The +perms+ param can take these values: 'private', 'public-read', 'public-read-write' and
8
- # 'authenticated-read'.
9
- # (see http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAccessPolicy.html).
10
- #
11
- # bucket = s3.bucket('bucket_for_kd_test_13', true, 'public-read')
12
- # key.put('Woohoo!','public-read-write' )
13
- #
14
- # 2 . Use Grantee instances (the permission is a +String+ or an +Array+ of: 'READ', 'WRITE',
15
- # 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'):
16
- #
17
- # bucket = s3.bucket('my_awesome_bucket', true)
18
- # grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL, :apply)
19
- # grantee2 = Aws::S3::Grantee.new(bucket, 'xy3v3...5fhp', [READ, WRITE], :apply)
20
- #
21
- # There is only one way to get and to remove permission (via Grantee instances):
22
- #
23
- # grantees = bucket.grantees # a list of Grantees that have any access for this bucket
24
- # grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c')
25
- # grantee1.perms #=> returns a list of perms for this grantee to that bucket
26
- # ...
27
- # grantee1.drop # remove all perms for this grantee
28
- # grantee2.revoke('WRITE') # revoke write access only
29
- #
30
- class S3::Grantee
31
- # A bucket or a key the grantee has an access to.
32
- attr_reader :thing
33
- # Grantee Amazon id.
34
- attr_reader :id
35
- # Grantee display name.
36
- attr_reader :name
37
- # Array of permissions.
38
- attr_accessor :perms
39
-
40
- # Retrieve Owner information and a list of Grantee instances that have
41
- # a access to this thing (bucket or key).
42
- #
43
- # bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
44
- # ...
45
- # Aws::S3::Grantee.owner_and_grantees(bucket) #=> [owner, grantees]
46
- #
47
- def self.owner_and_grantees(thing)
48
- if thing.is_a?(Bucket)
49
- bucket, key = thing, ''
50
- else
51
- bucket, key = thing.bucket, thing
52
- end
53
- hash = bucket.s3.interface.get_acl_parse(bucket.to_s, key.to_s)
54
- owner = Owner.new(hash[:owner][:id], hash[:owner][:display_name])
55
-
56
- grantees = []
57
- hash[:grantees].each do |id, params|
58
- grantees << new(thing, id, params[:permissions], nil, params[:display_name])
59
- end
60
- [owner, grantees]
61
- end
62
-
63
- # Retrieves a list of Grantees instances that have an access to this thing(bucket or key).
64
- #
65
- # bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
66
- # ...
67
- # Aws::S3::Grantee.grantees(bucket) #=> grantees
68
- #
69
- def self.grantees(thing)
70
- owner_and_grantees(thing)[1]
71
- end
72
-
73
- def self.put_acl(thing, owner, grantees) #:nodoc:
74
- if thing.is_a?(Bucket)
75
- bucket, key = thing, ''
76
- else
77
- bucket, key = thing.bucket, thing
78
- end
79
- body = "<AccessControlPolicy>" +
80
- "<Owner>" +
81
- "<ID>#{owner.id}</ID>" +
82
- "<DisplayName>#{owner.name}</DisplayName>" +
83
- "</Owner>" +
84
- "<AccessControlList>" +
85
- grantees.map { |grantee| grantee.to_xml }.join +
86
- "</AccessControlList>" +
87
- "</AccessControlPolicy>"
88
- bucket.s3.interface.put_acl(bucket.to_s, key.to_s, body)
89
- end
90
-
91
- # Create a new Grantee instance.
92
- # Grantee +id+ must exist on S3. If +action+ == :refresh, then retrieve
93
- # permissions from S3 and update @perms. If +action+ == :apply, then apply
94
- # perms to +thing+ at S3. If +action+ == :apply_and_refresh then it performs.
95
- # both the actions. This is used for the new grantees that had no perms to
96
- # this thing before. The default action is :refresh.
97
- #
98
- # bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
99
- # grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL)
100
- # ...
101
- # grantee2 = Aws::S3::Grantee.new(bucket, 'abcde...asdf', [FULL_CONTROL, READ], :apply)
102
- # grantee3 = Aws::S3::Grantee.new(bucket, 'aaaaa...aaaa', 'READ', :apply_and_refresh)
103
- #
104
- def initialize(thing, id, perms=[], action=:refresh, name=nil)
105
- @thing = thing
106
- @id = id
107
- @name = name
108
- @perms = perms.to_a
109
- case action
110
- when :apply then
111
- apply
112
- when :refresh then
113
- refresh
114
- when :apply_and_refresh then
115
- apply; refresh
116
- end
117
- end
118
-
119
- # Return +true+ if the grantee has any permissions to the thing.
