def testAclChangeWithAllUsers(self):
change = acl_helper.AclChange('AllUsers:WRITE',
scope_type=acl_helper.ChangeType.GROUP)
acl = list(
AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
change.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'WRITER', 'AllUsers')
def testAclChangeWithDomain(self):
change = acl_helper.AclChange(self.DOMAIN_TEST + ':READ',
scope_type=acl_helper.ChangeType.GROUP)
acl = list(
AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
change.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'READER', 'GroupByDomain', self.DOMAIN_TEST)
def testAclChangeWithProjectOwners(self):
change = acl_helper.AclChange(self._project_test_acl + ':READ',
scope_type=acl_helper.ChangeType.PROJECT)
acl = list(
AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
change.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'READER', 'Project', self._project_test_acl)
def testAclChangeWithGroupEmail(self):
change = acl_helper.AclChange(self.GROUP_TEST_ADDRESS + ':fc',
scope_type=acl_helper.ChangeType.GROUP)
acl = list(
AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
change.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'OWNER', 'GroupByEmail', self.GROUP_TEST_ADDRESS)
def testAclChangeWithUserEmail(self):
change = acl_helper.AclChange(self.USER_TEST_ADDRESS + ':r',
scope_type=acl_helper.ChangeType.USER)
acl = list(
AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
change.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'READER', 'UserByEmail', self.USER_TEST_ADDRESS)
def testAclChangeWithGroupId(self):
change = acl_helper.AclChange(self.GROUP_TEST_ID + ':r',
scope_type=acl_helper.ChangeType.GROUP)
acl = list(
AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
change.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'READER', 'GroupById', self.GROUP_TEST_ID)
def testAclChangeWithAllAuthUsers(self):
change = acl_helper.AclChange('AllAuthenticatedUsers:READ',
scope_type=acl_helper.ChangeType.GROUP)
acl = list(
AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
change.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'READER', 'AllAuthenticatedUsers')
remove = acl_helper.AclDel('AllAuthenticatedUsers')
remove.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHasNo(acl, 'READER', 'AllAuthenticatedUsers')
def testAclDelWithGroup(self):
add = acl_helper.AclChange(self.USER_TEST_ADDRESS + ':READ',
scope_type=acl_helper.ChangeType.GROUP)
acl = list(
AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
add.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'READER', 'GroupByEmail', self.USER_TEST_ADDRESS)
remove = acl_helper.AclDel(self.USER_TEST_ADDRESS)
remove.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHasNo(acl, 'READER', 'GroupByEmail',
self.GROUP_TEST_ADDRESS)
def _PrintBucketInfo(self, bucket_blr, listing_style):
"""Print listing info for given bucket.
Args:
bucket_blr: BucketListingReference for the bucket being listed
listing_style: ListingStyle enum describing type of output desired.
Returns:
Tuple (total objects, total bytes) in the bucket.
"""
if (listing_style == ListingStyle.SHORT
or listing_style == ListingStyle.LONG):
text_util.print_to_fd(bucket_blr)
return
# listing_style == ListingStyle.LONG_LONG:
# We're guaranteed by the caller that the root object is populated.
bucket = bucket_blr.root_object
location_constraint = bucket.location
storage_class = bucket.storageClass
fields = {
'bucket': bucket_blr.url_string,
'storage_class': storage_class,
'location_constraint': location_constraint,
'acl': AclTranslation.JsonFromMessage(bucket.acl),
'default_acl':
AclTranslation.JsonFromMessage(bucket.defaultObjectAcl),
'versioning': bucket.versioning and bucket.versioning.enabled,
'website_config': 'Present' if bucket.website else 'None',
'logging_config': 'Present' if bucket.logging else 'None',
'cors_config': 'Present' if bucket.cors else 'None',
'lifecycle_config': 'Present' if bucket.lifecycle else 'None',
'requester_pays': bucket.billing and bucket.billing.requesterPays
}
if bucket.retentionPolicy:
fields['retention_policy'] = 'Present'
if bucket.labels:
fields['labels'] = LabelTranslation.JsonFromMessage(
bucket.labels, pretty_print=True)
else:
fields['labels'] = 'None'
if bucket.encryption and bucket.encryption.defaultKmsKeyName:
fields['default_kms_key'] = bucket.encryption.defaultKmsKeyName
else:
fields['default_kms_key'] = 'None'
fields[
'encryption_config'] = 'Present' if bucket.encryption else 'None'
# Fields not available in all APIs (e.g. the XML API)
if bucket.locationType:
fields['location_type'] = bucket.locationType
if bucket.metageneration:
fields['metageneration'] = bucket.metageneration
if bucket.timeCreated:
fields['time_created'] = bucket.timeCreated.strftime(
'%a, %d %b %Y %H:%M:%S GMT')
if bucket.updated:
fields['updated'] = bucket.updated.strftime(
'%a, %d %b %Y %H:%M:%S GMT')
if bucket.defaultEventBasedHold:
fields['default_eventbased_hold'] = bucket.defaultEventBasedHold
if bucket.iamConfiguration and bucket.iamConfiguration.bucketPolicyOnly:
