Browse code
Merge pull request #122 from kuenishi/ku-bucket_policy
Add bucket policy PUT/DELETE/GET
Michal Ludvig authored on 2013/03/01 17:51:12Showing 2 changed files
| ... | ... |
@@ -521,15 +521,27 @@ class S3(object): |
| 521 | 521 |
response = self.send_request(request, body) |
| 522 | 522 |
return response |
| 523 | 523 |
|
| 524 |
- def set_policy(self, uri, policy): |
|
| 525 |
- if uri.has_object(): |
|
| 526 |
- request = self.create_request("OBJECT_PUT", uri = uri, extra = "?policy")
|
|
| 527 |
- else: |
|
| 528 |
- request = self.create_request("BUCKET_CREATE", bucket = uri.bucket(), extra = "?policy")
|
|
| 524 |
+ def get_policy(self, uri): |
|
| 525 |
+ request = self.create_request("BUCKET_LIST", bucket = uri.bucket(), extra = "?policy")
|
|
| 526 |
+ response = self.send_request(request) |
|
| 527 |
+ return response['data'] |
|
| 529 | 528 |
|
| 530 |
- body = str(policy) |
|
| 529 |
+ def set_policy(self, uri, policy): |
|
| 530 |
+ headers = {}
|
|
| 531 |
+ # TODO check policy is proper json string |
|
| 532 |
+ headers['content-type'] = 'application/json' |
|
| 533 |
+ request = self.create_request("BUCKET_CREATE", uri = uri,
|
|
| 534 |
+ extra = "?policy", headers=headers) |
|
| 535 |
+ body = policy |
|
| 531 | 536 |
debug(u"set_policy(%s): policy-json: %s" % (uri, body)) |
| 532 |
- response = self.send_request(request, body) |
|
| 537 |
+ request.sign() |
|
| 538 |
+ response = self.send_request(request, body=body) |
|
| 539 |
+ return response |
|
| 540 |
+ |
|
| 541 |
+ def delete_policy(self, uri): |
|
| 542 |
+ request = self.create_request("BUCKET_DELETE", uri = uri, extra = "?policy")
|
|
| 543 |
+ debug(u"delete_policy(%s)" % uri) |
|
| 544 |
+ response = self.send_request(request) |
|
| 533 | 545 |
return response |
| 534 | 546 |
|
| 535 | 547 |
def get_accesslog(self, uri): |
| ... | ... |
@@ -602,10 +602,18 @@ def cmd_info(args): |
| 602 | 602 |
output(u" Location: %s" % info['bucket-location']) |
| 603 | 603 |
acl = s3.get_acl(uri) |
| 604 | 604 |
acl_grant_list = acl.getGrantList() |
| 605 |
+ |
|
| 606 |
+ try: |
|
| 607 |
+ policy = s3.get_policy(uri) |
|
| 608 |
+ output(u" policy: %s" % policy) |
|
| 609 |
+ except: |
|
| 610 |
+ output(u" policy: none") |
|
| 611 |
+ |
|
| 605 | 612 |
for grant in acl_grant_list: |
| 606 | 613 |
output(u" ACL: %s: %s" % (grant['grantee'], grant['permission'])) |
| 607 | 614 |
if acl.isAnonRead(): |
| 608 | 615 |
output(u" URL: %s" % uri.public_url()) |
| 616 |
+ |
|
| 609 | 617 |
except S3Error, e: |
| 610 | 618 |
if S3.codes.has_key(e.info["Code"]): |
| 611 | 619 |
error(S3.codes[e.info["Code"]] % uri.bucket()) |
| ... | ... |
@@ -1211,15 +1219,30 @@ def cmd_setacl(args): |
| 1211 | 1211 |
|
| 1212 | 1212 |
def cmd_setpolicy(args): |
| 1213 | 1213 |
s3 = S3(cfg) |