120
- def exists?
121
- self.class.grantees(@thing).each do |grantee|
122
- return true if @id == grantee.id
123
- end
124
- false
125
- end
126
-
127
- # Return Grantee type (+String+): "Group" or "CanonicalUser".
128
- def type
129
- @id[/^http:/] ? "Group" : "CanonicalUser"
130
- end
131
-
132
- # Return a name or an id.
133
- def to_s
134
- @name || @id
135
- end
136
-
137
- # Add permissions for grantee.
138
- # Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'.
139
- # See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
140
- # Returns +true+.
141
- #
142
- # grantee.grant('FULL_CONTROL') #=> true
143
- # grantee.grant('FULL_CONTROL','WRITE','READ') #=> true
144
- # grantee.grant(['WRITE_ACP','READ','READ_ACP']) #=> true
145
- #
146
- def grant(*permissions)
147
- permissions.flatten!
148
- old_perms = @perms.dup
149
- @perms += permissions
150
- @perms.uniq!
151
- return true if @perms == old_perms
152
- apply
153
- end
154
-
155
- # Revoke permissions for grantee.
156
- # Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'
157
- # See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
158
- # Default value is 'FULL_CONTROL'.
159
- # Returns +true+.
160
- #
161
- # grantee.revoke('READ') #=> true
162
- # grantee.revoke('FULL_CONTROL','WRITE') #=> true
163
- # grantee.revoke(['READ_ACP','WRITE_ACP']) #=> true
164
- #
165
- def revoke(*permissions)
166
- permissions.flatten!
167
- old_perms = @perms.dup
168
- @perms -= permissions
169
- @perms.uniq!
170
- return true if @perms == old_perms
171
- apply
172
- end
173
-
174
- # Revoke all permissions for this grantee.
175
- # Returns +true+.
176
- #
177
- # grantee.drop #=> true
178
- #
179
- def drop
180
- @perms = []
181
- apply
182
- end
183
-
184
- # Refresh grantee perms for its +thing+.
185
- # Returns +true+ if the grantee has perms for this +thing+ or
186
- # +false+ otherwise, and updates @perms value as a side-effect.
187
- #
188
- # grantee.grant('FULL_CONTROL') #=> true
189
- # grantee.refresh #=> true
190
- # grantee.drop #=> true
191
- # grantee.refresh #=> false
192
- #
193
- def refresh
194
- @perms = []
195
- self.class.grantees(@thing).each do |grantee|
196
- if @id == grantee.id
197
- @name = grantee.name
198
- @perms = grantee.perms
199
- return true
200
- end
201
- end
202
- false
203
- end
204
-
205
- # Apply current grantee @perms to +thing+. This method is called internally by the +grant+
206
- # and +revoke+ methods. In normal use this method should not
207
- # be called directly.
208
- #
209
- # grantee.perms = ['FULL_CONTROL']
210
- # grantee.apply #=> true
211
- #
212
- def apply
213
- @perms.uniq!
214
- owner, grantees = self.class.owner_and_grantees(@thing)
215
- # walk through all the grantees and replace the data for the current one and ...
216
- grantees.map! { |grantee| grantee.id == @id ? self : grantee }
217
- # ... if this grantee is not known - add this bad boy to a list
218
- grantees << self unless grantees.include?(self)
219
- # set permissions
220
- self.class.put_acl(@thing, owner, grantees)
221
- end
222
-
223
- def to_xml # :nodoc:
224
- id_str = @id[/^http/] ? "<URI>#{@id}</URI>" : "<ID>#{@id}</ID>"
225
- grants = ''
226
- @perms.each do |perm|
227
- grants << "<Grant>" +
228
- "<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " +
229
- "xsi:type=\"#{type}\">#{id_str}</Grantee>" +
230
- "<Permission>#{perm}</Permission>" +
231
- "</Grant>"
232
- end
233
- grants
234
- end
235
-
236
- end
237
-
238
- end
1
+ module Aws
2
+
3
+ # There are 2 ways to set permissions for a bucket or key (called a +thing+ below):
4
+ #
5
+ # 1 . Use +perms+ param to set 'Canned Access Policies' when calling the <tt>bucket.create</tt>,
6
+ # <tt>bucket.put</tt> and <tt>key.put</tt> methods.
7
+ # The +perms+ param can take these values: 'private', 'public-read', 'public-read-write' and
8
+ # 'authenticated-read'.
9
+ # (see http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAccessPolicy.html).
