def _ChAcl(self):
self.changes = []
if self.sub_opts:
for o, a in self.sub_opts:
if o == '-g':
self.changes.append(
aclhelpers.AclChange(
a, scope_type=aclhelpers.ChangeType.GROUP))
if o == '-u':
self.changes.append(
aclhelpers.AclChange(
a, scope_type=aclhelpers.ChangeType.USER))
if o == '-d':
self.changes.append(aclhelpers.AclDel(a))
if o == '-r' or o == '-R':
self.recursion_requested = True
if not self.changes:
raise CommandException('Please specify at least one access change '
'with the -g, -u, or -d flags')
storage_uri = self.UrisAreForSingleProvider(self.args)
if not (storage_uri and storage_uri.get_provider().name == 'google'):
raise CommandException(
'The "{0}" command can only be used with gs:// URIs'.format(
self.command_name))
bulk_uris = set()
for uri_arg in self.args:
for result in self.WildcardIterator(uri_arg):
uri = result.uri
if uri.names_bucket():
if self.recursion_requested:
bulk_uris.add(uri.clone_replace_name('*').uri)
else:
# If applying to a bucket directly, the threading machinery will
# break, so we have to apply now, in the main thread.
self.ApplyAclChanges(uri)
else:
bulk_uris.add(uri_arg)
try:
name_expansion_iterator = name_expansion.NameExpansionIterator(
self.command_name, self.proj_id_handler, self.headers,
self.debug, self.logger, self.bucket_storage_uri_class,
bulk_uris, self.recursion_requested)
except CommandException as e:
# NameExpansionIterator will complain if there are no URIs, but we don't
# want to throw an error if we handled bucket URIs.
if e.reason == 'No URIs matched':
return 0
else:
raise e
self.everything_set_okay = True
self.Apply(_ApplyAclChangesWrapper, name_expansion_iterator,
_ApplyExceptionHandler)
if not self.everything_set_okay:
raise CommandException('ACLs for some objects could not be set.')
def testAclChangeWithAllAuthUsers(self):
change = aclhelpers.AclChange('AllAuthenticatedUsers:READ',
scope_type=aclhelpers.ChangeType.GROUP)
acl = self.sample_uri.get_acl()
change.Execute(self.sample_uri, acl, self.logger)
self._AssertHas(acl, 'READ', 'AllAuthenticatedUsers')
remove = aclhelpers.AclDel('AllAuthenticatedUsers')
remove.Execute(self.sample_uri, acl, self.logger)
self._AssertHasNo(acl, 'READ', 'AllAuthenticatedUsers')
def testAclChangeWithAllAuthUsers(self):
change = aclhelpers.AclChange('AllAuthenticatedUsers:READ',
scope_type=aclhelpers.ChangeType.GROUP)
acl = list(AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
change.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'READER', 'AllAuthenticatedUsers')
remove = aclhelpers.AclDel('AllAuthenticatedUsers')
remove.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHasNo(acl, 'READER', 'AllAuthenticatedUsers')
def testAclDelWithGroup(self):
add = aclhelpers.AclChange(self.USER_TEST_ADDRESS + ':READ',
scope_type=aclhelpers.ChangeType.GROUP)
acl = self.sample_uri.get_acl()
add.Execute(self.sample_uri, acl, self.logger)
self._AssertHas(acl, 'READ', 'GroupByEmail', self.USER_TEST_ADDRESS)
remove = aclhelpers.AclDel(self.USER_TEST_ADDRESS)
remove.Execute(self.sample_uri, acl, self.logger)
self._AssertHasNo(acl, 'READ', 'GroupByEmail', self.GROUP_TEST_ADDRESS)
def testAclDelWithGroup(self):
add = aclhelpers.AclChange(self.USER_TEST_ADDRESS + ':READ',
scope_type=aclhelpers.ChangeType.GROUP)
acl = list(AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
add.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'READER', 'GroupByEmail', self.USER_TEST_ADDRESS)
remove = aclhelpers.AclDel(self.USER_TEST_ADDRESS)
remove.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHasNo(acl, 'READER', 'GroupByEmail', self.GROUP_TEST_ADDRESS)
def testAclDelWithProjectOwners(self):
add = aclhelpers.AclChange(self._project_test_acl + ':READ',
scope_type=aclhelpers.ChangeType.PROJECT)
acl = list(AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl()))
add.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHas(acl, 'READER', 'Project', self._project_test_acl)
remove = aclhelpers.AclDel(self._project_test_acl)
remove.Execute(self.sample_url, acl, 'acl', self.logger)
self._AssertHasNo(acl, 'READ', 'Project', self._project_test_acl)
def _ChAcl(self):
"""Parses options and changes ACLs on the specified buckets/objects."""
