def _ChAcl(self): """Parses options and changes ACLs on the specified buckets/objects.""" self.parse_versions = True self.changes = [] self.continue_on_error = False if self.sub_opts: for o, a in self.sub_opts: if o == '-f': self.continue_on_error = True elif o == '-g': if 'gserviceaccount.com' in a: raise CommandException( 'Service accounts are considered users, not groups; please use ' '"gsutil acl ch -u" instead of "gsutil acl ch -g"') self.changes.append( acl_helper.AclChange( a, scope_type=acl_helper.ChangeType.GROUP)) elif o == '-p': self.changes.append( acl_helper.AclChange( a, scope_type=acl_helper.ChangeType.PROJECT)) elif o == '-u': self.changes.append( acl_helper.AclChange( a, scope_type=acl_helper.ChangeType.USER)) elif o == '-d': self.changes.append(acl_helper.AclDel(a)) elif o == '-r' or o == '-R': self.recursion_requested = True else: self.RaiseInvalidArgumentException() if not self.changes: raise CommandException('Please specify at least one access change ' 'with the -g, -u, or -d flags') if (not UrlsAreForSingleProvider(self.args) or StorageUrlFromString(self.args[0]).scheme != 'gs'): raise CommandException( 'The "{0}" command can only be used with gs:// URLs'.format( self.command_name)) self.everything_set_okay = True self.ApplyAclFunc( _ApplyAclChangesWrapper, _ApplyExceptionHandler, self.args, object_fields=['acl', 'generation', 'metageneration']) if not self.everything_set_okay: raise CommandException('ACLs for some objects could not be set.')
def testAclChangeWithAllUsers(self): change = acl_helper.AclChange('AllUsers:WRITE', scope_type=acl_helper.ChangeType.GROUP) acl = list( AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl())) change.Execute(self.sample_url, acl, 'acl', self.logger) self._AssertHas(acl, 'WRITER', 'AllUsers')
def testAclChangeWithProjectOwners(self): change = acl_helper.AclChange(self._project_test_acl + ':READ', scope_type=acl_helper.ChangeType.PROJECT) acl = list( AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl())) change.Execute(self.sample_url, acl, 'acl', self.logger) self._AssertHas(acl, 'READER', 'Project', self._project_test_acl)
def testAclChangeWithDomain(self): change = acl_helper.AclChange(self.DOMAIN_TEST + ':READ', scope_type=acl_helper.ChangeType.GROUP) acl = list( AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl())) change.Execute(self.sample_url, acl, 'acl', self.logger) self._AssertHas(acl, 'READER', 'GroupByDomain', self.DOMAIN_TEST)
def testAclChangeWithGroupEmail(self): change = acl_helper.AclChange(self.GROUP_TEST_ADDRESS + ':fc', scope_type=acl_helper.ChangeType.GROUP) acl = list( AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl())) change.Execute(self.sample_url, acl, 'acl', self.logger) self._AssertHas(acl, 'OWNER', 'GroupByEmail', self.GROUP_TEST_ADDRESS)
def testAclChangeWithUserEmail(self): change = acl_helper.AclChange(self.USER_TEST_ADDRESS + ':r', scope_type=acl_helper.ChangeType.USER) acl = list( AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl())) change.Execute(self.sample_url, acl, 'acl', self.logger) self._AssertHas(acl, 'READER', 'UserByEmail', self.USER_TEST_ADDRESS)
def testAclChangeWithGroupId(self): change = acl_helper.AclChange(self.GROUP_TEST_ID + ':r', scope_type=acl_helper.ChangeType.GROUP) acl = list( AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl())) change.Execute(self.sample_url, acl, 'acl', self.logger) self._AssertHas(acl, 'READER', 'GroupById', self.GROUP_TEST_ID)
def testAclChangeWithAllAuthUsers(self): change = acl_helper.AclChange('AllAuthenticatedUsers:READ', scope_type=acl_helper.ChangeType.GROUP) acl = list( AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl())) change.Execute(self.sample_url, acl, 'acl', self.logger) self._AssertHas(acl, 'READER', 'AllAuthenticatedUsers') remove = acl_helper.AclDel('AllAuthenticatedUsers') remove.Execute(self.sample_url, acl, 'acl', self.logger) self._AssertHasNo(acl, 'READER', 'AllAuthenticatedUsers')
def _ChDefAcl(self): """Parses options and changes default object ACLs on specified buckets.""" self.parse_versions = True self.changes = [] if self.sub_opts: for o, a in self.sub_opts: if o == '-g': self.changes.append( acl_helper.AclChange( a, scope_type=acl_helper.ChangeType.GROUP)) if o == '-u': self.changes.append( acl_helper.AclChange( a, scope_type=acl_helper.ChangeType.USER)) if o == '-p': self.changes.append( acl_helper.AclChange( a, scope_type=acl_helper.ChangeType.PROJECT)) if o == '-d': self.changes.append(acl_helper.AclDel(a)) if not self.changes: raise CommandException('Please specify at least one access change ' 'with the -g, -u, or -d flags') if (not UrlsAreForSingleProvider(self.args) or StorageUrlFromString(self.args[0]).scheme != 'gs'): raise CommandException( 'The "{0}" command can only be used with gs:// URLs'.format( self.command_name)) bucket_urls = set() for url_arg in self.args: for result in self.WildcardIterator(url_arg): if not result.storage_url.IsBucket(): raise CommandException( 'The defacl ch command can only be applied to buckets.' ) bucket_urls.add(result.storage_url) for storage_url in bucket_urls: self.ApplyAclChanges(storage_url)
def testAclDelWithGroup(self): add = acl_helper.AclChange(self.USER_TEST_ADDRESS + ':READ', scope_type=acl_helper.ChangeType.GROUP) acl = list( AclTranslation.BotoBucketAclToMessage(self.sample_uri.get_acl())) add.Execute(self.sample_url, acl, 'acl', self.logger) self._AssertHas(acl, 'READER', 'GroupByEmail', self.USER_TEST_ADDRESS) remove = acl_helper.AclDel(self.USER_TEST_ADDRESS) remove.Execute(self.sample_url, acl, 'acl', self.logger) self._AssertHasNo(acl, 'READER', 'GroupByEmail', self.GROUP_TEST_ADDRESS)