google-cloud-storage 0.20.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/google-cloud-storage.rb +124 -0
- data/lib/google/cloud/storage.rb +412 -0
- data/lib/google/cloud/storage/bucket.rb +783 -0
- data/lib/google/cloud/storage/bucket/acl.rb +815 -0
- data/lib/google/cloud/storage/bucket/cors.rb +157 -0
- data/lib/google/cloud/storage/bucket/list.rb +174 -0
- data/lib/google/cloud/storage/credentials.rb +31 -0
- data/lib/google/cloud/storage/errors.rb +67 -0
- data/lib/google/cloud/storage/file.rb +849 -0
- data/lib/google/cloud/storage/file/acl.rb +429 -0
- data/lib/google/cloud/storage/file/list.rb +193 -0
- data/lib/google/cloud/storage/file/verifier.rb +69 -0
- data/lib/google/cloud/storage/project.rb +321 -0
- data/lib/google/cloud/storage/service.rb +310 -0
- data/lib/google/cloud/storage/version.rb +22 -0
- metadata +215 -0
@@ -0,0 +1,815 @@
|
|
1
|
+
# Copyright 2015 Google Inc. All rights reserved.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
|
16
|
+
module Google
|
17
|
+
module Cloud
|
18
|
+
module Storage
|
19
|
+
class Bucket
|
20
|
+
##
|
21
|
+
# # Bucket Access Control List
|
22
|
+
#
|
23
|
+
# Represents a Bucket's Access Control List.
|
24
|
+
#
|
25
|
+
# @example
|
26
|
+
# require "google/cloud"
|
27
|
+
#
|
28
|
+
# gcloud = Google::Cloud.new
|
29
|
+
# storage = gcloud.storage
|
30
|
+
#
|
31
|
+
# bucket = storage.bucket "my-bucket"
|
32
|
+
#
|
33
|
+
# bucket.acl.readers.each { |reader| puts reader }
|
34
|
+
#
|
35
|
+
class Acl
|
36
|
+
# @private
|
37
|
+
RULES = { "authenticatedRead" => "authenticatedRead",
|
38
|
+
"auth" => "authenticatedRead",
|
39
|
+
"auth_read" => "authenticatedRead",
|
40
|
+
"authenticated" => "authenticatedRead",
|
41
|
+
"authenticated_read" => "authenticatedRead",
|
42
|
+
"private" => "private",
|
43
|
+
"projectPrivate" => "projectPrivate",
|
44
|
+
"proj_private" => "projectPrivate",
|
45
|
+
"project_private" => "projectPrivate",
|
46
|
+
"publicRead" => "publicRead",
|
47
|
+
"public" => "publicRead",
|
48
|
+
"public_read" => "publicRead",
|
49
|
+
"publicReadWrite" => "publicReadWrite",
|
50
|
+
"public_write" => "publicReadWrite" }
|
51
|
+
|
52
|
+
##
|
53
|
+
# @private Initialized a new Acl object.
|
54
|
+
# Must provide a valid Bucket object.
|
55
|
+
def initialize bucket
|
56
|
+
@bucket = bucket.name
|
57
|
+
@service = bucket.service
|
58
|
+
@owners = nil
|
59
|
+
@writers = nil
|
60
|
+
@readers = nil
|
61
|
+
end
|
62
|
+
|
63
|
+
##
|
64
|
+
# Reloads all Access Control List data for the bucket.
|
65
|
+
#
|
66
|
+
# @example
|
67
|
+
# require "google/cloud"
|
68
|
+
#
|
69
|
+
# gcloud = Google::Cloud.new
|
70
|
+
# storage = gcloud.storage
|
71
|
+
#
|
72
|
+
# bucket = storage.bucket "my-bucket"
|
73
|
+
#
|
74
|
+
# bucket.acl.reload!
|
75
|
+
#
|
76
|
+
def reload!
|
77
|
+
gapi = @service.list_bucket_acls @bucket
|
78
|
+
acls = Array(gapi.items)
|
79
|
+
@owners = entities_from_acls acls, "OWNER"
|
80
|
+
@writers = entities_from_acls acls, "WRITER"
|
81
|
+
@readers = entities_from_acls acls, "READER"
|
82
|
+
end
|
83
|
+
alias_method :refresh!, :reload!