enabled = bucket.iamConfiguration.bucketPolicyOnly.enabled
fields['bucket_policy_only_enabled'] = enabled
# For field values that are multiline, add indenting to make it look
# prettier.
for key in fields:
previous_value = fields[key]
if (not isinstance(previous_value, six.string_types)
or '\n' not in previous_value):
continue
new_value = previous_value.replace('\n', '\n\t ')
# Start multiline values on a new line if they aren't already.
if not new_value.startswith('\n'):
new_value = '\n\t ' + new_value
fields[key] = new_value
# Only display certain properties if the given API returned them (JSON API
# returns many fields that the XML API does not).
location_type_line = ''
metageneration_line = ''
time_created_line = ''
time_updated_line = ''
default_eventbased_hold_line = ''
retention_policy_line = ''
bucket_policy_only_enabled_line = ''
if 'location_type' in fields:
location_type_line = '\tLocation type:\t\t\t{location_type}\n'
if 'metageneration' in fields:
metageneration_line = '\tMetageneration:\t\t\t{metageneration}\n'
if 'time_created' in fields:
time_created_line = '\tTime created:\t\t\t{time_created}\n'
if 'updated' in fields:
time_updated_line = '\tTime updated:\t\t\t{updated}\n'
if 'default_eventbased_hold' in fields:
default_eventbased_hold_line = (
'\tDefault Event-Based Hold:\t{default_eventbased_hold}\n')
if 'retention_policy' in fields:
retention_policy_line = '\tRetention Policy:\t\t{retention_policy}\n'
if 'bucket_policy_only_enabled' in fields:
bucket_policy_only_enabled_line = (
'\tBucket Policy Only enabled:\t'
'{bucket_policy_only_enabled}\n')
text_util.print_to_fd(
('{bucket} :\n'
'\tStorage class:\t\t\t{storage_class}\n' + location_type_line +
'\tLocation constraint:\t\t{location_constraint}\n'
'\tVersioning enabled:\t\t{versioning}\n'
'\tLogging configuration:\t\t{logging_config}\n'
'\tWebsite configuration:\t\t{website_config}\n'
'\tCORS configuration: \t\t{cors_config}\n'
'\tLifecycle configuration:\t{lifecycle_config}\n'
'\tRequester Pays enabled:\t\t{requester_pays}\n' +
retention_policy_line + default_eventbased_hold_line +
'\tLabels:\t\t\t\t{labels}\n' +
'\tDefault KMS key:\t\t{default_kms_key}\n' + time_created_line +
time_updated_line + metageneration_line +
bucket_policy_only_enabled_line + '\tACL:\t\t\t\t{acl}\n'
'\tDefault ACL:\t\t\t{default_acl}').format(**fields))
if bucket_blr.storage_url.scheme == 's3':
text_util.print_to_fd(
'Note: this is an S3 bucket so configuration values may be '
'blank. To retrieve bucket configuration values, use '
'individual configuration commands such as gsutil acl get '
'<bucket>.')
def PrintFullInfoAboutObject(bucket_listing_ref, incl_acl=True):
"""Print full info for given object (like what displays for gsutil ls -L).
Args:
bucket_listing_ref: BucketListingRef being listed.
Must have ref_type OBJECT and a populated root_object
with the desired fields.
incl_acl: True if ACL info should be output.
Returns:
Tuple (number of objects, object_length)
Raises:
Exception: if calling bug encountered.
