static void ReadObjectAcl()
{
string id = Common.InputString("Key:", null, false);
GetACLRequest request = new GetACLRequest();
request.BucketName = _Bucket;
request.Key = id;
GetACLResponse response = _S3Client.GetACLAsync(request).Result;
if (response != null)
{
if (response.AccessControlList != null)
{
Console.WriteLine("Owner: " + response.AccessControlList.Owner.DisplayName + " ID " + response.AccessControlList.Owner.Id);
Console.WriteLine("Grants:");
foreach (S3Grant grant in response.AccessControlList.Grants)
{
Console.WriteLine("| Grantee : " + grant.Grantee.DisplayName);
Console.WriteLine("| Permission : " + grant.Permission);
}
}
Console.WriteLine("Success");
}
else
{
Console.WriteLine("Failed");
}
}
/// <summary>
/// Sets the storage class for the S3 Object's Version to the value
/// specified.
/// </summary>
/// <param name="bucketName">The name of the bucket in which the key is stored</param>
/// <param name="key">The key of the S3 Object whose storage class needs changing</param>
/// <param name="version">The version of the S3 Object whose storage class needs changing</param>
/// <param name="sClass">The new Storage Class for the object</param>
/// <param name="s3Client">The Amazon S3 Client to use for S3 specific operations.</param>
/// <seealso cref="T:Amazon.S3.Model.S3StorageClass"/>
public static void SetObjectStorageClass(string bucketName, string key, string version, S3StorageClass sClass, AmazonS3 s3Client)
{
if (sClass > S3StorageClass.ReducedRedundancy ||
sClass < S3StorageClass.Standard)
{
throw new ArgumentException("Invalid value specified for storage class.");
}
if (null == s3Client)
{
throw new ArgumentNullException("s3Client", "Please specify an S3 Client to make service requests.");
}
// Get the existing ACL of the object
GetACLRequest getACLRequest = new GetACLRequest();
getACLRequest.BucketName = bucketName;
getACLRequest.Key = key;
if (version != null)
{
getACLRequest.VersionId = version;
}
GetACLResponse getACLResponse = s3Client.GetACL(getACLRequest);
GetObjectMetadataResponse getMetadataResponse = s3Client.GetObjectMetadata(new GetObjectMetadataRequest()
.WithBucketName(bucketName)
.WithKey(key));
// Set the storage class on the object
CopyObjectRequest copyRequest = new CopyObjectRequest();
copyRequest.SourceBucket = copyRequest.DestinationBucket = bucketName;
copyRequest.SourceKey = copyRequest.DestinationKey = key;
copyRequest.ServerSideEncryptionMethod = getMetadataResponse.ServerSideEncryptionMethod;
if (version != null)
{
copyRequest.SourceVersionId = version;
}
copyRequest.StorageClass = sClass;
// The copyRequest's Metadata directive is COPY by default
CopyObjectResponse copyResponse = s3Client.CopyObject(copyRequest);
// Set the object's original ACL back onto it because a COPY
// operation resets the ACL on the destination object.
SetACLRequest setACLRequest = new SetACLRequest();
setACLRequest.BucketName = bucketName;
setACLRequest.Key = key;
if (version != null)
{
setACLRequest.VersionId = copyResponse.VersionId;
}
setACLRequest.ACL = getACLResponse.AccessControlList;
s3Client.SetACL(setACLRequest);
}
/// <summary>
/// Sets the server side encryption method for the S3 Object's Version to the value
/// specified.