self.parse_versions = True
self.changes = []
self.continue_on_error = False
if self.sub_opts:
for o, a in self.sub_opts:
if o == '-f':
self.continue_on_error = True
elif o == '-g':
if 'gserviceaccount.com' in a:
raise CommandException(
'Service accounts are considered users, not groups; please use '
'"gsutil acl ch -u" instead of "gsutil acl ch -g"')
self.changes.append(
aclhelpers.AclChange(
a, scope_type=aclhelpers.ChangeType.GROUP))
elif o == '-p':
self.changes.append(
aclhelpers.AclChange(
a, scope_type=aclhelpers.ChangeType.PROJECT))
elif o == '-u':
self.changes.append(
aclhelpers.AclChange(
a, scope_type=aclhelpers.ChangeType.USER))
elif o == '-d':
self.changes.append(aclhelpers.AclDel(a))
elif o == '-r' or o == '-R':
self.recursion_requested = True
else:
self.RaiseInvalidArgumentException()
if not self.changes:
raise CommandException('Please specify at least one access change '
'with the -g, -u, or -d flags')
if (not UrlsAreForSingleProvider(self.args)
or StorageUrlFromString(self.args[0]).scheme != 'gs'):
raise CommandException(
'The "{0}" command can only be used with gs:// URLs'.format(
self.command_name))
self.everything_set_okay = True
self.ApplyAclFunc(
_ApplyAclChangesWrapper,
_ApplyExceptionHandler,
self.args,
object_fields=['acl', 'generation', 'metageneration'])
if not self.everything_set_okay:
raise CommandException('ACLs for some objects could not be set.')
def _ChDefAcl(self):
"""Parses options and changes default object ACLs on specified buckets."""
self.parse_versions = True
self.changes = []
if self.sub_opts:
for o, a in self.sub_opts:
if o == '-g':
self.changes.append(
aclhelpers.AclChange(
a, scope_type=aclhelpers.ChangeType.GROUP))
if o == '-u':
self.changes.append(
aclhelpers.AclChange(
a, scope_type=aclhelpers.ChangeType.USER))
if o == '-p':
self.changes.append(
aclhelpers.AclChange(
a, scope_type=aclhelpers.ChangeType.PROJECT))
if o == '-d':
self.changes.append(aclhelpers.AclDel(a))
if not self.changes:
raise CommandException('Please specify at least one access change '
'with the -g, -u, or -d flags')
if (not UrlsAreForSingleProvider(self.args)
or StorageUrlFromString(self.args[0]).scheme != 'gs'):
raise CommandException(
'The "{0}" command can only be used with gs:// URLs'.format(
self.command_name))
bucket_urls = set()
for url_arg in self.args:
for result in self.WildcardIterator(url_arg):
if not result.storage_url.IsBucket():
raise CommandException(
'The defacl ch command can only be applied to buckets.'
)
bucket_urls.add(result.storage_url)
for storage_url in bucket_urls:
self.ApplyAclChanges(storage_url)
def _ChDefAcl(self):
self.parse_versions = True
self.changes = []
if self.sub_opts:
for o, a in self.sub_opts:
if o == '-g':
self.changes.append(
aclhelpers.AclChange(
a,
scope_type=aclhelpers.ChangeType.GROUP,
logger=self.logger))
if o == '-u':
self.changes.append(
aclhelpers.AclChange(
a,
scope_type=aclhelpers.ChangeType.USER,
logger=self.logger))
if o == '-d':
self.changes.append(
aclhelpers.AclDel(a, logger=self.logger))
if not self.changes:
raise CommandException('Please specify at least one access change '
'with the -g, -u, or -d flags')
storage_uri = self.UrisAreForSingleProvider(self.args)
if not (storage_uri and storage_uri.get_provider().name == 'google'):
raise CommandException(
'The "{0}" command can only be used with gs:// URIs'.format(
self.command_name))
bucket_uris = set()
for uri_arg in self.args:
for result in self.WildcardIterator(uri_arg):
uri = result.uri
if not uri.names_bucket():
raise CommandException(
'The chdefacl command can only be applied to buckets.')
bucket_uris.add(uri)
for uri in bucket_uris:
self.ApplyAclChanges(uri)
def _ChAcl(self):
"""Parses options and changes ACLs on the specified buckets/objects."""
self.parse_versions = True
self.changes = []
self.continue_on_error = False
if self.sub_opts:
for o, a in self.sub_opts:
if o == '-f':
self.continue_on_error = True
if o == '-g':
self.changes.append(
aclhelpers.AclChange(
a, scope_type=aclhelpers.ChangeType.GROUP))
if o == '-u':
self.changes.append(
aclhelpers.AclChange(
a, scope_type=aclhelpers.ChangeType.USER))
if o == '-d':
self.changes.append(aclhelpers.AclDel(a))
if o == '-r' or o == '-R':
self.recursion_requested = True
if not self.changes:
raise CommandException('Please specify at least one access change '
'with the -g, -u, or -d flags')
if (not UrlsAreForSingleProvider(self.args)
or StorageUrlFromString(self.args[0]).scheme != 'gs'):
raise CommandException(
'The "{0}" command can only be used with gs:// URLs'.format(
self.command_name))
self.everything_set_okay = True
self.ApplyAclFunc(_ApplyAclChangesWrapper, _ApplyExceptionHandler,
self.args)
if not self.everything_set_okay:
raise CommandException('ACLs for some objects could not be set.')