"""
url_str = bucket_listing_ref.url_string
storage_url = StorageUrlFromString(url_str)
obj = bucket_listing_ref.root_object
if (obj.metadata
and S3_DELETE_MARKER_GUID in obj.metadata.additionalProperties):
num_bytes = 0
num_objs = 0
url_str += '<DeleteMarker>'
else:
num_bytes = obj.size
num_objs = 1
text_util.print_to_fd('{}:'.format(url_str))
if obj.timeCreated:
text_util.print_to_fd(
MakeMetadataLine(
'Creation time',
obj.timeCreated.strftime('%a, %d %b %Y %H:%M:%S GMT')))
if obj.updated:
text_util.print_to_fd(
MakeMetadataLine(
'Update time',
obj.updated.strftime('%a, %d %b %Y %H:%M:%S GMT')))
if (obj.timeStorageClassUpdated
and obj.timeStorageClassUpdated != obj.timeCreated):
text_util.print_to_fd(
MakeMetadataLine(
'Storage class update time',
obj.timeStorageClassUpdated.strftime(
'%a, %d %b %Y %H:%M:%S GMT')))
if obj.storageClass:
text_util.print_to_fd(
MakeMetadataLine('Storage class', obj.storageClass))
if obj.temporaryHold:
text_util.print_to_fd(MakeMetadataLine('Temporary Hold', 'Enabled'))
if obj.eventBasedHold:
text_util.print_to_fd(MakeMetadataLine('Event-Based Hold', 'Enabled'))
if obj.retentionExpirationTime:
text_util.print_to_fd(
MakeMetadataLine(
'Retention Expiration',
obj.retentionExpirationTime.strftime(
'%a, %d %b %Y %H:%M:%S GMT')))
if obj.kmsKeyName:
text_util.print_to_fd(MakeMetadataLine('KMS key', obj.kmsKeyName))
if obj.cacheControl:
text_util.print_to_fd(
MakeMetadataLine('Cache-Control', obj.cacheControl))
if obj.contentDisposition:
text_util.print_to_fd(
MakeMetadataLine('Content-Disposition', obj.contentDisposition))
if obj.contentEncoding:
text_util.print_to_fd(
MakeMetadataLine('Content-Encoding', obj.contentEncoding))
if obj.contentLanguage:
text_util.print_to_fd(
MakeMetadataLine('Content-Language', obj.contentLanguage))
text_util.print_to_fd(MakeMetadataLine('Content-Length', obj.size))
text_util.print_to_fd(MakeMetadataLine('Content-Type', obj.contentType))
if obj.componentCount:
text_util.print_to_fd(
MakeMetadataLine('Component-Count', obj.componentCount))
if obj.timeDeleted:
text_util.print_to_fd(
MakeMetadataLine(
'Archived time',
obj.timeDeleted.strftime('%a, %d %b %Y %H:%M:%S GMT')))
marker_props = {}
if obj.metadata and obj.metadata.additionalProperties:
non_marker_props = []
for add_prop in obj.metadata.additionalProperties:
if add_prop.key not in S3_MARKER_GUIDS:
non_marker_props.append(add_prop)
else:
marker_props[add_prop.key] = add_prop.value
if non_marker_props:
text_util.print_to_fd(MakeMetadataLine('Metadata', ''))
for ap in non_marker_props:
ap_key = '{}'.format(ap.key)
ap_value = '{}'.format(ap.value)
meta_data_line = MakeMetadataLine(ap_key, ap_value, indent=2)
text_util.print_to_fd(meta_data_line)
if obj.customerEncryption:
if not obj.crc32c:
text_util.print_to_fd(
MakeMetadataLine('Hash (crc32c)', 'encrypted'))
if not obj.md5Hash:
text_util.print_to_fd(MakeMetadataLine('Hash (md5)', 'encrypted'))
text_util.print_to_fd(
MakeMetadataLine('Encryption algorithm',
obj.customerEncryption.encryptionAlgorithm))
text_util.print_to_fd(
MakeMetadataLine('Encryption key SHA256',
obj.customerEncryption.keySha256))
if obj.crc32c:
text_util.print_to_fd(MakeMetadataLine('Hash (crc32c)', obj.crc32c))
if obj.md5Hash:
text_util.print_to_fd(MakeMetadataLine('Hash (md5)', obj.md5Hash))
text_util.print_to_fd(MakeMetadataLine('ETag', obj.etag.strip('"\'')))
if obj.generation:
generation_str = GenerationFromUrlAndString(storage_url,
obj.generation)
text_util.print_to_fd(MakeMetadataLine('Generation', generation_str))
if obj.metageneration:
text_util.print_to_fd(
MakeMetadataLine('Metageneration', obj.metageneration))
if incl_acl:
# JSON API won't return acls as part of the response unless we have
# full control scope
if obj.acl:
text_util.print_to_fd(
MakeMetadataLine('ACL',
AclTranslation.JsonFromMessage(obj.acl)))
elif S3_ACL_MARKER_GUID in marker_props:
text_util.print_to_fd(
MakeMetadataLine('ACL', marker_props[S3_ACL_MARKER_GUID]))
else:
# Empty ACLs are possible with Bucket Policy Only and no longer imply
# ACCESS DENIED anymore.
text_util.print_to_fd(MakeMetadataLine('ACL', '[]'))
return (num_objs, num_bytes)
def PrintFullInfoAboutObject(bucket_listing_ref, incl_acl=True):
"""Print full info for given object (like what displays for gsutil ls -L).
