def test_object_acl(self):
object_name = "test1"
content = "test1"
self.client.put_object(self.bucket_name, object_name, content)
for bucket in self.client.list_objects(self.bucket_name):
print(bucket)
print(self.client.get_object_acl(self.bucket_name, object_name))
objectAcl = AccessControlList()
objectAcl.add_grant(Grant(Grantee("111"), Permission.READ))
objectAcl.add_grant(Grant(Grantee("109901"), Permission.FULL_CONTROL))
objectAcl.add_grant(Grant(Grantee(acl_ak), Permission.FULL_CONTROL))
self.client.set_object_acl(self.bucket_name, object_name, objectAcl)
acl = self.client.get_object_acl(self.bucket_name, object_name)
self.assertTrue(objectAcl.is_subset(acl))
acl_client = GalaxyFDSClient(
acl_ak, acl_access_secret,
FDSClientConfiguration(region_name,
False,
False,
False,
endpoint=endpoint))
self.assertTrue(
self.client.does_object_exists(self.bucket_name, object_name))
print(acl_client.get_object(self.bucket_name, object_name))
self.client.delete_object(self.bucket_name, object_name)
self.assertFalse(
self.client.does_object_exists(self.bucket_name, object_name))
def delete_bucket_acl(bucket_name, gratee_list, permission_list):
check_bucket_name(bucket_name=bucket_name)
bucketAcl = AccessControlList()
for role in gratee_list:
grant = Grant(Grantee(role), Permission(permission_list).get_value())
if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]:
grant.type = GrantType.GROUP
bucketAcl.add_grant(grant)
fds_client.delete_bucket_acl(bucket_name=bucket_name, acl=bucketAcl)
def put_bucket_acl(bucket_name, gratee_list, permission_list):
check_bucket_name(bucket_name=bucket_name)
bucketAcl = AccessControlList()
for role in gratee_list:
grant = Grant(Grantee(role), Permission(permission).get_value())
if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]:
grant.type = GrantType.GROUP
bucketAcl.add_grant(grant)
fds_client.set_bucket_acl(bucket_name=bucket_name, acl=bucketAcl)
def test_bucket_acl(self):
print(self.bucket_name)
self.client.get_bucket_acl(self.bucket_name)
bucketAcl = AccessControlList()
bucketAcl.add_grant(Grant(Grantee("111"), Permission.READ))
bucketAcl.add_grant(Grant(Grantee('109901'), Permission.FULL_CONTROL))
bucketAcl.add_grant(Grant(Grantee('123456'), Permission.SSO_WRITE))
bucketAcl.add_grant(Grant(Grantee(appid), Permission.FULL_CONTROL))
self.client.set_bucket_acl(self.bucket_name, bucketAcl)
aclListGot = self.client.get_bucket_acl(self.bucket_name)
readAclCnt = 0
fullControlCnt = 0
writeWithSSOCnt = 0
for i in aclListGot.get_grant_list():
if i['grantee']['id'] == '111':
self.assertTrue(i['permission'].to_string() == Permission(
Permission.READ).to_string())
readAclCnt += 1
elif i['grantee']['id'] == '109901':
self.assertTrue(i['permission'].to_string() == Permission(
Permission.FULL_CONTROL).to_string())
fullControlCnt += 1
elif i['grantee']['id'] == '123456':
self.assertTrue(i['permission'].to_string() == Permission(
Permission.SSO_WRITE).to_string())
writeWithSSOCnt += 1
self.assertTrue(readAclCnt == 1)
self.assertTrue(fullControlCnt == 1)
self.assertTrue(writeWithSSOCnt == 1)
# self.client.set_bucket_acl(self.bucket_name, bucketAcl)
acl = self.client.get_bucket_acl(self.bucket_name)
self.assertTrue(bucketAcl.is_subset(acl))
acl_client = GalaxyFDSClient(
acl_ak, acl_access_secret,
FDSClientConfiguration(region_name,
False,
False,
False,
endpoint=endpoint))
object_name = "testBucketAcl7"
acl_client.put_object(self.bucket_name, object_name, "hahhah")
self.assertTrue(
self.client.does_object_exists(self.bucket_name, object_name))
acl_client.list_objects(self.bucket_name)
acl_client.delete_object(self.bucket_name, object_name)
self.assertFalse(
self.client.does_object_exists(self.bucket_name, object_name))
self.assertTrue(acl_client.does_bucket_exist(self.bucket_name))
try:
acl_client.delete_bucket(self.bucket_name)
except GalaxyFDSClientException as e:
print(e.message)
self.assertTrue(self.client.does_bucket_exist(self.bucket_name))
def delete_object_acl(bucket_name, object_name, gratee_list, permission_list, is_archive=False):
check_bucket_name(bucket_name)
check_bucket_name(object_name)
object_acl = AccessControlList()
for role in gratee_list:
grant = Grant(Grantee(role), Permission(permission_list).get_value())
