JustAnotherArchivist
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
226 Commits
17 Branches
34 MiB
 
 
 
Tree: 82493d6dcb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '82493d6dcb'
${ noResults }
transfer.sh/vendor/cloud.google.com/go/storage/acl.go

246 lines
6.6 KiB
Raw Blame History 

  1. // Copyright 2014 Google LLC

  2. //

  3. // Licensed under the Apache License, Version 2.0 (the "License");

  4. // you may not use this file except in compliance with the License.

  5. // You may obtain a copy of the License at

  6. //

  7. //      http://www.apache.org/licenses/LICENSE-2.0

  8. //

  9. // Unless required by applicable law or agreed to in writing, software

  10. // distributed under the License is distributed on an "AS IS" BASIS,

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  12. // See the License for the specific language governing permissions and

  13. // limitations under the License.

  14. 

  15. package storage

  16. 

  17. import (

  18. 	"net/http"

  19. 	"reflect"

  20. 

  21. 	"cloud.google.com/go/internal/trace"

  22. 	"golang.org/x/net/context"

  23. 	"google.golang.org/api/googleapi"

  24. 	raw "google.golang.org/api/storage/v1"

  25. )

  26. 

  27. // ACLRole is the level of access to grant.

  28. type ACLRole string

  29. 

  30. const (

  31. 	RoleOwner  ACLRole = "OWNER"

  32. 	RoleReader ACLRole = "READER"

  33. 	RoleWriter ACLRole = "WRITER"

  34. )

  35. 

  36. // ACLEntity refers to a user or group.

  37. // They are sometimes referred to as grantees.

  38. //

  39. // It could be in the form of:

  40. // "user-<userId>", "user-<email>", "group-<groupId>", "group-<email>",

  41. // "domain-<domain>" and "project-team-<projectId>".

  42. //

  43. // Or one of the predefined constants: AllUsers, AllAuthenticatedUsers.

  44. type ACLEntity string

  45. 

  46. const (

  47. 	AllUsers              ACLEntity = "allUsers"

  48. 	AllAuthenticatedUsers ACLEntity = "allAuthenticatedUsers"

  49. )

  50. 

  51. // ACLRule represents a grant for a role to an entity (user, group or team) for a Google Cloud Storage object or bucket.

  52. type ACLRule struct {

  53. 	Entity ACLEntity

  54. 	Role   ACLRole

  55. }

  56. 

  57. // ACLHandle provides operations on an access control list for a Google Cloud Storage bucket or object.

  58. type ACLHandle struct {

  59. 	c           *Client

  60. 	bucket      string

  61. 	object      string

  62. 	isDefault   bool

  63. 	userProject string // for requester-pays buckets

  64. }

  65. 

  66. // Delete permanently deletes the ACL entry for the given entity.

  67. func (a *ACLHandle) Delete(ctx context.Context, entity ACLEntity) (err error) {

  68. 	ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Delete")

  69. 	defer func() { trace.EndSpan(ctx, err) }()

  70. 

  71. 	if a.object != "" {

  72. 		return a.objectDelete(ctx, entity)

  73. 	}

  74. 	if a.isDefault {

  75. 		return a.bucketDefaultDelete(ctx, entity)

  76. 	}

  77. 	return a.bucketDelete(ctx, entity)

  78. }

  79. 

  80. // Set sets the permission level for the given entity.

  81. func (a *ACLHandle) Set(ctx context.Context, entity ACLEntity, role ACLRole) (err error) {

  82. 	ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Set")

  83. 	defer func() { trace.EndSpan(ctx, err) }()

  84. 

  85. 	if a.object != "" {

  86. 		return a.objectSet(ctx, entity, role, false)

  87. 	}

  88. 	if a.isDefault {

  89. 		return a.objectSet(ctx, entity, role, true)

  90. 	}

  91. 	return a.bucketSet(ctx, entity, role)

  92. }

  93. 

  94. // List retrieves ACL entries.

  95. func (a *ACLHandle) List(ctx context.Context) (rules []ACLRule, err error) {

  96. 	ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.List")

  97. 	defer func() { trace.EndSpan(ctx, err) }()

  98. 

  99. 	if a.object != "" {

  100. 		return a.objectList(ctx)

  101. 	}

  102. 	if a.isDefault {

  103. 		return a.bucketDefaultList(ctx)

  104. 	}

  105. 	return a.bucketList(ctx)

  106. }

  107. 

  108. func (a *ACLHandle) bucketDefaultList(ctx context.Context) ([]ACLRule, error) {

  109. 	var acls *raw.ObjectAccessControls

  110. 	var err error

  111. 	err = runWithRetry(ctx, func() error {

  112. 		req := a.c.raw.DefaultObjectAccessControls.List(a.bucket)

  113. 		a.configureCall(req, ctx)

  114. 		acls, err = req.Do()

  115. 		return err

  116. 	})

  117. 	if err != nil {

  118. 		return nil, err

  119. 	}

  120. 	return toACLRules(acls.Items), nil

  121. }

  122. 