/// </summary>
/// <param name="bucketName">The name of the bucket in which the key is stored</param>
/// <param name="key">The key of the S3 Object</param>
/// <param name="version">The version of the S3 Object</param>
/// <param name="method">The server side encryption method</param>
/// <param name="s3Client">The Amazon S3 Client to use for S3 specific operations.</param>
/// <seealso cref="T:Amazon.S3.Model.S3StorageClass"/>
public static void SetServerSideEncryption(string bucketName, string key, string version, ServerSideEncryptionMethod method, AmazonS3 s3Client)
{
if (null == s3Client)
{
throw new ArgumentNullException("s3Client", "Please specify an S3 Client to make service requests.");
}
// Get the existing ACL of the object
GetACLRequest getACLRequest = new GetACLRequest();
getACLRequest.BucketName = bucketName;
getACLRequest.Key = key;
if (version != null)
{
getACLRequest.VersionId = version;
}
GetACLResponse getACLResponse = s3Client.GetACL(getACLRequest);
ListObjectsResponse listObjectResponse = s3Client.ListObjects(new ListObjectsRequest()
.WithBucketName(bucketName)
.WithPrefix(key)
.WithMaxKeys(1));
if (listObjectResponse.S3Objects.Count != 1)
{
throw new ArgumentNullException("No object exists with this bucket name and key.");
}
// Set the storage class on the object
CopyObjectRequest copyRequest = new CopyObjectRequest();
copyRequest.SourceBucket = copyRequest.DestinationBucket = bucketName;
copyRequest.SourceKey = copyRequest.DestinationKey = key;
copyRequest.StorageClass = listObjectResponse.S3Objects[0].StorageClass == "STANDARD" ? S3StorageClass.Standard : S3StorageClass.ReducedRedundancy;
if (version != null)
{
copyRequest.SourceVersionId = version;
}
copyRequest.ServerSideEncryptionMethod = method;
// The copyRequest's Metadata directive is COPY by default
CopyObjectResponse copyResponse = s3Client.CopyObject(copyRequest);
// Set the object's original ACL back onto it because a COPY
// operation resets the ACL on the destination object.
SetACLRequest setACLRequest = new SetACLRequest();
setACLRequest.BucketName = bucketName;
setACLRequest.Key = key;
if (version != null)
{
setACLRequest.VersionId = copyResponse.VersionId;
}
setACLRequest.ACL = getACLResponse.AccessControlList;
s3Client.SetACL(setACLRequest);
}
/// <summary>
/// Sets up the request needed to make an exact copy of the object leaving the parent method
/// the ability to change just the attribute being requested to change.
/// </summary>
/// <param name="bucketName"></param>
/// <param name="key"></param>
/// <param name="version"></param>
/// <param name="s3Client"></param>
/// <param name="copyRequest"></param>
/// <param name="putACLRequest"></param>
static void SetupForObjectModification(IAmazonS3 s3Client, string bucketName, string key, string version,
out CopyObjectRequest copyRequest, out PutACLRequest putACLRequest)
{
// Get the existing ACL of the object
GetACLRequest getACLRequest = new GetACLRequest();
getACLRequest.BucketName = bucketName;
getACLRequest.Key = key;
if (version != null)
{
getACLRequest.VersionId = version;
}
GetACLResponse getACLResponse = s3Client.GetACL(getACLRequest);
// Set the object's original ACL back onto it because a COPY
// operation resets the ACL on the destination object.
