KurlesHS/rclone
1
0
Fork 0
forked from TrueCloudLab/rclone
Code Pull requests Activity

User-configurable Amazon S3 ACL

Browse source 
fixes #413
This commit is contained in:
Radek Šenfeld 2016-08-22 14:59:03 +02:00 committed by Nick Craig-Wood
parent 037a000cc8
commit 2003ba356b
2 changed files with 50 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
docs/content/s3.md
View file

@ -121,6 +121,25 @@ Choose a number from below, or type in your own value
9 / South America (Sao Paulo) Region. 9 / South America (Sao Paulo) Region.
\ "sa-east-1" \ "sa-east-1"
location_constraint> 1 location_constraint> 1
Canned ACL used when creating buckets and/or storing objects in S3.
For more info visit http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Choose a number from below, or type in your own value
1 / Owner gets FULL_CONTROL. No one else has access rights (default).
\ "private"
2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
\ "public-read"
/ Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
3 | Granting this on a bucket is generally not recommended.
\ "public-read-write"
4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.
\ "authenticated-read"
/ Object owner gets FULL_CONTROL. Bucket owner gets READ access.
5 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
\ "bucket-owner-read"
/ Both the object owner and the bucket owner get FULL_CONTROL over the object.
6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
\ "bucket-owner-full-control"
acl> private
The server-side encryption algorithm used when storing this object in S3. The server-side encryption algorithm used when storing this object in S3.
Choose a number from below, or type in your own value Choose a number from below, or type in your own value
1 / None 1 / None

40
s3/s3.go
View file

@ -146,6 +146,28 @@ func init() {
Value: "sa-east-1", Value: "sa-east-1",
Help: "South America (Sao Paulo) Region.", Help: "South America (Sao Paulo) Region.",
}}, }},
}, {
Name: "acl",
Help: "Canned ACL used when creating buckets and/or storing objects in S3.\nFor more info visit http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl",
Examples: []fs.OptionExample{{
Value: "private",
Help: "Owner gets FULL_CONTROL. No one else has access rights (default).",
}, {
Value: "public-read",
Help: "Owner gets FULL_CONTROL. The AllUsers group gets READ access.",
}, {
Value: "public-read-write",
Help: "Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.\nGranting this on a bucket is generally not recommended.",
}, {
Value: "authenticated-read",
Help: "Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.",
}, {
Value: "bucket-owner-read",
Help: "Object owner gets FULL_CONTROL. Bucket owner gets READ access.\nIf you specify this canned ACL when creating a bucket, Amazon S3 ignores it.",
}, {
Value: "bucket-owner-full-control",
Help: "Both the object owner and the bucket owner get FULL_CONTROL over the object.\nIf you specify this canned ACL when creating a bucket, Amazon S3 ignores it.",
}},
}, { }, {
Name: "server_side_encryption", Name: "server_side_encryption",
Help: "The server-side encryption algorithm used when storing this object in S3.", Help: "The server-side encryption algorithm used when storing this object in S3.",
@ -174,7 +196,7 @@ type Fs struct {
c *s3.S3 // the connection to the s3 server c *s3.S3 // the connection to the s3 server
ses *session.Session // the s3 session ses *session.Session // the s3 session
bucket string // the bucket we are working on bucket string // the bucket we are working on
perm string // permissions for new buckets / objects acl string // ACL for new buckets / objects
root string // root of the bucket - ignore all objects above this root string // root of the bucket - ignore all objects above this
locationConstraint string // location constraint of new buckets locationConstraint string // location constraint of new buckets
sse string // the type of server-side encryption sse string // the type of server-side encryption
@ -320,11 +342,11 @@ func NewFs(name, root string) (fs.Fs, error) {
return nil, err return nil, err
} }
f := &Fs{ f := &Fs{
name: name, name: name,
c: c, c: c,
bucket: bucket, bucket: bucket,
ses: ses, ses: ses,
// FIXME perm: s3.Private, // FIXME need user to specify acl: fs.ConfigFile.MustValue(name, "acl"),
root: directory, root: directory,
locationConstraint: fs.ConfigFile.MustValue(name, "location_constraint"), locationConstraint: fs.ConfigFile.MustValue(name, "location_constraint"),
sse: fs.ConfigFile.MustValue(name, "server_side_encryption"), sse: fs.ConfigFile.MustValue(name, "server_side_encryption"),
@ -583,7 +605,7 @@ func (f *Fs) Mkdir() error {
} }
req := s3.CreateBucketInput{ req := s3.CreateBucketInput{
Bucket: &f.bucket, Bucket: &f.bucket,
ACL: &f.perm, ACL: &f.acl,
} }
if f.locationConstraint != "" { if f.locationConstraint != "" {
req.CreateBucketConfiguration = &s3.CreateBucketConfiguration{ req.CreateBucketConfiguration = &s3.CreateBucketConfiguration{
@ -780,7 +802,7 @@ func (o *Object) SetModTime(modTime time.Time) error {
directive := s3.MetadataDirectiveReplace // replace metadata with that passed in directive := s3.MetadataDirectiveReplace // replace metadata with that passed in
req := s3.CopyObjectInput{ req := s3.CopyObjectInput{
Bucket: &o.fs.bucket, Bucket: &o.fs.bucket,
ACL: &o.fs.perm, ACL: &o.fs.acl,
Key: &key, Key: &key,
ContentType: &contentType, ContentType: &contentType,
CopySource: aws.String(url.QueryEscape(sourceKey)), CopySource: aws.String(url.QueryEscape(sourceKey)),
@ -839,7 +861,7 @@ func (o *Object) Update(in io.Reader, src fs.ObjectInfo) error {
key := o.fs.root + o.remote key := o.fs.root + o.remote
req := s3manager.UploadInput{ req := s3manager.UploadInput{
Bucket: &o.fs.bucket, Bucket: &o.fs.bucket,
ACL: &o.fs.perm, ACL: &o.fs.acl,
Key: &key, Key: &key,
Body: in, Body: in,
ContentType: &contentType, ContentType: &contentType,