def test_object_acl(self): object_name = "test1" content = "test1" self.client.put_object(self.bucket_name, object_name, content) for bucket in self.client.list_objects(self.bucket_name): print(bucket) print(self.client.get_object_acl(self.bucket_name, object_name)) objectAcl = AccessControlList() objectAcl.add_grant(Grant(Grantee("111"), Permission.READ)) objectAcl.add_grant(Grant(Grantee("109901"), Permission.FULL_CONTROL)) objectAcl.add_grant(Grant(Grantee(acl_ak), Permission.FULL_CONTROL)) self.client.set_object_acl(self.bucket_name, object_name, objectAcl) acl = self.client.get_object_acl(self.bucket_name, object_name) self.assertTrue(objectAcl.is_subset(acl)) acl_client = GalaxyFDSClient( acl_ak, acl_access_secret, FDSClientConfiguration(region_name, False, False, False, endpoint=endpoint)) self.assertTrue( self.client.does_object_exists(self.bucket_name, object_name)) print(acl_client.get_object(self.bucket_name, object_name)) self.client.delete_object(self.bucket_name, object_name) self.assertFalse( self.client.does_object_exists(self.bucket_name, object_name))
def test_bucket_acl(self): print(self.bucket_name) self.client.get_bucket_acl(self.bucket_name) bucketAcl = AccessControlList() bucketAcl.add_grant(Grant(Grantee("111"), Permission.READ)) bucketAcl.add_grant(Grant(Grantee('109901'), Permission.FULL_CONTROL)) bucketAcl.add_grant(Grant(Grantee('123456'), Permission.SSO_WRITE)) bucketAcl.add_grant(Grant(Grantee(appid), Permission.FULL_CONTROL)) self.client.set_bucket_acl(self.bucket_name, bucketAcl) aclListGot = self.client.get_bucket_acl(self.bucket_name) readAclCnt = 0 fullControlCnt = 0 writeWithSSOCnt = 0 for i in aclListGot.get_grant_list(): if i['grantee']['id'] == '111': self.assertTrue(i['permission'].to_string() == Permission( Permission.READ).to_string()) readAclCnt += 1 elif i['grantee']['id'] == '109901': self.assertTrue(i['permission'].to_string() == Permission( Permission.FULL_CONTROL).to_string()) fullControlCnt += 1 elif i['grantee']['id'] == '123456': self.assertTrue(i['permission'].to_string() == Permission( Permission.SSO_WRITE).to_string()) writeWithSSOCnt += 1 self.assertTrue(readAclCnt == 1) self.assertTrue(fullControlCnt == 1) self.assertTrue(writeWithSSOCnt == 1) # self.client.set_bucket_acl(self.bucket_name, bucketAcl) acl = self.client.get_bucket_acl(self.bucket_name) self.assertTrue(bucketAcl.is_subset(acl)) acl_client = GalaxyFDSClient( acl_ak, acl_access_secret, FDSClientConfiguration(region_name, False, False, False, endpoint=endpoint)) object_name = "testBucketAcl7" acl_client.put_object(self.bucket_name, object_name, "hahhah") self.assertTrue( self.client.does_object_exists(self.bucket_name, object_name)) acl_client.list_objects(self.bucket_name) acl_client.delete_object(self.bucket_name, object_name) self.assertFalse( self.client.does_object_exists(self.bucket_name, object_name)) self.assertTrue(acl_client.does_bucket_exist(self.bucket_name)) try: acl_client.delete_bucket(self.bucket_name) except GalaxyFDSClientException as e: print(e.message) self.assertTrue(self.client.does_bucket_exist(self.bucket_name))
def put_bucket_acl(bucket_name, gratee_list, permission_list): check_bucket_name(bucket_name=bucket_name) bucketAcl = AccessControlList() for role in gratee_list: grant = Grant(Grantee(role), Permission(permission).get_value()) if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]: grant.type = GrantType.GROUP bucketAcl.add_grant(grant) fds_client.set_bucket_acl(bucket_name=bucket_name, acl=bucketAcl)
def delete_object_acl(bucket_name, object_name, gratee_list, permission_list, is_archive=False): check_bucket_name(bucket_name) check_bucket_name(object_name) object_acl = AccessControlList() for role in gratee_list: grant = Grant(Grantee(role), Permission(permission_list).get_value()) if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]: grant.type = GrantType.GROUP object_acl.add_grant(grant) fds_client.delete_object_acl(bucket_name, object_name, object_acl, is_archive=is_archive)
def put_object_acl(bucket_name, object_name, gratee_list, permission_list): check_bucket_name(bucket_name=bucket_name) check_object_name(object_name=object_name) object_acl = AccessControlList() for role in gratee_list: grant = Grant(Grantee(role), Permission(permission).get_value()) if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]: grant.type = GrantType.GROUP object_acl.add_grant(grant) fds_client.set_object_acl(bucket_name, object_name, object_acl) logger.info('set [%s/%s] acl success', bucket_name, object_name)
def _acp_to_acl(self, acp): ''' Translate AccessControlPolicy to AccessControlList. ''' if acp is not None: acl = AccessControlList() for item in acp['accessControlList']: grantee = item['grantee'] grant_id = grantee['id'] permission = item['permission'] g = Grant(Grantee(grant_id), permission) acl.add_grant(g) return acl return str()
def make_public(self, url): if not FDSURL.is_fds_url(url): CLIPrinter.wrong_format() return url = FDSURL(url) if url.is_object_url(): try: self._fds.set_public(url.bucket_name(), url.object_name()) except GalaxyFDSClientException as e: CLIPrinter.fail(e.message) return elif url.is_bucket_url(): try: acl = AccessControlList() grant = Grant(Grantee(UserGroups.ALL_USERS), Permission.READ) grant.type = GrantType.GROUP acl.add_grant(grant) self._fds.set_bucket_acl(url.bucket_name(), acl) except GalaxyFDSClientException as e: CLIPrinter.fail(e.message) return else: CLIPrinter.wrong_format() return
# Delete the object fds_client.delete_object(bucket_name, object_name) ##################### ##################### # Create another client other_ak = 'other_access_key' # corresponding developerId is 109901 other_access_secret = 'other_access_secret' other_developerId = 'other_developerId' other_client = GalaxyFDSClient(other_ak, other_access_secret) # Create a object and grant READ permission to others object_name = 'shared-object' fds_client.put_object(bucket_name, object_name, 'shared_content') object_acl = AccessControlList() object_acl.add_grant(Grant(Grantee(other_developerId), Permission.READ)) fds_client.set_object_acl(bucket_name, object_name, object_acl) # Read the shared object by another client for chunk in other_client.get_object(bucket_name, object_name).stream: sys.stdout.write(chunk) print('\n') # Grant FULL_CONTROL permission of bucket to others bucket_acl = AccessControlList() bucket_acl.add_grant(Grant(Grantee(other_developerId), Permission.FULL_CONTROL)) fds_client.set_bucket_acl(bucket_name, bucket_acl) # Post an object by others result = other_client.post_object(bucket_name, 'post') print(result.object_name)
def set_public(self, bucket_name, object_name): acl = AccessControlList() grant = Grant(Grantee(UserGroups.ALL_USERS), Permission.READ) grant.type = GrantType.GROUP acl.add_grant(grant) self.set_object_acl(bucket_name, object_name, acl)