|
84
|
+
|
85
|
+
##
|
86
|
+
# Lists the owners of the bucket.
|
87
|
+
#
|
88
|
+
# @return [Array<String>]
|
89
|
+
#
|
90
|
+
# @example
|
91
|
+
# require "google/cloud"
|
92
|
+
#
|
93
|
+
# gcloud = Google::Cloud.new
|
94
|
+
# storage = gcloud.storage
|
95
|
+
#
|
96
|
+
# bucket = storage.bucket "my-bucket"
|
97
|
+
#
|
98
|
+
# bucket.acl.owners.each { |owner| puts owner }
|
99
|
+
#
|
100
|
+
def owners
|
101
|
+
reload! if @owners.nil?
|
102
|
+
@owners
|
103
|
+
end
|
104
|
+
|
105
|
+
##
|
106
|
+
# Lists the owners of the bucket.
|
107
|
+
#
|
108
|
+
# @return [Array<String>]
|
109
|
+
#
|
110
|
+
# @example
|
111
|
+
# require "google/cloud"
|
112
|
+
#
|
113
|
+
# gcloud = Google::Cloud.new
|
114
|
+
# storage = gcloud.storage
|
115
|
+
#
|
116
|
+
# bucket = storage.bucket "my-bucket"
|
117
|
+
#
|
118
|
+
# bucket.acl.writers.each { |writer| puts writer }
|
119
|
+
#
|
120
|
+
def writers
|
121
|
+
reload! if @writers.nil?
|
122
|
+
@writers
|
123
|
+
end
|
124
|
+
|
125
|
+
##
|
126
|
+
# Lists the readers of the bucket.
|
127
|
+
#
|
128
|
+
# @return [Array<String>]
|
129
|
+
#
|
130
|
+
# @example
|
131
|
+
# require "google/cloud"
|
132
|
+
#
|
133
|
+
# gcloud = Google::Cloud.new
|
134
|
+
# storage = gcloud.storage
|
135
|
+
#
|
136
|
+
# bucket = storage.bucket "my-bucket"
|
137
|
+
#
|
138
|
+
# bucket.acl.readers.each { |reader| puts reader }
|
139
|
+
#
|
140
|
+
def readers
|
141
|
+
reload! if @readers.nil?
|
142
|
+
@readers
|
143
|
+
end
|
144
|
+
|
145
|
+
##
|
146
|
+
# Grants owner permission to the bucket.
|
147
|
+
#
|
148
|
+
# @param [String] entity The entity holding the permission, in one of
|
149
|
+
# the following forms:
|
150
|
+
#
|
151
|
+
# * user-userId
|
152
|
+
# * user-email
|
153
|
+
# * group-groupId
|
154
|
+
# * group-email
|
155
|
+
# * domain-domain
|
156
|
+
# * project-team-projectId
|
157
|
+
# * allUsers
|
158
|
+
# * allAuthenticatedUsers
|
159
|
+
#
|
160
|
+
# @example Grant access to a user by prepending `"user-"` to an email:
|
161
|
+
# require "google/cloud"
|
162
|
+
#
|
163
|
+
# gcloud = Google::Cloud.new
|
164
|
+
# storage = gcloud.storage
|
165
|
+
#
|
166
|
+
# bucket = storage.bucket "my-bucket"
|
167
|
+
#
|
168
|
+
# email = "heidi@example.net"
|
169
|
+
# bucket.acl.add_owner "user-#{email}"
|
170
|
+
#
|
171
|
+
# @example Grant access to a group by prepending `"group-"` to email:
|
172
|
+
# require "google/cloud"
|
173
|
+
#
|
174
|
+
# gcloud = Google::Cloud.new
|
175
|
+
# storage = gcloud.storage
|
176
|
+
#
|
177
|
+
# bucket = storage.bucket "my-bucket"
|
178
|
+
#
|
179
|
+
# email = "authors@example.net"
|
180
|
+
# bucket.acl.add_owner "group-#{email}"
|
181
|
+
#
|
182
|
+
def add_owner entity
|
183
|
+
gapi = @service.insert_bucket_acl @bucket, entity, "OWNER"
|
184
|
+
entity = gapi.entity
|
185
|
+
@owners.push entity unless @owners.nil?