putACLRequest = new PutACLRequest();
putACLRequest.BucketName = bucketName;
putACLRequest.Key = key;
putACLRequest.AccessControlList = getACLResponse.AccessControlList;
ListObjectsResponse listObjectResponse = s3Client.ListObjects(new ListObjectsRequest
{
BucketName = bucketName,
Prefix = key,
MaxKeys = 1
});
if (listObjectResponse.S3Objects.Count != 1)
{
throw new InvalidOperationException("No object exists with this bucket name and key.");
}
GetObjectMetadataRequest getMetaRequest = new GetObjectMetadataRequest()
{
BucketName = bucketName,
Key = key
};
GetObjectMetadataResponse getMetaResponse = s3Client.GetObjectMetadata(getMetaRequest);
// Set the storage class on the object
copyRequest = new CopyObjectRequest();
copyRequest.SourceBucket = copyRequest.DestinationBucket = bucketName;
copyRequest.SourceKey = copyRequest.DestinationKey = key;
copyRequest.StorageClass = listObjectResponse.S3Objects[0].StorageClass == "STANDARD" ? S3StorageClass.Standard : S3StorageClass.ReducedRedundancy;
if (version != null)
{
copyRequest.SourceVersionId = version;
}
copyRequest.WebsiteRedirectLocation = getMetaResponse.WebsiteRedirectLocation;
copyRequest.ServerSideEncryptionMethod = getMetaResponse.ServerSideEncryptionMethod;
}
public async Task <BlobDescriptor> GetBlobDescriptorAsync(string containerName, string blobName)
{
var key = GenerateKeyName(containerName, blobName);
try
{
var objectMetaRequest = new GetObjectMetadataRequest()
{
BucketName = _bucket,
Key = key
};
var objectMetaResponse = await _s3Client.GetObjectMetadataAsync(objectMetaRequest);
var objectAclRequest = new GetACLRequest()
{
BucketName = _bucket,
Key = key
};
var objectAclResponse = await _s3Client.GetACLAsync(objectAclRequest);
var isPublic = objectAclResponse.AccessControlList.Grants
.Where(x => x.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers").Count() > 0;
return(new BlobDescriptor
{
Name = blobName,
Container = containerName,
Length = objectMetaResponse.Headers.ContentLength,
ETag = objectMetaResponse.ETag,
ContentMD5 = objectMetaResponse.ETag,
ContentType = objectMetaResponse.Headers.ContentType,
LastModified = objectMetaResponse.LastModified,
Security = isPublic ? BlobSecurity.Public : BlobSecurity.Private
});
}
catch (AmazonS3Exception asex)
{
if (IsInvalidAccessException(asex))
{
throw new StorageException(1000.ToStorageError(), asex);
}
else
{
throw new StorageException(1001.ToStorageError(), asex);
}
}
}
public void RequiredUriParameterBucketForGetAcl(string bucket, string key)
{
var request = new GetACLRequest()
{
BucketName = bucket, Key = key
};
if (string.IsNullOrEmpty(bucket)) //Key can be null
{
Assert.ThrowsException <ArgumentException>(() => GetACLRequestMarshaller.Instance.Marshall(request));
}
else
{
GetACLRequestMarshaller.Instance.Marshall(request);
}
}
public async Task <BlobDescriptor> GetBlobDescriptorAsync(string containerName, string blobName)
{
var key = GenerateKeyName(containerName, blobName);
try
{
var objectMetaRequest = new GetObjectMetadataRequest
{
BucketName = _bucket,
Key = key
};
var objectMetaResponse = await _s3Client.GetObjectMetadataAsync(objectMetaRequest);
var objectAclRequest = new GetACLRequest
{
BucketName = _bucket,
Key = key
};
var objectAclResponse = await _s3Client.GetACLAsync(objectAclRequest);
var isPublic = objectAclResponse.AccessControlList.Grants.Any(x => x.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers");
return(new BlobDescriptor
{
Name = blobName,
Container = containerName,
Length = objectMetaResponse.Headers.ContentLength,
ETag = objectMetaResponse.ETag,
ContentMD5 = objectMetaResponse.ETag,
ContentType = objectMetaResponse.Headers.ContentType,
ContentDisposition = objectMetaResponse.Headers.ContentDisposition,
LastModified = objectMetaResponse.LastModified,
Security = isPublic ? BlobSecurity.Public : BlobSecurity.Private,
Metadata = objectMetaResponse.Metadata.ToMetadata(),
});
}
catch (AmazonS3Exception asex)
{
throw asex.ToStorageException();
}
}
/// <summary>
/// Return the ACL and stat of the node of the given path.
///
/// A KeeperException with error code KeeperException.NoNode will be thrown
/// if no node with the given path exists.
/// @param path
/// the given path for the node
/// @param stat
/// the stat of the node will be copied to this parameter.
