Add bucket policy PUT/DELETE/GET
Michal Ludvig authored on 2013/03/01 17:51:12... | ... |
@@ -521,15 +521,27 @@ class S3(object): |
521 | 521 |
response = self.send_request(request, body) |
522 | 522 |
return response |
523 | 523 |
|
524 |
- def set_policy(self, uri, policy): |
|
525 |
- if uri.has_object(): |
|
526 |
- request = self.create_request("OBJECT_PUT", uri = uri, extra = "?policy") |
|
527 |
- else: |
|
528 |
- request = self.create_request("BUCKET_CREATE", bucket = uri.bucket(), extra = "?policy") |
|
524 |
+ def get_policy(self, uri): |
|
525 |
+ request = self.create_request("BUCKET_LIST", bucket = uri.bucket(), extra = "?policy") |
|
526 |
+ response = self.send_request(request) |
|
527 |
+ return response['data'] |
|
529 | 528 |
|
530 |
- body = str(policy) |
|
529 |
+ def set_policy(self, uri, policy): |
|
530 |
+ headers = {} |
|
531 |
+ # TODO check policy is proper json string |
|
532 |
+ headers['content-type'] = 'application/json' |
|
533 |
+ request = self.create_request("BUCKET_CREATE", uri = uri, |
|
534 |
+ extra = "?policy", headers=headers) |
|
535 |
+ body = policy |
|
531 | 536 |
debug(u"set_policy(%s): policy-json: %s" % (uri, body)) |
532 |
- response = self.send_request(request, body) |
|
537 |
+ request.sign() |
|
538 |
+ response = self.send_request(request, body=body) |
|
539 |
+ return response |
|
540 |
+ |
|
541 |
+ def delete_policy(self, uri): |
|
542 |
+ request = self.create_request("BUCKET_DELETE", uri = uri, extra = "?policy") |
|
543 |
+ debug(u"delete_policy(%s)" % uri) |
|
544 |
+ response = self.send_request(request) |
|
533 | 545 |
return response |
534 | 546 |
|
535 | 547 |
def get_accesslog(self, uri): |
... | ... |
@@ -602,10 +602,18 @@ def cmd_info(args): |
602 | 602 |
output(u" Location: %s" % info['bucket-location']) |
603 | 603 |
acl = s3.get_acl(uri) |
604 | 604 |
acl_grant_list = acl.getGrantList() |
605 |
+ |
|
606 |
+ try: |
|
607 |
+ policy = s3.get_policy(uri) |
|
608 |
+ output(u" policy: %s" % policy) |
|
609 |
+ except: |
|
610 |
+ output(u" policy: none") |
|
611 |
+ |
|
605 | 612 |
for grant in acl_grant_list: |
606 | 613 |
output(u" ACL: %s: %s" % (grant['grantee'], grant['permission'])) |
607 | 614 |
if acl.isAnonRead(): |
608 | 615 |
output(u" URL: %s" % uri.public_url()) |
616 |
+ |
|
609 | 617 |
except S3Error, e: |
610 | 618 |
if S3.codes.has_key(e.info["Code"]): |
611 | 619 |
error(S3.codes[e.info["Code"]] % uri.bucket()) |
... | ... |
@@ -1211,15 +1219,30 @@ def cmd_setacl(args): |
1211 | 1211 |
|
1212 | 1212 |
def cmd_setpolicy(args): |
1213 | 1213 |
s3 = S3(cfg) |
1214 |
- uri = args.pop(0) |
|
1215 |
- bucket_uri = S3Uri(uri) |
|
1216 |
- if bucket_uri.object(): |
|
1217 |
- raise ParameterError("Only bucket name is required for [setpolicy] command") |
|
1218 |
- policy = args.pop() |
|
1219 |
- info("Setting access policy for bucket %s to:\n\n%s" % (bucket_uri.uri(), policy)) |
|
1220 |
- response = s3.set_policy(bucket_uri, policy) |
|
1214 |
+ uri = S3Uri(args[1]) |
|
1215 |
+ policy_file = args[0] |
|
1216 |
+ policy = open(policy_file, 'r').read() |
|
1217 |
+ |
|
1218 |
+ if cfg.dry_run: return |
|
1219 |
+ |
|
1220 |
+ response = s3.set_policy(uri, policy) |
|
1221 |
+ |
|
1222 |
+ #if retsponse['status'] == 200: |
|
1223 |
+ debug(u"response - %s" % response['status']) |
|
1221 | 1224 |
if response['status'] == 204: |
1222 |
- output(u"%s: Policy updated" % uri) |
|
1225 |
+ output(u"%s: Policy updated" % uri) |
|
1226 |
+ |
|
1227 |
+def cmd_delpolicy(args): |
|
1228 |
+ s3 = S3(cfg) |
|
1229 |
+ uri = S3Uri(args[0]) |
|
1230 |
+ if cfg.dry_run: return |
|
1231 |
+ |
|
1232 |
+ response = s3.delete_policy(uri) |
|
1233 |
+ |
|
1234 |
+ #if retsponse['status'] == 200: |
|
1235 |
+ debug(u"response - %s" % response['status']) |
|
1236 |
+ output(u"%s: Policy deleted" % uri) |
|
1237 |
+ |
|
1223 | 1238 |
|
1224 | 1239 |
def cmd_accesslog(args): |
1225 | 1240 |
s3 = S3(cfg) |
... | ... |
@@ -1571,7 +1594,10 @@ def get_commands_list(): |
1571 | 1571 |
{"cmd":"cp", "label":"Copy object", "param":"s3://BUCKET1/OBJECT1 s3://BUCKET2[/OBJECT2]", "func":cmd_cp, "argc":2}, |
1572 | 1572 |
{"cmd":"mv", "label":"Move object", "param":"s3://BUCKET1/OBJECT1 s3://BUCKET2[/OBJECT2]", "func":cmd_mv, "argc":2}, |
1573 | 1573 |
{"cmd":"setacl", "label":"Modify Access control list for Bucket or Files", "param":"s3://BUCKET[/OBJECT]", "func":cmd_setacl, "argc":1}, |
1574 |
- {"cmd":"setpolicy", "label":"Set an access policy for a bucket", "param":"s3://BUCKET POLICY_STRING", "func":cmd_setpolicy, "argc":2}, |
|
1574 |
+ |
|
1575 |
+ {"cmd":"setpolicy", "label":"Modify Bucket Policy", "param":"FILE s3://BUCKET", "func":cmd_setpolicy, "argc":2}, |
|
1576 |
+ {"cmd":"delpolicy", "label":"Delete Bucket Policy", "param":"s3://BUCKET", "func":cmd_delpolicy, "argc":1}, |
|
1577 |
+ |
|
1575 | 1578 |
{"cmd":"accesslog", "label":"Enable/disable bucket access logging", "param":"s3://BUCKET", "func":cmd_accesslog, "argc":1}, |
1576 | 1579 |
{"cmd":"sign", "label":"Sign arbitrary string using the secret key", "param":"STRING-TO-SIGN", "func":cmd_sign, "argc":1}, |
1577 | 1580 |
{"cmd":"signurl", "label":"Sign an S3 URL to provide limited public access with expiry", "param":"s3://BUCKET/OBJECT expiry_epoch", "func":cmd_signurl, "argc":2}, |