|
186
|
+
entity
|
187
|
+
end
|
188
|
+
|
189
|
+
##
|
190
|
+
# Grants writer permission to the bucket.
|
191
|
+
#
|
192
|
+
# @param [String] entity The entity holding the permission, in one of
|
193
|
+
# the following forms:
|
194
|
+
#
|
195
|
+
# * user-userId
|
196
|
+
# * user-email
|
197
|
+
# * group-groupId
|
198
|
+
# * group-email
|
199
|
+
# * domain-domain
|
200
|
+
# * project-team-projectId
|
201
|
+
# * allUsers
|
202
|
+
# * allAuthenticatedUsers
|
203
|
+
#
|
204
|
+
# @example Grant access to a user by prepending `"user-"` to an email:
|
205
|
+
# require "google/cloud"
|
206
|
+
#
|
207
|
+
# gcloud = Google::Cloud.new
|
208
|
+
# storage = gcloud.storage
|
209
|
+
#
|
210
|
+
# bucket = storage.bucket "my-bucket"
|
211
|
+
#
|
212
|
+
# email = "heidi@example.net"
|
213
|
+
# bucket.acl.add_writer "user-#{email}"
|
214
|
+
#
|
215
|
+
# @example Grant access to a group by prepending `"group-"` to email:
|
216
|
+
# require "google/cloud"
|
217
|
+
#
|
218
|
+
# gcloud = Google::Cloud.new
|
219
|
+
# storage = gcloud.storage
|
220
|
+
#
|
221
|
+
# bucket = storage.bucket "my-bucket"
|
222
|
+
#
|
223
|
+
# email = "authors@example.net"
|
224
|
+
# bucket.acl.add_writer "group-#{email}"
|
225
|
+
#
|
226
|
+
def add_writer entity
|
227
|
+
gapi = @service.insert_bucket_acl @bucket, entity, "WRITER"
|
228
|
+
entity = gapi.entity
|
229
|
+
@writers.push entity unless @writers.nil?
|
230
|
+
entity
|
231
|
+
end
|
232
|
+
|
233
|
+
##
|
234
|
+
# Grants reader permission to the bucket.
|
235
|
+
#
|
236
|
+
# @param [String] entity The entity holding the permission, in one of
|
237
|
+
# the following forms:
|
238
|
+
#
|
239
|
+
# * user-userId
|
240
|
+
# * user-email
|
241
|
+
# * group-groupId
|
242
|
+
# * group-email
|
243
|
+
# * domain-domain
|
244
|
+
# * project-team-projectId
|
245
|
+
# * allUsers
|
246
|
+
# * allAuthenticatedUsers
|
247
|
+
#
|
248
|
+
# @example Grant access to a user by prepending `"user-"` to an email:
|
249
|
+
# require "google/cloud"
|
250
|
+
#
|
251
|
+
# gcloud = Google::Cloud.new
|
252
|
+
# storage = gcloud.storage
|
253
|
+
#
|
254
|
+
# bucket = storage.bucket "my-bucket"
|
255
|
+
#
|
256
|
+
# email = "heidi@example.net"
|
257
|
+
# bucket.acl.add_reader "user-#{email}"
|
258
|
+
#
|
259
|
+
# @example Grant access to a group by prepending `"group-"` to email:
|
260
|
+
# require "google/cloud"
|
261
|
+
#
|
262
|
+
# gcloud = Google::Cloud.new
|
263
|
+
# storage = gcloud.storage
|
264
|
+
#
|
265
|
+
# bucket = storage.bucket "my-bucket"
|
266
|
+
#
|
267
|
+
# email = "authors@example.net"
|
268
|
+
# bucket.acl.add_reader "group-#{email}"
|
269
|
+
#
|
270
|
+
def add_reader entity
|
271
|
+
gapi = @service.insert_bucket_acl @bucket, entity, "READER"
|
272
|
+
entity = gapi.entity
|
273
|
+
@readers.push entity unless @readers.nil?
|
274
|
+
entity
|
275
|
+
end
|
276
|
+
|
277
|
+
##
|
278
|
+
# Permanently deletes the entity from the bucket's access control
|
279
|
+
# list.
|
280
|
+
#
|
281
|
+
# @param [String] entity The entity holding the permission, in one of
|
282
|
+
# the following forms:
|
283
|
+
#
|
284
|
+
# * user-userId
|
285
|
+
# * user-email
|
286
|
+
# * group-groupId
|
287
|
+
# * group-email
|
288
|
+
# * domain-domain
|
289
|
+
# * project-team-projectId
|
290
|
+
# * allUsers
|
291
|
+
# * allAuthenticatedUsers
|
292
|
+
#
|
293
|
+
# @example
|
294
|
+
# require "google/cloud"
|
295
|
+
#
|
296
|
+
# gcloud = Google::Cloud.new
|
297
|
+
# storage = gcloud.storage
|
298
|
+
#
|
299
|
+
# bucket = storage.bucket "my-bucket"
|
300
|
+
#
|
301
|
+
# email = "heidi@example.net"
|
302
|
+
# bucket.acl.delete "user-#{email}"
|
303
|
+
#
|
304
|
+
def delete entity
|
305
|
+
@service.delete_bucket_acl @bucket, entity
|
306
|
+
@owners.delete entity unless @owners.nil?