10
+ #
11
+ # bucket = s3.bucket('bucket_for_kd_test_13', true, 'public-read')
12
+ # key.put('Woohoo!','public-read-write' )
13
+ #
14
+ # 2 . Use Grantee instances (the permission is a +String+ or an +Array+ of: 'READ', 'WRITE',
15
+ # 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'):
16
+ #
17
+ # bucket = s3.bucket('my_awesome_bucket', true)
18
+ # grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL, :apply)
19
+ # grantee2 = Aws::S3::Grantee.new(bucket, 'xy3v3...5fhp', [READ, WRITE], :apply)
20
+ #
21
+ # There is only one way to get and to remove permission (via Grantee instances):
22
+ #
23
+ # grantees = bucket.grantees # a list of Grantees that have any access for this bucket
24
+ # grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c')
25
+ # grantee1.perms #=> returns a list of perms for this grantee to that bucket
26
+ # ...
27
+ # grantee1.drop # remove all perms for this grantee
28
+ # grantee2.revoke('WRITE') # revoke write access only
29
+ #
30
+ class S3::Grantee
31
+ # A bucket or a key the grantee has an access to.
32
+ attr_reader :thing
33
+ # Grantee Amazon id.
34
+ attr_reader :id
35
+ # Grantee display name.
36
+ attr_reader :name
37
+ # Array of permissions.
38
+ attr_accessor :perms
39
+
40
+ # Retrieve Owner information and a list of Grantee instances that have
41
+ # a access to this thing (bucket or key).
42
+ #
43
+ # bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
44
+ # ...
45
+ # Aws::S3::Grantee.owner_and_grantees(bucket) #=> [owner, grantees]
46
+ #
47
+ def self.owner_and_grantees(thing)
48
+ if thing.is_a?(S3::Bucket)
49
+ bucket, key = thing, ''
50
+ else
51
+ bucket, key = thing.bucket, thing
52
+ end
53
+ hash = bucket.s3.interface.get_acl_parse(bucket.to_s, key.to_s)
54
+ owner = S3::Owner.new(hash[:owner][:id], hash[:owner][:display_name])
55
+
56
+ grantees = []
57
+ hash[:grantees].each do |id, params|
58
+ grantees << new(thing, id, params[:permissions], nil, params[:display_name])
59
+ end
60
+ [owner, grantees]
61
+ end
62
+
63
+ # Retrieves a list of Grantees instances that have an access to this thing(bucket or key).
64
+ #
65
+ # bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
66
+ # ...
67
+ # Aws::S3::Grantee.grantees(bucket) #=> grantees
68
+ #
69
+ def self.grantees(thing)
70
+ owner_and_grantees(thing)[1]
71
+ end
72
+
73
+ def self.put_acl(thing, owner, grantees) #:nodoc:
74
+ if thing.is_a?(S3::Bucket)
75
+ bucket, key = thing, ''
76
+ else
77
+ bucket, key = thing.bucket, thing
78
+ end
79
+ body = "<AccessControlPolicy>" +
80
+ "<Owner>" +
81
+ "<ID>#{owner.id}</ID>" +
82
+ "<DisplayName>#{owner.name}</DisplayName>" +
83
+ "</Owner>" +
84
+ "<AccessControlList>" +
85
+ grantees.map { |grantee| grantee.to_xml }.join +
86
+ "</AccessControlList>" +
87
+ "</AccessControlPolicy>"
88
+ bucket.s3.interface.put_acl(bucket.to_s, key.to_s, body)
89
+ end
90
+
91
+ # Create a new Grantee instance.
92
+ # Grantee +id+ must exist on S3. If +action+ == :refresh, then retrieve
93
+ # permissions from S3 and update @perms. If +action+ == :apply, then apply
94
+ # perms to +thing+ at S3. If +action+ == :apply_and_refresh then it performs.
95
+ # both the actions. This is used for the new grantees that had no perms to
96
+ # this thing before. The default action is :refresh.
97
+ #
98
+ # bucket = s3.bucket('my_awesome_bucket', true, 'public-read')
99
+ # grantee1 = Aws::S3::Grantee.new(bucket, 'a123b...223c', FULL_CONTROL)
100
+ # ...
101
+ # grantee2 = Aws::S3::Grantee.new(bucket, 'abcde...asdf', [FULL_CONTROL, READ], :apply)
102
+ # grantee3 = Aws::S3::Grantee.new(bucket, 'aaaaa...aaaa', 'READ', :apply_and_refresh)
103
+ #
104
+ def initialize(thing, id, perms=[], action=:refresh, name=nil)
105
+ @thing = thing
106
+ @id = id
107
+ @name = name
108
+ @perms = perms.to_a
109
+ case action
110
+ when :apply then
111
+ apply
112
+ when :refresh then
113
+ refresh
114
+ when :apply_and_refresh then
115
+ apply; refresh
116
+ end
117
+ end
118
+
119
+ # Return +true+ if the grantee has any permissions to the thing.