  123. func (a *ACLHandle) bucketDefaultDelete(ctx context.Context, entity ACLEntity) error {

  124. 	return runWithRetry(ctx, func() error {

  125. 		req := a.c.raw.DefaultObjectAccessControls.Delete(a.bucket, string(entity))

  126. 		a.configureCall(req, ctx)

  127. 		return req.Do()

  128. 	})

  129. }

  130. 

  131. func (a *ACLHandle) bucketList(ctx context.Context) ([]ACLRule, error) {

  132. 	var acls *raw.BucketAccessControls

  133. 	var err error

  134. 	err = runWithRetry(ctx, func() error {

  135. 		req := a.c.raw.BucketAccessControls.List(a.bucket)

  136. 		a.configureCall(req, ctx)

  137. 		acls, err = req.Do()

  138. 		return err

  139. 	})

  140. 	if err != nil {

  141. 		return nil, err

  142. 	}

  143. 	r := make([]ACLRule, len(acls.Items))

  144. 	for i, v := range acls.Items {

  145. 		r[i].Entity = ACLEntity(v.Entity)

  146. 		r[i].Role = ACLRole(v.Role)

  147. 	}

  148. 	return r, nil

  149. }

  150. 

  151. func (a *ACLHandle) bucketSet(ctx context.Context, entity ACLEntity, role ACLRole) error {

  152. 	acl := &raw.BucketAccessControl{

  153. 		Bucket: a.bucket,

  154. 		Entity: string(entity),

  155. 		Role:   string(role),

  156. 	}

  157. 	err := runWithRetry(ctx, func() error {

  158. 		req := a.c.raw.BucketAccessControls.Update(a.bucket, string(entity), acl)

  159. 		a.configureCall(req, ctx)

  160. 		_, err := req.Do()

  161. 		return err

  162. 	})

  163. 	if err != nil {

  164. 		return err

  165. 	}

  166. 	return nil

  167. }

  168. 

  169. func (a *ACLHandle) bucketDelete(ctx context.Context, entity ACLEntity) error {

  170. 	err := runWithRetry(ctx, func() error {

  171. 		req := a.c.raw.BucketAccessControls.Delete(a.bucket, string(entity))

  172. 		a.configureCall(req, ctx)

  173. 		return req.Do()

  174. 	})

  175. 	if err != nil {

  176. 		return err

  177. 	}

  178. 	return nil

  179. }

  180. 

  181. func (a *ACLHandle) objectList(ctx context.Context) ([]ACLRule, error) {

  182. 	var acls *raw.ObjectAccessControls

  183. 	var err error

  184. 	err = runWithRetry(ctx, func() error {

  185. 		req := a.c.raw.ObjectAccessControls.List(a.bucket, a.object)

  186. 		a.configureCall(req, ctx)

  187. 		acls, err = req.Do()

  188. 		return err

  189. 	})

  190. 	if err != nil {

  191. 		return nil, err

  192. 	}

  193. 	return toACLRules(acls.Items), nil

  194. }

  195. 

  196. func (a *ACLHandle) objectSet(ctx context.Context, entity ACLEntity, role ACLRole, isBucketDefault bool) error {

  197. 	type setRequest interface {

  198. 		Do(opts ...googleapi.CallOption) (*raw.ObjectAccessControl, error)

  199. 		Header() http.Header

  200. 	}

  201. 

  202. 	acl := &raw.ObjectAccessControl{

  203. 		Bucket: a.bucket,

  204. 		Entity: string(entity),

  205. 		Role:   string(role),

  206. 	}

  207. 	var req setRequest

  208. 	if isBucketDefault {

  209. 		req = a.c.raw.DefaultObjectAccessControls.Update(a.bucket, string(entity), acl)

  210. 	} else {

  211. 		req = a.c.raw.ObjectAccessControls.Update(a.bucket, a.object, string(entity), acl)

  212. 	}

  213. 	a.configureCall(req, ctx)

  214. 	return runWithRetry(ctx, func() error {

  215. 		_, err := req.Do()

  216. 		return err

  217. 	})

  218. }

  219. 

  220. func (a *ACLHandle) objectDelete(ctx context.Context, entity ACLEntity) error {

  221. 	return runWithRetry(ctx, func() error {

  222. 		req := a.c.raw.ObjectAccessControls.Delete(a.bucket, a.object, string(entity))

  223. 		a.configureCall(req, ctx)

  224. 		return req.Do()

  225. 	})

  226. }

  227. 

  228. func (a *ACLHandle) configureCall(call interface {

  229. 	Header() http.Header

  230. }, ctx context.Context) {

  231. 	vc := reflect.ValueOf(call)

  232. 	vc.MethodByName("Context").Call([]reflect.Value{reflect.ValueOf(ctx)})

  233. 	if a.userProject != "" {

  234. 		vc.MethodByName("UserProject").Call([]reflect.Value{reflect.ValueOf(a.userProject)})

  235. 	}

  236. 	setClientHeader(call.Header())

  237. }

  238. 

  239. func toACLRules(items []*raw.ObjectAccessControl) []ACLRule {

  240. 	r := make([]ACLRule, 0, len(items))

  241. 	for _, item := range items {

  242. 		r = append(r, ACLRule{Entity: ACLEntity(item.Entity), Role: ACLRole(item.Role)})

  243. 	}

  244. 	return r

  245. }