|
307
|
+
@writers.delete entity unless @writers.nil?
|
308
|
+
@readers.delete entity unless @readers.nil?
|
309
|
+
true
|
310
|
+
end
|
311
|
+
|
312
|
+
# @private
|
313
|
+
def self.predefined_rule_for rule_name
|
314
|
+
RULES[rule_name.to_s]
|
315
|
+
end
|
316
|
+
|
317
|
+
# Predefined ACL helpers
|
318
|
+
|
319
|
+
##
|
320
|
+
# Convenience method to apply the `authenticatedRead` predefined ACL
|
321
|
+
# rule to the bucket.
|
322
|
+
#
|
323
|
+
# @example
|
324
|
+
# require "google/cloud"
|
325
|
+
#
|
326
|
+
# gcloud = Google::Cloud.new
|
327
|
+
# storage = gcloud.storage
|
328
|
+
#
|
329
|
+
# bucket = storage.bucket "my-bucket"
|
330
|
+
#
|
331
|
+
# bucket.acl.auth!
|
332
|
+
#
|
333
|
+
def auth!
|
334
|
+
update_predefined_acl! "authenticatedRead"
|
335
|
+
end
|
336
|
+
alias_method :authenticatedRead!, :auth!
|
337
|
+
alias_method :auth_read!, :auth!
|
338
|
+
alias_method :authenticated!, :auth!
|
339
|
+
alias_method :authenticated_read!, :auth!
|
340
|
+
|
341
|
+
##
|
342
|
+
# Convenience method to apply the `private` predefined ACL
|
343
|
+
# rule to the bucket.
|
344
|
+
#
|
345
|
+
# @example
|
346
|
+
# require "google/cloud"
|
347
|
+
#
|
348
|
+
# gcloud = Google::Cloud.new
|
349
|
+
# storage = gcloud.storage
|
350
|
+
#
|
351
|
+
# bucket = storage.bucket "my-bucket"
|
352
|
+
#
|
353
|
+
# bucket.acl.private!
|
354
|
+
#
|
355
|
+
def private!
|
356
|
+
update_predefined_acl! "private"
|
357
|
+
end
|
358
|
+
|
359
|
+
##
|
360
|
+
# Convenience method to apply the `projectPrivate` predefined ACL
|
361
|
+
# rule to the bucket.
|
362
|
+
#
|
363
|
+
# @example
|
364
|
+
# require "google/cloud"
|
365
|
+
#
|
366
|
+
# gcloud = Google::Cloud.new
|
367
|
+
# storage = gcloud.storage
|
368
|
+
#
|
369
|
+
# bucket = storage.bucket "my-bucket"
|
370
|
+
#
|
371
|
+
# bucket.acl.project_private!
|
372
|
+
#
|
373
|
+
def project_private!
|
374
|
+
update_predefined_acl! "projectPrivate"
|
375
|
+
end
|
376
|
+
alias_method :projectPrivate!, :project_private!
|
377
|
+
|
378
|
+
##
|
379
|
+
# Convenience method to apply the `publicRead` predefined ACL
|
380
|
+
# rule to the bucket.
|
381
|
+
#
|
382
|
+
# @example
|
383
|
+
# require "google/cloud"
|
384
|
+
#
|
385
|
+
# gcloud = Google::Cloud.new
|
386
|
+
# storage = gcloud.storage
|
387
|
+
#
|
388
|
+
# bucket = storage.bucket "my-bucket"
|
389
|
+
#
|
390
|
+
# bucket.acl.public!
|
391
|
+
#
|
392
|
+
def public!
|
393
|
+
update_predefined_acl! "publicRead"
|
394
|
+
end
|
395
|
+
alias_method :publicRead!, :public!
|
396
|
+
alias_method :public_read!, :public!