/// @return the ACL array of the given node.
/// @throws InterruptedException If the server transaction is interrupted.
/// @throws KeeperException If the server signals an error with a non-zero error code.
/// @throws IllegalArgumentException if an invalid path is specified
/// </summary>
public IEnumerable <ACL> GetACL(string path, Stat stat)
{
string clientPath = path;
PathUtils.ValidatePath(clientPath);
string serverPath = PrependChroot(clientPath);
RequestHeader h = new RequestHeader();
h.Type = (int)OpCode.GetACL;
GetACLRequest request = new GetACLRequest(serverPath);
GetACLResponse response = new GetACLResponse();
ReplyHeader r = cnxn.SubmitRequest(h, request, response, null);
if (r.Err != 0)
{
throw KeeperException.Create((KeeperException.Code)Enum.ToObject(typeof(KeeperException.Code), r.Err), clientPath);
}
DataTree.CopyStat(response.Stat, stat);
return(response.Acl);
}
public void Test_Blob_Properties_Updated()
{
var container = GetRandomContainerName();
var blobName = GenerateRandomName();
var contentType = "image/jpg";
var newContentType = "image/png";
var data = GenerateRandomBlobStream();
CreateNewObject(container, blobName, data, false, contentType);
_provider.UpdateBlobProperties(container, blobName, new BlobProperties
{
ContentType = newContentType,
Security = BlobSecurity.Public
});
var objectMetaRequest = new GetObjectMetadataRequest()
{
BucketName = Bucket,
Key = container + "/" + blobName
};
var props = _client.GetObjectMetadata(objectMetaRequest);
Assert.Equal(props.Headers.ContentType, newContentType);
var objectAclRequest = new GetACLRequest()
{
BucketName = Bucket,
Key = container + "/" + blobName
};
var acl = _client.GetACL(objectAclRequest);
var isPublic = acl.AccessControlList.Grants
.Where(x => x.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers").Count() > 0;
Assert.True(isPublic);
}
private void setS3Permission(String bucketName, String key)
{
// Get the ACL for the file and retrieve the owner ID (not sure how to get it otherwise).
GetACLRequest getAclRequest = new GetACLRequest().WithBucketName(bucketName).WithKey(key);
GetACLResponse aclResponse = s3.GetACL(getAclRequest);
Owner owner = aclResponse.AccessControlList.Owner;
// Create a grantee as the MessageGears account
S3Grantee grantee = new S3Grantee().WithCanonicalUser(properties.MessageGearsAWSCanonicalId, "MessageGears");
// Grant MessageGears Read-only access
S3Permission messageGearsPermission = S3Permission.READ;
S3AccessControlList acl = new S3AccessControlList().WithOwner(owner);
acl.AddGrant(grantee, messageGearsPermission);
// Create a new ACL granting the owner full control.
