def test_object_acl(self):
        object_name = "test1"
        content = "test1"
        self.client.put_object(self.bucket_name, object_name, content)
        for bucket in self.client.list_objects(self.bucket_name):
            print(bucket)
        print(self.client.get_object_acl(self.bucket_name, object_name))
        objectAcl = AccessControlList()
        objectAcl.add_grant(Grant(Grantee("111"), Permission.READ))
        objectAcl.add_grant(Grant(Grantee("109901"), Permission.FULL_CONTROL))
        objectAcl.add_grant(Grant(Grantee(acl_ak), Permission.FULL_CONTROL))
        self.client.set_object_acl(self.bucket_name, object_name, objectAcl)
        acl = self.client.get_object_acl(self.bucket_name, object_name)
        self.assertTrue(objectAcl.is_subset(acl))

        acl_client = GalaxyFDSClient(
            acl_ak, acl_access_secret,
            FDSClientConfiguration(region_name,
                                   False,
                                   False,
                                   False,
                                   endpoint=endpoint))
        self.assertTrue(
            self.client.does_object_exists(self.bucket_name, object_name))
        print(acl_client.get_object(self.bucket_name, object_name))
        self.client.delete_object(self.bucket_name, object_name)
        self.assertFalse(
            self.client.does_object_exists(self.bucket_name, object_name))
    def test_bucket_acl(self):
        print(self.bucket_name)

        self.client.get_bucket_acl(self.bucket_name)
        bucketAcl = AccessControlList()
        bucketAcl.add_grant(Grant(Grantee("111"), Permission.READ))
        bucketAcl.add_grant(Grant(Grantee('109901'), Permission.FULL_CONTROL))
        bucketAcl.add_grant(Grant(Grantee('123456'), Permission.SSO_WRITE))
        bucketAcl.add_grant(Grant(Grantee(appid), Permission.FULL_CONTROL))
        self.client.set_bucket_acl(self.bucket_name, bucketAcl)

        aclListGot = self.client.get_bucket_acl(self.bucket_name)
        readAclCnt = 0
        fullControlCnt = 0
        writeWithSSOCnt = 0
        for i in aclListGot.get_grant_list():
            if i['grantee']['id'] == '111':
                self.assertTrue(i['permission'].to_string() == Permission(
                    Permission.READ).to_string())
                readAclCnt += 1
            elif i['grantee']['id'] == '109901':
                self.assertTrue(i['permission'].to_string() == Permission(
                    Permission.FULL_CONTROL).to_string())
                fullControlCnt += 1
            elif i['grantee']['id'] == '123456':
                self.assertTrue(i['permission'].to_string() == Permission(
                    Permission.SSO_WRITE).to_string())
                writeWithSSOCnt += 1
        self.assertTrue(readAclCnt == 1)
        self.assertTrue(fullControlCnt == 1)
        self.assertTrue(writeWithSSOCnt == 1)