|
397
|
+
|
398
|
+
# Convenience method to apply the `publicReadWrite` predefined ACL
|
399
|
+
# rule to the bucket.
|
400
|
+
#
|
401
|
+
# @example
|
402
|
+
# require "google/cloud"
|
403
|
+
#
|
404
|
+
# gcloud = Google::Cloud.new
|
405
|
+
# storage = gcloud.storage
|
406
|
+
#
|
407
|
+
# bucket = storage.bucket "my-bucket"
|
408
|
+
#
|
409
|
+
# bucket.acl.public_write!
|
410
|
+
#
|
411
|
+
def public_write!
|
412
|
+
update_predefined_acl! "publicReadWrite"
|
413
|
+
end
|
414
|
+
alias_method :publicReadWrite!, :public_write!
|
415
|
+
|
416
|
+
protected
|
417
|
+
|
418
|
+
def clear!
|
419
|
+
@owners = nil
|
420
|
+
@writers = nil
|
421
|
+
@readers = nil
|
422
|
+
self
|
423
|
+
end
|
424
|
+
|
425
|
+
def update_predefined_acl! acl_role
|
426
|
+
@service.patch_bucket @bucket, predefined_acl: acl_role
|
427
|
+
clear!
|
428
|
+
end
|
429
|
+
|
430
|
+
def entities_from_acls acls, role
|
431
|
+
selected = acls.select { |acl| acl.role == role }
|
432
|
+
entities = selected.map(&:entity)
|
433
|
+
entities
|
434
|
+
end
|
435
|
+
end
|
436
|
+
|
437
|
+
##
|
438
|
+
# # Bucket Default Access Control List
|
439
|
+
#
|
440
|
+
# Represents a Bucket's Default Access Control List.
|
441
|
+
#
|
442
|
+
# @example
|
443
|
+
# require "google/cloud"
|
444
|
+
#
|
445
|
+
# gcloud = Google::Cloud.new
|
446
|
+
# storage = gcloud.storage
|
447
|
+
#
|
448
|
+
# bucket = storage.bucket "my-bucket"
|
449
|
+
#
|
450
|
+
# bucket.default_acl.readers.each { |reader| puts reader }
|
451
|
+
#
|
452
|
+
class DefaultAcl
|
453
|
+
# @private
|
454
|
+
RULES = { "authenticatedRead" => "authenticatedRead",
|
455
|
+
"auth" => "authenticatedRead",
|
456
|
+
"auth_read" => "authenticatedRead",
|
457
|
+
"authenticated" => "authenticatedRead",
|
458
|
+
"authenticated_read" => "authenticatedRead",
|
459
|
+
"bucketOwnerFullControl" => "bucketOwnerFullControl",
|
460
|
+
"owner_full" => "bucketOwnerFullControl",
|
461
|
+
"bucketOwnerRead" => "bucketOwnerRead",
|
462
|
+
"owner_read" => "bucketOwnerRead",
|
463
|
+
"private" => "private",
|
464
|
+
"projectPrivate" => "projectPrivate",
|
465
|
+
"project_private" => "projectPrivate",
|
466
|
+
"publicRead" => "publicRead",
|
467
|
+
"public" => "publicRead",
|
468
|
+
"public_read" => "publicRead" }
|
469
|
+
|
470
|
+
##
|
471
|
+
# @private Initialized a new DefaultAcl object.
|
472
|
+
# Must provide a valid Bucket object.
|
473
|
+
def initialize bucket
|
474
|
+
@bucket = bucket.name
|
475
|
+
@service = bucket.service
|
476
|
+
@owners = nil
|
477
|
+
@readers = nil
|
478
|
+
end
|
479
|
+
|
480
|
+
##
|
481
|
+
# Reloads all Default Access Control List data for the bucket.
|
482
|
+
#
|
483
|
+
# @example
|
484
|
+
# require "google/cloud"
|
485
|
+
#
|
486
|
+
# gcloud = Google::Cloud.new
|
487
|
+
# storage = gcloud.storage
|
488
|
+
#
|
489
|
+
# bucket = storage.bucket "my-bucket"
|
490
|
+
#
|
491
|
+
# bucket.default_acl.reload!
|
492
|
+
#
|
493
|
+
def reload!
|
494
|
+
gapi = @service.list_default_acls @bucket
|
495
|
+
acls = Array(gapi.items).map do |acl|
|
496
|
+
if acl.is_a? Google::Apis::StorageV1::ObjectAccessControl
|
497
|
+
return acl
|
498
|
+
end
|
499
|
+
fail "Unknown ACL format: #{acl.class}" unless acl.is_a? Hash
|
500
|
+
Google::Apis::StorageV1::ObjectAccessControl.from_json acl.to_json
|
501
|
+
end
|
502
|
+
@owners = entities_from_acls acls, "OWNER"
|
503
|
+
@readers = entities_from_acls acls, "READER"
|
504
|
+
end
|
505
|
+
alias_method :refresh!, :reload!