| 1214 |
- uri = args.pop(0) |
|
| 1215 |
- bucket_uri = S3Uri(uri) |
|
| 1216 |
- if bucket_uri.object(): |
|
| 1217 |
- raise ParameterError("Only bucket name is required for [setpolicy] command")
|
|
| 1218 |
- policy = args.pop() |
|
| 1219 |
- info("Setting access policy for bucket %s to:\n\n%s" % (bucket_uri.uri(), policy))
|
|
| 1220 |
- response = s3.set_policy(bucket_uri, policy) |
|
| 1214 |
+ uri = S3Uri(args[1]) |
|
| 1215 |
+ policy_file = args[0] |
|
| 1216 |
+ policy = open(policy_file, 'r').read() |
|
| 1217 |
+ |
|
| 1218 |
+ if cfg.dry_run: return |
|
| 1219 |
+ |
|
| 1220 |
+ response = s3.set_policy(uri, policy) |
|
| 1221 |
+ |
|
| 1222 |
+ #if retsponse['status'] == 200: |
|
| 1223 |
+ debug(u"response - %s" % response['status']) |
|
| 1221 | 1224 |
if response['status'] == 204: |
| 1222 |
- output(u"%s: Policy updated" % uri) |
|
| 1225 |
+ output(u"%s: Policy updated" % uri) |
|
| 1226 |
+ |
|
| 1227 |
+def cmd_delpolicy(args): |
|
| 1228 |
+ s3 = S3(cfg) |
|
| 1229 |
+ uri = S3Uri(args[0]) |
|
| 1230 |
+ if cfg.dry_run: return |
|
| 1231 |
+ |
|
| 1232 |
+ response = s3.delete_policy(uri) |
|
| 1233 |
+ |
|
| 1234 |
+ #if retsponse['status'] == 200: |
|
| 1235 |
+ debug(u"response - %s" % response['status']) |
|
| 1236 |
+ output(u"%s: Policy deleted" % uri) |
|
| 1237 |
+ |
|
| 1223 | 1238 |
|
| 1224 | 1239 |
def cmd_accesslog(args): |
| 1225 | 1240 |
s3 = S3(cfg) |
| ... | ... |
@@ -1571,7 +1594,10 @@ def get_commands_list(): |
| 1571 | 1571 |
{"cmd":"cp", "label":"Copy object", "param":"s3://BUCKET1/OBJECT1 s3://BUCKET2[/OBJECT2]", "func":cmd_cp, "argc":2},
|
| 1572 | 1572 |
{"cmd":"mv", "label":"Move object", "param":"s3://BUCKET1/OBJECT1 s3://BUCKET2[/OBJECT2]", "func":cmd_mv, "argc":2},
|
| 1573 | 1573 |
{"cmd":"setacl", "label":"Modify Access control list for Bucket or Files", "param":"s3://BUCKET[/OBJECT]", "func":cmd_setacl, "argc":1},
|
| 1574 |
- {"cmd":"setpolicy", "label":"Set an access policy for a bucket", "param":"s3://BUCKET POLICY_STRING", "func":cmd_setpolicy, "argc":2},
|
|
| 1574 |
+ |
|
| 1575 |
+ {"cmd":"setpolicy", "label":"Modify Bucket Policy", "param":"FILE s3://BUCKET", "func":cmd_setpolicy, "argc":2},
|
|
| 1576 |
+ {"cmd":"delpolicy", "label":"Delete Bucket Policy", "param":"s3://BUCKET", "func":cmd_delpolicy, "argc":1},
|
|
| 1577 |
+ |
|
| 1575 | 1578 |
{"cmd":"accesslog", "label":"Enable/disable bucket access logging", "param":"s3://BUCKET", "func":cmd_accesslog, "argc":1},
|
| 1576 | 1579 |
{"cmd":"sign", "label":"Sign arbitrary string using the secret key", "param":"STRING-TO-SIGN", "func":cmd_sign, "argc":1},
|
| 1577 | 1580 |
{"cmd":"signurl", "label":"Sign an S3 URL to provide limited public access with expiry", "param":"s3://BUCKET/OBJECT expiry_epoch", "func":cmd_signurl, "argc":2},
|