... | ... |
@@ -456,6 +456,17 @@ class S3(object): |
456 | 456 |
response = self.send_request(request, body) |
457 | 457 |
return response |
458 | 458 |
|
459 |
+ def set_policy(self, uri, policy): |
|
460 |
+ if uri.has_object(): |
|
461 |
+ request = self.create_request("OBJECT_PUT", uri = uri, extra = "?policy") |
|
462 |
+ else: |
|
463 |
+ request = self.create_request("BUCKET_CREATE", bucket = uri.bucket(), extra = "?policy") |
|
464 |
+ |
|
465 |
+ body = str(policy) |
|
466 |
+ debug(u"set_policy(%s): policy-json: %s" % (uri, body)) |
|
467 |
+ response = self.send_request(request, body) |
|
468 |
+ return response |
|
469 |
+ |
|
459 | 470 |
def get_accesslog(self, uri): |
460 | 471 |
request = self.create_request("BUCKET_LIST", bucket = uri.bucket(), extra = "?logging") |
461 | 472 |
response = self.send_request(request) |
... | ... |
@@ -1051,6 +1051,18 @@ def cmd_setacl(args): |
1051 | 1051 |
uri = S3Uri(remote_list[key]['object_uri_str']) |
1052 | 1052 |
_update_acl(uri, seq_label) |
1053 | 1053 |
|
1054 |
+def cmd_setpolicy(args): |
|
1055 |
+ s3 = S3(cfg) |
|
1056 |
+ uri = args.pop(0) |
|
1057 |
+ bucket_uri = S3Uri(uri) |
|
1058 |
+ if bucket_uri.object(): |
|
1059 |
+ raise ParameterError("Only bucket name is required for [setpolicy] command") |
|
1060 |
+ policy = args.pop() |
|
1061 |
+ info("Setting access policy for bucket %s to:\n\n%s" % (bucket_uri.uri(), policy)) |
|
1062 |
+ response = s3.set_policy(bucket_uri, policy) |
|
1063 |
+ if response['status'] == 204: |
|
1064 |
+ output(u"%s: Policy updated" % uri) |
|
1065 |
+ |
|
1054 | 1066 |
def cmd_accesslog(args): |
1055 | 1067 |
s3 = S3(cfg) |
1056 | 1068 |
bucket_uri = S3Uri(args.pop()) |
... | ... |
@@ -1392,6 +1404,7 @@ def get_commands_list(): |
1392 | 1392 |
{"cmd":"cp", "label":"Copy object", "param":"s3://BUCKET1/OBJECT1 s3://BUCKET2[/OBJECT2]", "func":cmd_cp, "argc":2}, |
1393 | 1393 |
{"cmd":"mv", "label":"Move object", "param":"s3://BUCKET1/OBJECT1 s3://BUCKET2[/OBJECT2]", "func":cmd_mv, "argc":2}, |
1394 | 1394 |
{"cmd":"setacl", "label":"Modify Access control list for Bucket or Files", "param":"s3://BUCKET[/OBJECT]", "func":cmd_setacl, "argc":1}, |
1395 |
+ {"cmd":"setpolicy", "label":"Set an access policy for a bucket", "param":"s3://BUCKET POLICY_STRING", "func":cmd_setpolicy, "argc":2}, |
|
1395 | 1396 |
{"cmd":"accesslog", "label":"Enable/disable bucket access logging", "param":"s3://BUCKET", "func":cmd_accesslog, "argc":1}, |
1396 | 1397 |
{"cmd":"sign", "label":"Sign arbitrary string using the secret key", "param":"STRING-TO-SIGN", "func":cmd_sign, "argc":1}, |
1397 | 1398 |
{"cmd":"fixbucket", "label":"Fix invalid file names in a bucket", "param":"s3://BUCKET[/PREFIX]", "func":cmd_fixbucket, "argc":1}, |