|
506
|
+
|
507
|
+
##
|
508
|
+
# Lists the default owners for files in the bucket.
|
509
|
+
#
|
510
|
+
# @return [Array<String>]
|
511
|
+
#
|
512
|
+
# @example
|
513
|
+
# require "google/cloud"
|
514
|
+
#
|
515
|
+
# gcloud = Google::Cloud.new
|
516
|
+
# storage = gcloud.storage
|
517
|
+
#
|
518
|
+
# bucket = storage.bucket "my-bucket"
|
519
|
+
#
|
520
|
+
# bucket.default_acl.owners.each { |owner| puts owner }
|
521
|
+
#
|
522
|
+
def owners
|
523
|
+
reload! if @owners.nil?
|
524
|
+
@owners
|
525
|
+
end
|
526
|
+
|
527
|
+
##
|
528
|
+
# Lists the default readers for files in the bucket.
|
529
|
+
#
|
530
|
+
# @return [Array<String>]
|
531
|
+
#
|
532
|
+
# @example
|
533
|
+
# require "google/cloud"
|
534
|
+
#
|
535
|
+
# gcloud = Google::Cloud.new
|
536
|
+
# storage = gcloud.storage
|
537
|
+
#
|
538
|
+
# bucket = storage.bucket "my-bucket"
|
539
|
+
#
|
540
|
+
# bucket.default_acl.readers.each { |reader| puts reader }
|
541
|
+
#
|
542
|
+
def readers
|
543
|
+
reload! if @readers.nil?
|
544
|
+
@readers
|
545
|
+
end
|
546
|
+
|
547
|
+
##
|
548
|
+
# Grants default owner permission to files in the bucket.
|
549
|
+
#
|
550
|
+
# @param [String] entity The entity holding the permission, in one of
|
551
|
+
# the following forms:
|
552
|
+
#
|
553
|
+
# * user-userId
|
554
|
+
# * user-email
|
555
|
+
# * group-groupId
|
556
|
+
# * group-email
|
557
|
+
# * domain-domain
|
558
|
+
# * project-team-projectId
|
559
|
+
# * allUsers
|
560
|
+
# * allAuthenticatedUsers
|
561
|
+
#
|
562
|
+
# @example Grant access to a user by prepending `"user-"` to an email:
|
563
|
+
# require "google/cloud"
|
564
|
+
#
|
565
|
+
# gcloud = Google::Cloud.new
|
566
|
+
# storage = gcloud.storage
|
567
|
+
#
|
568
|
+
# bucket = storage.bucket "my-bucket"
|
569
|
+
#
|
570
|
+
# email = "heidi@example.net"
|
571
|
+
# bucket.default_acl.add_owner "user-#{email}"
|
572
|
+
#
|
573
|
+
# @example Grant access to a group by prepending `"group-"` to email:
|
574
|
+
# require "google/cloud"
|
575
|
+
#
|
576
|
+
# gcloud = Google::Cloud.new
|
577
|
+
# storage = gcloud.storage
|
578
|
+
#
|
579
|
+
# bucket = storage.bucket "my-bucket"
|
580
|
+
#
|
581
|
+
# email = "authors@example.net"
|
582
|
+
# bucket.default_acl.add_owner "group-#{email}"
|
583
|
+
#
|
584
|
+
def add_owner entity
|
585
|
+
gapi = @service.insert_default_acl @bucket, entity, "OWNER"
|
586
|
+
entity = gapi.entity
|
587
|
+
@owners.push entity unless @owners.nil?