120
+ def exists?
121
+ self.class.grantees(@thing).each do |grantee|
122
+ return true if @id == grantee.id
123
+ end
124
+ false
125
+ end
126
+
127
+ # Return Grantee type (+String+): "Group" or "CanonicalUser".
128
+ def type
129
+ @id[/^http:/] ? "Group" : "CanonicalUser"
130
+ end
131
+
132
+ # Return a name or an id.
133
+ def to_s
134
+ @name || @id
135
+ end
136
+
137
+ # Add permissions for grantee.
138
+ # Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'.
139
+ # See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
140
+ # Returns +true+.
141
+ #
142
+ # grantee.grant('FULL_CONTROL') #=> true
143
+ # grantee.grant('FULL_CONTROL','WRITE','READ') #=> true
144
+ # grantee.grant(['WRITE_ACP','READ','READ_ACP']) #=> true
145
+ #
146
+ def grant(*permissions)
147
+ permissions.flatten!
148
+ old_perms = @perms.dup
149
+ @perms += permissions
150
+ @perms.uniq!
151
+ return true if @perms == old_perms
152
+ apply
153
+ end
154
+
155
+ # Revoke permissions for grantee.
156
+ # Permissions: 'READ', 'WRITE', 'READ_ACP', 'WRITE_ACP', 'FULL_CONTROL'
157
+ # See http://docs.amazonwebservices.com/AmazonS3/2006-03-01/UsingPermissions.html .
158
+ # Default value is 'FULL_CONTROL'.
159
+ # Returns +true+.
160
+ #
161
+ # grantee.revoke('READ') #=> true
162
+ # grantee.revoke('FULL_CONTROL','WRITE') #=> true
163
+ # grantee.revoke(['READ_ACP','WRITE_ACP']) #=> true
164
+ #
165
+ def revoke(*permissions)
166
+ permissions.flatten!
167
+ old_perms = @perms.dup
168
+ @perms -= permissions
169
+ @perms.uniq!
170
+ return true if @perms == old_perms
171
+ apply
172
+ end
173
+
174
+ # Revoke all permissions for this grantee.
175
+ # Returns +true+.
176
+ #
177
+ # grantee.drop #=> true
178
+ #
179
+ def drop
180
+ @perms = []
181
+ apply
182
+ end
183
+
184
+ # Refresh grantee perms for its +thing+.
185
+ # Returns +true+ if the grantee has perms for this +thing+ or
186
+ # +false+ otherwise, and updates @perms value as a side-effect.
187
+ #
188
+ # grantee.grant('FULL_CONTROL') #=> true
189
+ # grantee.refresh #=> true
190
+ # grantee.drop #=> true
191
+ # grantee.refresh #=> false
192
+ #
193
+ def refresh
194
+ @perms = []
195
+ self.class.grantees(@thing).each do |grantee|
196
+ if @id == grantee.id
197
+ @name = grantee.name
198
+ @perms = grantee.perms
199
+ return true
200
+ end
201
+ end
202
+ false
203
+ end
204
+
205
+ # Apply current grantee @perms to +thing+. This method is called internally by the +grant+
206
+ # and +revoke+ methods. In normal use this method should not
207
+ # be called directly.
208
+ #
209
+ # grantee.perms = ['FULL_CONTROL']
210
+ # grantee.apply #=> true
211
+ #
212
+ def apply
213
+ @perms.uniq!
214
+ owner, grantees = self.class.owner_and_grantees(@thing)
215
+ # walk through all the grantees and replace the data for the current one and ...
216
+ grantees.map! { |grantee| grantee.id == @id ? self : grantee }
217
+ # ... if this grantee is not known - add this bad boy to a list
218
+ grantees << self unless grantees.include?(self)
219
+ # set permissions
220
+ self.class.put_acl(@thing, owner, grantees)
221
+ end
222
+
223
+ def to_xml # :nodoc:
224
+ id_str = @id[/^http/] ? "<URI>#{@id}</URI>" : "<ID>#{@id}</ID>"
225
+ grants = ''
226
+ @perms.each do |perm|
227
+ grants << "<Grant>" +
228
+ "<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " +
229
+ "xsi:type=\"#{type}\">#{id_str}</Grantee>" +
230
+ "<Permission>#{perm}</Permission>" +
231
+ "</Grant>"
232
+ end
233
+ grants
234
+ end
235
+
236
+ end
237
+
238
+ end