if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]:
grant.type = GrantType.GROUP
object_acl.add_grant(grant)
fds_client.delete_object_acl(bucket_name, object_name, object_acl, is_archive=is_archive)
def put_object_acl(bucket_name, object_name, gratee_list, permission_list):
check_bucket_name(bucket_name=bucket_name)
check_object_name(object_name=object_name)
object_acl = AccessControlList()
for role in gratee_list:
grant = Grant(Grantee(role), Permission(permission_list).get_value())
if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]:
grant.type = GrantType.GROUP
object_acl.add_grant(grant)
fds_client.set_object_acl(bucket_name, object_name, object_acl)
logger.info('set [%s/%s] acl success', bucket_name, object_name)
def put_object_acl(bucket_name, object_name, gratee_list, permission_list):
check_bucket_name(bucket_name=bucket_name)
check_object_name(object_name=object_name)
object_acl = AccessControlList()
for role in gratee_list:
grant = Grant(Grantee(role), Permission(permission).get_value())
if role in [UserGroups.ALL_USERS, UserGroups.AUTHENTICATED_USERS]:
grant.type = GrantType.GROUP
object_acl.add_grant(grant)
fds_client.set_object_acl(bucket_name, object_name, object_acl)
logger.info('set [%s/%s] acl success', bucket_name, object_name)
def _acp_to_acl(self, acp):
'''
Translate AccessControlPolicy to AccessControlList.
'''
if acp is not None:
acl = AccessControlList()
for item in acp['accessControlList']:
grantee = item['grantee']
grant_id = grantee['id']
permission = item['permission']
g = Grant(Grantee(grant_id), permission)
acl.add_grant(g)
return acl
return str()
def make_public(self, url):
if not FDSURL.is_fds_url(url):
CLIPrinter.wrong_format()
return
url = FDSURL(url)
if url.is_object_url():
try:
self._fds.set_public(url.bucket_name(), url.object_name())
except GalaxyFDSClientException as e:
CLIPrinter.fail(e.message)
return
elif url.is_bucket_url():
try:
acl = AccessControlList()
grant = Grant(Grantee(UserGroups.ALL_USERS), Permission.READ)
grant.type = GrantType.GROUP
acl.add_grant(grant)
self._fds.set_bucket_acl(url.bucket_name(), acl)
except GalaxyFDSClientException as e:
CLIPrinter.fail(e.message)
return
else:
CLIPrinter.wrong_format()
return
def make_public(self, url):
if not FDSURL.is_fds_url(url):
CLIPrinter.wrong_format()
return
url = FDSURL(url)
if url.is_object_url():
try:
self._fds.set_public(url.bucket_name(), url.object_name())
except GalaxyFDSClientException as e:
CLIPrinter.fail(e.message)
return
elif url.is_bucket_url():
try:
acl = AccessControlList()
grant = Grant(Grantee(UserGroups.ALL_USERS), Permission.READ)
grant.type = GrantType.GROUP
acl.add_grant(grant)
self._fds.set_bucket_acl(url.bucket_name(), acl)
except GalaxyFDSClientException as e:
CLIPrinter.fail(e.message)
return
else:
CLIPrinter.wrong_format()
return
# Delete the object
fds_client.delete_object(bucket_name, object_name)
#####################
#####################
# Create another client
other_ak = 'other_access_key' # corresponding developerId is 109901
other_access_secret = 'other_access_secret'
other_developerId = 'other_developerId'
other_client = GalaxyFDSClient(other_ak, other_access_secret)
# Create a object and grant READ permission to others
object_name = 'shared-object'
fds_client.put_object(bucket_name, object_name, 'shared_content')
object_acl = AccessControlList()
object_acl.add_grant(Grant(Grantee(other_developerId), Permission.READ))
fds_client.set_object_acl(bucket_name, object_name, object_acl)
# Read the shared object by another client
for chunk in other_client.get_object(bucket_name, object_name).stream:
sys.stdout.write(chunk)
print('\n')
# Grant FULL_CONTROL permission of bucket to others
bucket_acl = AccessControlList()
bucket_acl.add_grant(Grant(Grantee(other_developerId),
Permission.FULL_CONTROL))
fds_client.set_bucket_acl(bucket_name, bucket_acl)
# Post an object by others
result = other_client.post_object(bucket_name, 'post')
print(result.object_name)
def set_public(self, bucket_name, object_name): acl = AccessControlList() grant = Grant(Grantee(UserGroups.ALL_USERS), Permission.READ) grant.type = GrantType.GROUP acl.add_grant(grant) self.set_object_acl(bucket_name, object_name, acl)