def _update_predefined_acl(self, predefined_acl):
"""Update the ACL based on the given request parameter value."""
if predefined_acl is None:
predefined_acl = 'projectPrivate'
self.insert_acl(
testbench_utils.canonical_entity_name('project-owners-123456789'), 'OWNER')
bucket = testbench_utils.lookup_bucket(self.bucket_name)
owner = bucket.metadata.get('owner')
if owner is None:
owner_entity = 'project-owners-123456789'
else:
owner_entity = owner.get('entity')
if predefined_acl == 'authenticatedRead':
self.insert_acl('allAuthenticatedUsers', 'READER')
elif predefined_acl == 'bucketOwnerFullControl':
self.insert_acl(owner_entity, 'OWNER')
elif predefined_acl == 'bucketOwnerRead':
self.insert_acl(owner_entity, 'READER')
elif predefined_acl == 'private':
self.insert_acl('project-owners', 'OWNER')
elif predefined_acl == 'projectPrivate':
self.insert_acl(
testbench_utils.canonical_entity_name('project-editors-123456789'), 'OWNER')
self.insert_acl(
testbench_utils.canonical_entity_name('project-viewers-123456789'), 'READER')
elif predefined_acl == 'publicRead':
self.insert_acl(
testbench_utils.canonical_entity_name('allUsers'), 'READER')
else:
raise error_response.ErrorResponse(
'Invalid predefinedAcl value', status_code=400)
def insert_default_object_acl(self, entity, role):
"""Insert (or update) a new default ObjectAccessControl entry for this
bucket.
:param entity:str the name of the entity to insert.
:param role:str the new role
:return: the dictionary representing the new ObjectAccessControl.
:rtype: dict
"""
entity = testbench_utils.canonical_entity_name(entity)
email = ''
if entity.startswith('user-'):
email = email.replace('user-', '', 1)
# Replace or insert the entry.
indexed = testbench_utils.index_acl(self.metadata.get('defaultObjectAcl', []))
indexed[entity] = {
'bucket': self.name,
'email': email,
'entity': entity,
'etag': self.metadata.get('etag', 'XYZ='),
'id': self.metadata.get('id', '') + '/' + entity,
'kind': 'storage#objectAccessControl',
'role': role,
'selfLink': self.metadata.get('selfLink') + '/acl/' + entity
}
self.metadata['defaultObjectAcl'] = indexed.values()
return indexed[entity]
def create_acl_entry(self, entity, role):
"""Return an ACL entry for the given entity and role.
:param entity: str the user, group or email granted permissions.
:param role: str the name of the permissions (READER, WRITER, OWNER).
:return: the canonical entity name and the ACL entry.
:rtype: (str,dict)
"""
entity = testbench_utils.canonical_entity_name(entity)
email = ""
if entity.startswith("user-"):
email = entity.replace("user-", "", 1)
return (
entity,
{
"bucket": self.name,
"email": email,
"entity": entity,
"etag": self.metadata.get("etag", "XYZ="),
"id": self.metadata.get("id", "") + "/" + entity,
"kind": "storage#bucketAccessControl",
"role": role,
"selfLink": self.metadata.get("selfLink") + "/acl/" + entity,
},
)
def insert_acl(self, entity, role):
"""Insert (or update) a new AccessControl entry for this object.
:param entity:str the name of the entity to insert.
:param role:str the new role
:return: the dictionary representing the new AccessControl metadata.
:rtype:dict
"""
entity = testbench_utils.canonical_entity_name(entity)
email = ""
if entity.startswith("user-"):
email = entity
# Replace or insert the entry.
indexed = testbench_utils.index_acl(self.metadata.get("acl", []))
indexed[entity] = {
"bucket": self.bucket_name,
"email": email,
"entity": entity,
"entity_id": "",
"etag": self.metadata.get("etag", "XYZ="),
"generation": str(self.generation),
"id": self.metadata.get("id", "") + "/" + entity,
"kind": "storage#objectAccessControl",
"object": self.name,
"role": role,
"selfLink": self.metadata.get("selfLink") + "/acl/" + entity,
}
self.metadata["acl"] = list(indexed.values())
return indexed[entity]
def delete_default_object_acl(self, entity):
"""Delete a single default ObjectAccessControl entry from this bucket.
:param entity:str the name of the entity.
:rtype:NoneType
"""
entity = testbench_utils.canonical_entity_name(entity)
indexed = testbench_utils.index_acl(self.metadata.get('defaultObjectAcl', []))
indexed.pop(entity)
self.metadata['defaultObjectAcl'] = indexed.values()
def delete_acl(self, entity):
"""Delete a single AccessControl entry from the Object revision.
:param entity:str the name of the entity.
:rtype:NoneType
"""
entity = testbench_utils.canonical_entity_name(entity)
indexed = testbench_utils.index_acl(self.metadata.get('acl', []))
indexed.pop(entity)
self.metadata['acl'] = indexed.values()
def delete_acl(self, entity):
"""
Delete a single BucketAccessControl entry from this bucket.
:param entity:str the name of the entity.
:rtype:NoneType
"""
entity = testbench_utils.canonical_entity_name(entity)
indexed = testbench_utils.index_acl(self.metadata.get("acl", []))
indexed.pop(entity)
self.metadata["acl"] = list(indexed.values())
def get_default_object_acl(self, entity):
"""Get a single default ObjectAccessControl entry from this Bucket.
:param entity:str the name of the entity.
:return: with the contents of the BucketAccessControl.