|
588
|
+
entity
|
589
|
+
end
|
590
|
+
|
591
|
+
##
|
592
|
+
# Grants default reader permission to files in the bucket.
|
593
|
+
#
|
594
|
+
# @param [String] entity The entity holding the permission, in one of
|
595
|
+
# the following forms:
|
596
|
+
#
|
597
|
+
# * user-userId
|
598
|
+
# * user-email
|
599
|
+
# * group-groupId
|
600
|
+
# * group-email
|
601
|
+
# * domain-domain
|
602
|
+
# * project-team-projectId
|
603
|
+
# * allUsers
|
604
|
+
# * allAuthenticatedUsers
|
605
|
+
#
|
606
|
+
# @example Grant access to a user by prepending `"user-"` to an email:
|
607
|
+
# require "google/cloud"
|
608
|
+
#
|
609
|
+
# gcloud = Google::Cloud.new
|
610
|
+
# storage = gcloud.storage
|
611
|
+
#
|
612
|
+
# bucket = storage.bucket "my-bucket"
|
613
|
+
#
|
614
|
+
# email = "heidi@example.net"
|
615
|
+
# bucket.default_acl.add_reader "user-#{email}"
|
616
|
+
#
|
617
|
+
# @example Grant access to a group by prepending `"group-"` to email:
|
618
|
+
# require "google/cloud"
|
619
|
+
#
|
620
|
+
# gcloud = Google::Cloud.new
|
621
|
+
# storage = gcloud.storage
|
622
|
+
#
|
623
|
+
# bucket = storage.bucket "my-bucket"
|
624
|
+
#
|
625
|
+
# email = "authors@example.net"
|
626
|
+
# bucket.default_acl.add_reader "group-#{email}"
|
627
|
+
#
|
628
|
+
def add_reader entity
|
629
|
+
gapi = @service.insert_default_acl @bucket, entity, "READER"
|
630
|
+
entity = gapi.entity
|
631
|
+
@readers.push entity unless @readers.nil?
|
632
|
+
entity
|
633
|
+
end
|
634
|
+
|
635
|
+
##
|
636
|
+
# Permanently deletes the entity from the bucket's default access
|
637
|
+
# control list for files.
|
638
|
+
#
|
639
|
+
# @param [String] entity The entity holding the permission, in one of
|
640
|
+
# the following forms:
|
641
|
+
#
|
642
|
+
# * user-userId
|
643
|
+
# * user-email
|
644
|
+
# * group-groupId
|
645
|
+
# * group-email
|
646
|
+
# * domain-domain
|
647
|
+
# * project-team-projectId
|
648
|
+
# * allUsers
|
649
|
+
# * allAuthenticatedUsers
|
650
|
+
#
|
651
|
+
# @example
|
652
|
+
# require "google/cloud"
|
653
|
+
#
|
654
|
+
# gcloud = Google::Cloud.new
|
655
|
+
# storage = gcloud.storage
|
656
|
+
#
|
657
|
+
# bucket = storage.bucket "my-bucket"
|
658
|
+
#
|
659
|
+
# email = "heidi@example.net"
|
660
|
+
# bucket.default_acl.delete "user-#{email}"
|
661
|
+
#
|
662
|
+
def delete entity
|
663
|
+
@service.delete_default_acl @bucket, entity
|
664
|
+
@owners.delete entity unless @owners.nil?
|
665
|
+
@readers.delete entity unless @readers.nil?
|
666
|
+
true
|
667
|
+
end
|
668
|
+
|
669
|
+
# @private
|
670
|
+
def self.predefined_rule_for rule_name
|
671
|
+
RULES[rule_name.to_s]
|
672
|
+
end
|
673
|
+
|
674
|
+
# Predefined ACL helpers
|
675
|
+
|
676
|
+
##
|
677
|
+
# Convenience method to apply the default `authenticatedRead`
|
678
|
+
# predefined ACL rule to files in the bucket.
|
679
|
+
#
|
680
|
+
# @example
|
681
|
+
# require "google/cloud"
|
682
|
+
#
|
683
|
+
# gcloud = Google::Cloud.new
|
684
|
+
# storage = gcloud.storage
|
685
|
+
#
|
686
|
+
# bucket = storage.bucket "my-bucket"
|
687
|
+
#
|
688
|
+
# bucket.acl.auth!
|
689
|
+
#
|
690
|
+
def auth!
|
691
|
+
update_predefined_default_acl! "authenticatedRead"
|
692
|
+
end
|
693
|
+
alias_method :authenticatedRead!, :auth!
|
694
|
+
alias_method :auth_read!, :auth!
|
695
|
+
alias_method :authenticated!, :auth!
|
696
|
+
alias_method :authenticated_read!, :auth!
|
697
|
+
|
698
|
+
##
|
699
|
+
# Convenience method to apply the default `bucketOwnerFullControl`
|
700
|
+
# predefined ACL rule to files in the bucket.
|
701
|
+
#
|
702
|
+
# @example
|
703
|
+
# require "google/cloud"
|
704
|
+
#
|
705
|
+
# gcloud = Google::Cloud.new
|
706
|
+
# storage = gcloud.storage
|
707
|
+
#
|
708
|
+
# bucket = storage.bucket "my-bucket"
|
709
|
+
#
|
710
|
+
# bucket.acl.owner_full!
|
711
|
+
#
|
712
|
+
def owner_full!