        #    self.client.set_bucket_acl(self.bucket_name, bucketAcl)
        acl = self.client.get_bucket_acl(self.bucket_name)
        self.assertTrue(bucketAcl.is_subset(acl))
        acl_client = GalaxyFDSClient(
            acl_ak, acl_access_secret,
            FDSClientConfiguration(region_name,
                                   False,
                                   False,
                                   False,
                                   endpoint=endpoint))
        object_name = "testBucketAcl7"
        acl_client.put_object(self.bucket_name, object_name, "hahhah")
        self.assertTrue(
            self.client.does_object_exists(self.bucket_name, object_name))
        acl_client.list_objects(self.bucket_name)
        acl_client.delete_object(self.bucket_name, object_name)
        self.assertFalse(
            self.client.does_object_exists(self.bucket_name, object_name))
        self.assertTrue(acl_client.does_bucket_exist(self.bucket_name))
        try:
            acl_client.delete_bucket(self.bucket_name)
        except GalaxyFDSClientException as e:
            print(e.message)
        self.assertTrue(self.client.does_bucket_exist(self.bucket_name))
Esempio n. 3
0
def put_bucket_acl(bucket_name, gratee_list, permission_list):
    check_bucket_name(bucket_name=bucket_name)
    bucketAcl = AccessControlList()
    for role in gratee_list:
        grant = Grant(Grantee(role), Permission(permission).get_value())
        if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]:
            grant.type = GrantType.GROUP
        bucketAcl.add_grant(grant)
    fds_client.set_bucket_acl(bucket_name=bucket_name, acl=bucketAcl)
Esempio n. 4
0
def delete_object_acl(bucket_name, object_name, gratee_list, permission_list, is_archive=False):
  check_bucket_name(bucket_name)
  check_bucket_name(object_name)
  object_acl = AccessControlList()
  for role in gratee_list:
    grant = Grant(Grantee(role), Permission(permission_list).get_value())
    if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]:
      grant.type = GrantType.GROUP
    object_acl.add_grant(grant)
  fds_client.delete_object_acl(bucket_name, object_name, object_acl, is_archive=is_archive)
Esempio n. 5
0
def put_object_acl(bucket_name, object_name, gratee_list, permission_list):
    check_bucket_name(bucket_name=bucket_name)
    check_object_name(object_name=object_name)
    object_acl = AccessControlList()
    for role in gratee_list:
        grant = Grant(Grantee(role), Permission(permission).get_value())
        if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]:
            grant.type = GrantType.GROUP
        object_acl.add_grant(grant)
    fds_client.set_object_acl(bucket_name, object_name, object_acl)
    logger.info('set [%s/%s] acl success', bucket_name, object_name)
 def _acp_to_acl(self, acp):
   '''
   Translate AccessControlPolicy to AccessControlList.
   '''
   if acp is not None:
     acl = AccessControlList()
     for item in acp['accessControlList']:
       grantee = item['grantee']
       grant_id = grantee['id']
       permission = item['permission']
       g = Grant(Grantee(grant_id), permission)
       acl.add_grant(g)
     return acl
   return str()
 def make_public(self, url):
     if not FDSURL.is_fds_url(url):
         CLIPrinter.wrong_format()
         return
     url = FDSURL(url)
     if url.is_object_url():
         try:
             self._fds.set_public(url.bucket_name(), url.object_name())
         except GalaxyFDSClientException as e:
             CLIPrinter.fail(e.message)
             return
     elif url.is_bucket_url():
         try:
             acl = AccessControlList()
             grant = Grant(Grantee(UserGroups.ALL_USERS), Permission.READ)
             grant.type = GrantType.GROUP
             acl.add_grant(grant)
             self._fds.set_bucket_acl(url.bucket_name(), acl)
         except GalaxyFDSClientException as e:
             CLIPrinter.fail(e.message)
             return
     else:
         CLIPrinter.wrong_format()
         return
Esempio n. 8
0
# Delete the object
fds_client.delete_object(bucket_name, object_name)
#####################

#####################
# Create another client
other_ak = 'other_access_key'  # corresponding developerId is 109901
other_access_secret = 'other_access_secret'
other_developerId = 'other_developerId'
other_client = GalaxyFDSClient(other_ak, other_access_secret)

# Create a object and grant READ permission to others
object_name = 'shared-object'
fds_client.put_object(bucket_name, object_name, 'shared_content')
object_acl = AccessControlList()
object_acl.add_grant(Grant(Grantee(other_developerId), Permission.READ))
fds_client.set_object_acl(bucket_name, object_name, object_acl)
# Read the shared object by another client
for chunk in other_client.get_object(bucket_name, object_name).stream:
    sys.stdout.write(chunk)
print('\n')

# Grant FULL_CONTROL permission of bucket to others
bucket_acl = AccessControlList()
bucket_acl.add_grant(Grant(Grantee(other_developerId),
                           Permission.FULL_CONTROL))
fds_client.set_bucket_acl(bucket_name, bucket_acl)

# Post an object by others
result = other_client.post_object(bucket_name, 'post')
print(result.object_name)
 def set_public(self, bucket_name, object_name):
   acl = AccessControlList()
   grant = Grant(Grantee(UserGroups.ALL_USERS), Permission.READ)
   grant.type = GrantType.GROUP
   acl.add_grant(grant)
   self.set_object_acl(bucket_name, object_name, acl)