Args:
bucket_listing_ref: BucketListingRef being listed.
Must have ref_type OBJECT and a populated root_object
with the desired fields.
incl_acl: True if ACL info should be output.
Returns:
Tuple (number of objects, object_length)
Raises:
Exception: if calling bug encountered.
"""
url_str = bucket_listing_ref.url_string
storage_url = StorageUrlFromString(url_str)
obj = bucket_listing_ref.root_object
if (obj.metadata
and S3_DELETE_MARKER_GUID in obj.metadata.additionalProperties):
num_bytes = 0
num_objs = 0
url_str += '<DeleteMarker>'
else:
num_bytes = obj.size
num_objs = 1
print('%s:' % url_str.encode(UTF8))
if obj.timeCreated:
print(
MakeMetadataLine(
'Creation time',
obj.timeCreated.strftime('%a, %d %b %Y %H:%M:%S GMT')))
if obj.updated:
print(
MakeMetadataLine(
'Update time',
obj.updated.strftime('%a, %d %b %Y %H:%M:%S GMT')))
if (obj.timeStorageClassUpdated
and obj.timeStorageClassUpdated != obj.timeCreated):
print(
MakeMetadataLine(
'Storage class update time',
obj.timeStorageClassUpdated.strftime(
'%a, %d %b %Y %H:%M:%S GMT')))
if obj.storageClass:
print(MakeMetadataLine('Storage class', obj.storageClass))
if obj.kmsKeyName:
print(MakeMetadataLine('KMS key', obj.kmsKeyName))
if obj.cacheControl:
print(MakeMetadataLine('Cache-Control', obj.cacheControl))
if obj.contentDisposition:
print(MakeMetadataLine('Content-Disposition', obj.contentDisposition))
if obj.contentEncoding:
print(MakeMetadataLine('Content-Encoding', obj.contentEncoding))
if obj.contentLanguage:
print(MakeMetadataLine('Content-Language', obj.contentLanguage))
print(MakeMetadataLine('Content-Length', obj.size))
print(MakeMetadataLine('Content-Type', obj.contentType))
if obj.componentCount:
print(MakeMetadataLine('Component-Count', obj.componentCount))
if obj.timeDeleted:
print(
MakeMetadataLine(
'Archived time',
obj.timeDeleted.strftime('%a, %d %b %Y %H:%M:%S GMT')))
marker_props = {}
if obj.metadata and obj.metadata.additionalProperties:
non_marker_props = []
for add_prop in obj.metadata.additionalProperties:
if add_prop.key not in S3_MARKER_GUIDS:
non_marker_props.append(add_prop)
else:
marker_props[add_prop.key] = add_prop.value
if non_marker_props:
print(MakeMetadataLine('Metadata', ''))
for ap in non_marker_props:
print(
MakeMetadataLine(('%s' % ap.key).encode(UTF8),
('%s' % ap.value).encode(UTF8),
indent=2))
if obj.customerEncryption:
if not obj.crc32c:
print(MakeMetadataLine('Hash (crc32c)', 'encrypted'))
if not obj.md5Hash:
print(MakeMetadataLine('Hash (md5)', 'encrypted'))
print(
MakeMetadataLine('Encryption algorithm',
obj.customerEncryption.encryptionAlgorithm))
print(
MakeMetadataLine('Encryption key SHA256',
obj.customerEncryption.keySha256))
if obj.crc32c:
print(MakeMetadataLine('Hash (crc32c)', obj.crc32c))
if obj.md5Hash:
print(MakeMetadataLine('Hash (md5)', obj.md5Hash))
print(MakeMetadataLine('ETag', obj.etag.strip('"\'')))
if obj.generation:
generation_str = GenerationFromUrlAndString(storage_url,
obj.generation)
print(MakeMetadataLine('Generation', generation_str))
if obj.metageneration:
print(MakeMetadataLine('Metageneration', obj.metageneration))
if incl_acl:
# JSON API won't return acls as part of the response unless we have
# full control scope
if obj.acl:
print(
MakeMetadataLine('ACL',
AclTranslation.JsonFromMessage(obj.acl)))
elif S3_ACL_MARKER_GUID in marker_props:
print(MakeMetadataLine('ACL', marker_props[S3_ACL_MARKER_GUID]))
else:
print(MakeMetadataLine('ACL', 'ACCESS DENIED'))
print(
MakeMetadataLine(
'Note',
'You need OWNER permission on the object to read its ACL',
2))
return (num_objs, num_bytes)