|
713
|
+
update_predefined_default_acl! "bucketOwnerFullControl"
|
714
|
+
end
|
715
|
+
alias_method :bucketOwnerFullControl!, :owner_full!
|
716
|
+
|
717
|
+
##
|
718
|
+
# Convenience method to apply the default `bucketOwnerRead`
|
719
|
+
# predefined ACL rule to files in the bucket.
|
720
|
+
#
|
721
|
+
# @example
|
722
|
+
# require "google/cloud"
|
723
|
+
#
|
724
|
+
# gcloud = Google::Cloud.new
|
725
|
+
# storage = gcloud.storage
|
726
|
+
#
|
727
|
+
# bucket = storage.bucket "my-bucket"
|
728
|
+
#
|
729
|
+
# bucket.acl.owner_read!
|
730
|
+
#
|
731
|
+
def owner_read!
|
732
|
+
update_predefined_default_acl! "bucketOwnerRead"
|
733
|
+
end
|
734
|
+
alias_method :bucketOwnerRead!, :owner_read!
|
735
|
+
|
736
|
+
##
|
737
|
+
# Convenience method to apply the default `private`
|
738
|
+
# predefined ACL rule to files in the bucket.
|
739
|
+
#
|
740
|
+
# @example
|
741
|
+
# require "google/cloud"
|
742
|
+
#
|
743
|
+
# gcloud = Google::Cloud.new
|
744
|
+
# storage = gcloud.storage
|
745
|
+
#
|
746
|
+
# bucket = storage.bucket "my-bucket"
|
747
|
+
#
|
748
|
+
# bucket.acl.private!
|
749
|
+
#
|
750
|
+
def private!
|
751
|
+
update_predefined_default_acl! "private"
|
752
|
+
end
|
753
|
+
|
754
|
+
##
|
755
|
+
# Convenience method to apply the default `projectPrivate`
|
756
|
+
# predefined ACL rule to files in the bucket.
|
757
|
+
#
|
758
|
+
# @example
|
759
|
+
# require "google/cloud"
|
760
|
+
#
|
761
|
+
# gcloud = Google::Cloud.new
|
762
|
+
# storage = gcloud.storage
|
763
|
+
#
|
764
|
+
# bucket = storage.bucket "my-bucket"
|
765
|
+
#
|
766
|
+
# bucket.acl.project_private!
|
767
|
+
#
|
768
|
+
def project_private!
|
769
|
+
update_predefined_default_acl! "projectPrivate"
|
770
|
+
end
|
771
|
+
alias_method :projectPrivate!, :project_private!
|
772
|
+
|
773
|
+
##
|
774
|
+
# Convenience method to apply the default `publicRead`
|
775
|
+
# predefined ACL rule to files in the bucket.
|
776
|
+
#
|
777
|
+
# @example
|
778
|
+
# require "google/cloud"
|
779
|
+
#
|
780
|
+
# gcloud = Google::Cloud.new
|
781
|
+
# storage = gcloud.storage
|
782
|
+
#
|
783
|
+
# bucket = storage.bucket "my-bucket"
|
784
|
+
#
|
785
|
+
# bucket.acl.public!
|
786
|
+
#
|
787
|
+
def public!
|
788
|
+
update_predefined_default_acl! "publicRead"
|
789
|
+
end
|
790
|
+
alias_method :publicRead!, :public!
|
791
|
+
alias_method :public_read!, :public!
|
792
|
+
|
793
|
+
protected
|
794
|
+
|
795
|
+
def clear!
|
796
|
+
@owners = nil
|
797
|
+
@readers = nil
|
798
|
+
self
|
799
|
+
end
|
800
|
+
|
801
|
+
def update_predefined_default_acl! acl_role
|
802
|
+
@service.patch_bucket @bucket, predefined_default_acl: acl_role
|
803
|
+
clear!
|
804
|
+
end
|
805
|
+
|
806
|
+
def entities_from_acls acls, role
|
807
|
+
selected = acls.select { |acl| acl.role == role }
|
808
|
+
entities = selected.map(&:entity)
|
809
|
+
entities
|
810
|
+
end
|
811
|
+
end
|
812
|
+
end
|
813
|
+
end
|
814
|
+
end
|
815
|
+
end
|