:rtype: dict
"""
entity = testbench_utils.canonical_entity_name(entity)
for acl in self.metadata.get('defaultObjectAcl', []):
if acl.get('entity', '') == entity:
return acl
raise error_response.ErrorResponse(
'Entity %s not found in object %s' % (entity, self.name))
def get_acl(self, entity):
"""Get a single AccessControl entry from the Object revision.
:param entity:str the name of the entity.
:return: with the contents of the ObjectAccessControl.
:rtype:dict
"""
entity = testbench_utils.canonical_entity_name(entity)
for acl in self.metadata.get("acl", []):
if acl.get("entity", "") == entity:
return acl
raise error_response.ErrorResponse("Entity %s not found in object %s" %
(entity, self.name))
def _update_predefined_acl(self, predefined_acl):
"""Update the ACL based on the given request parameter value."""
if predefined_acl is None:
predefined_acl = "projectPrivate"
self.insert_acl(
testbench_utils.canonical_entity_name("project-owners-123456789"),
"OWNER")
bucket = testbench_utils.lookup_bucket(self.bucket_name)
owner = bucket.metadata.get("owner")
if owner is None:
owner_entity = "project-owners-123456789"
else:
owner_entity = owner.get("entity")
if predefined_acl == "authenticatedRead":
self.insert_acl("allAuthenticatedUsers", "READER")
elif predefined_acl == "bucketOwnerFullControl":
self.insert_acl(owner_entity, "OWNER")
elif predefined_acl == "bucketOwnerRead":
self.insert_acl(owner_entity, "READER")
elif predefined_acl == "private":
self.insert_acl("project-owners", "OWNER")
elif predefined_acl == "projectPrivate":
self.insert_acl(
testbench_utils.canonical_entity_name(
"project-editors-123456789"),
"OWNER",
)
self.insert_acl(
testbench_utils.canonical_entity_name(
"project-viewers-123456789"),
"READER",
)
elif predefined_acl == "publicRead":
self.insert_acl(testbench_utils.canonical_entity_name("allUsers"),
"READER")
else:
raise error_response.ErrorResponse("Invalid predefinedAcl value",
status_code=400)
def __init__(self, gcs_url, name):
self.name = name
self.gcs_url = gcs_url
now = time.gmtime(time.time())
timestamp = time.strftime("%Y-%m-%dT%H:%M:%SZ", now)
self.metadata = {
"timeCreated": timestamp,
"updated": timestamp,
"metageneration": "0",
"name": self.name,
"location": "US",
"storageClass": "STANDARD",
"etag": "XYZ=",
"labels": {
"foo": "bar",
"baz": "qux"
},
"owner": {
"entity": "project-owners-123456789",
"entityId": ""
},
}
self.notification_id = "1"
self.notifications = {}
self.iam_version = 1
self.counter = 1
self.iam_bindings = []
self.resumable_uploads = {}
# Update the derived metadata attributes (e.g.: id, kind, selfLink)
self.update_from_metadata({})
self.insert_acl(
testbench_utils.canonical_entity_name("project-owners-123456789"),
"OWNER")
self.insert_acl(
testbench_utils.canonical_entity_name("project-editors-123456789"),
"OWNER")
self.insert_acl(
testbench_utils.canonical_entity_name("project-viewers-123456789"),
"READER")
self.insert_default_object_acl(
testbench_utils.canonical_entity_name("project-owners-123456789"),
"OWNER")
self.insert_default_object_acl(
testbench_utils.canonical_entity_name("project-editors-123456789"),
"OWNER")
self.insert_default_object_acl(
testbench_utils.canonical_entity_name("project-viewers-123456789"),
"READER")
def create_acl_entry(self, entity, role):
"""Return an ACL entry for the given entity and role.
:param entity: str the user, group or email granted permissions.
:param role: str the name of the permissions (READER, WRITER, OWNER).
:return: the canonical entity name and the ACL entry.
:rtype: (str,dict)
"""
entity = testbench_utils.canonical_entity_name(entity)
email = ''
if entity.startswith('user-'):
email = entity.replace('user-', '', 1)
return (entity, {
'bucket': self.name,
'email': email,
'entity': entity,
'etag': self.metadata.get('etag', 'XYZ='),
'id': self.metadata.get('id', '') + '/' + entity,
'kind': 'storage#bucketAccessControl',
'role': role,
'selfLink': self.metadata.get('selfLink') + '/acl/' + entity
})
def __init__(self, gcs_url, name):
self.name = name
self.gcs_url = gcs_url
self.metadata = {
'metageneration': 0,
'name': self.name,
'location': 'US',
'storageClass': 'STANDARD',
'etag': 'XYZ=',
'labels': {
'foo': 'bar',
'baz': 'qux'
},
'owner': {
'entity': 'project-owners-123456789',
'entityId': '',
}
}
self.notification_id = 1
self.notifications = {}
self.iam_version = 1
self.counter = 1
self.iam_bindings = {}
self.resumable_uploads = {}
# Update the derived metadata attributes (e.g.: id, kind, selfLink)
self.update_from_metadata({})
self.insert_acl(
testbench_utils.canonical_entity_name('project-owners-123456789'),
'OWNER')
self.insert_acl(
testbench_utils.canonical_entity_name('project-editors-123456789'),
'OWNER')
self.insert_acl(
testbench_utils.canonical_entity_name('project-viewers-123456789'),
'READER')
self.insert_default_object_acl(
testbench_utils.canonical_entity_name('project-owners-123456789'),
'OWNER')
self.insert_default_object_acl(
testbench_utils.canonical_entity_name('project-editors-123456789'),
'OWNER')
self.insert_default_object_acl(
testbench_utils.canonical_entity_name('project-viewers-123456789'),
'READER')