grantee = new S3Grantee().WithCanonicalUser(owner.Id, "MyAWSId");
acl.AddGrant(grantee, S3Permission.FULL_CONTROL);
SetACLRequest aclRequest = new SetACLRequest().WithACL(acl).WithBucketName(bucketName).WithKey(key);
s3.SetACL(aclRequest);
}
/// <summary>获取Bucket权限
/// </summary>
public async Task GetAclAsync(string bucket, string objectKey = "")
{
_console.WriteLine("--- Get acl ---");
var client = GetClient();
var getACLRequest = new GetACLRequest()
{
BucketName = bucket
};
if (!string.IsNullOrWhiteSpace(objectKey))
{
getACLRequest.Key = objectKey;
}
var getACLResponse = await client.GetACLAsync(getACLRequest);
foreach (var grant in getACLResponse.AccessControlList.Grants)
{
Console.WriteLine("Current bucket acl:{0}", grant.Permission.Value);
}
_console.WriteLine("--- End of get acl ---");
}
private async Task <IEnumerable <ACL> > GetACLAsyncInternal(string path, Stat stat, bool sync)
{
string clientPath = path;
PathUtils.ValidatePath(clientPath);
string serverPath = PrependChroot(clientPath);
RequestHeader h = new RequestHeader();
h.Type = (int)OpCode.GetACL;
GetACLRequest request = new GetACLRequest(serverPath);
GetACLResponse response = new GetACLResponse();
ReplyHeader r = sync ? cnxn.SubmitRequest(h, request, response, null)
: await cnxn.SubmitRequestAsync(h, request, response, null).ConfigureAwait(false);
if (r.Err != 0)
{
throw KeeperException.Create((KeeperException.Code)Enum.ToObject(typeof(KeeperException.Code), r.Err), clientPath);
}
DataTree.CopyStat(response.Stat, stat);
return(response.Acl);
}
public Task <GetACLResponse> GetACLAsync(GetACLRequest request, CancellationToken cancellationToken = default)
{
throw new NotImplementedException();
}
public void GetACLAsync(GetACLRequest request, AmazonServiceCallback <GetACLRequest, GetACLResponse> callback, AsyncOptions options = null)
{
throw new System.NotImplementedException();
}
public async Task <List <FileMetadata> > List(string prefix = null)
{
var descriptors = new List <FileMetadata>();
var objectsRequest = new ListObjectsRequest
{
BucketName = _bucketName,
Prefix = prefix,
MaxKeys = 100000
};
do
{
var objectsResponse = await _client.ListObjectsAsync(objectsRequest);
foreach (S3Object entry in objectsResponse.S3Objects)
{
var objectMetaRequest = new GetObjectMetadataRequest
{
BucketName = _bucketName,
Key = entry.Key
};
var objectMetaResponse = await _client.GetObjectMetadataAsync(objectMetaRequest);
var objectAclRequest = new GetACLRequest
{
BucketName = _bucketName,
Key = entry.Key
};
var objectAclResponse = await _client.GetACLAsync(objectAclRequest);
var isPublic = objectAclResponse.AccessControlList.Grants.Any(x => x.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers");
descriptors.Add(new FileMetadata
{
Name = entry.Key,
BucketName = _bucketName,
Length = entry.Size,
ETag = entry.ETag,
ContentMD5 = entry.ETag,
ContentType = objectMetaResponse.Headers.ContentType,
LastModifiedOn = entry.LastModified,
//Security = isPublic ? FileSecurity.Public : FileSecurity.Private,
ContentDisposition = objectMetaResponse.Headers.ContentDisposition,
Metadata = objectMetaResponse.Metadata.ToMetadata(),
});
}
// If response is truncated, set the marker to get the next set of keys.
if (objectsResponse.IsTruncated)
{
objectsRequest.Marker = objectsResponse.NextMarker;
}
else
{
objectsRequest = null;
}
} while (objectsRequest != null);
return(descriptors);
}
public async Task <IList <BlobDescriptor> > ListBlobsAsync(string containerName)
{
var descriptors = new List <BlobDescriptor>();
var objectsRequest = new ListObjectsRequest
{
BucketName = _bucket,
Prefix = containerName,
MaxKeys = 100000
};
try
{
do
{
var objectsResponse = await _s3Client.ListObjectsAsync(objectsRequest);
foreach (S3Object entry in objectsResponse.S3Objects)
{
var objectMetaRequest = new GetObjectMetadataRequest()
{
BucketName = _bucket,
Key = entry.Key
};
var objectMetaResponse = await _s3Client.GetObjectMetadataAsync(objectMetaRequest);
var objectAclRequest = new GetACLRequest()
{
BucketName = _bucket,
Key = entry.Key
};
var objectAclResponse = await _s3Client.GetACLAsync(objectAclRequest);
var isPublic = objectAclResponse.AccessControlList.Grants
.Where(x => x.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers").Count() > 0;
descriptors.Add(new BlobDescriptor
{
Name = entry.Key.Remove(0, containerName.Length + 1),
Container = containerName,
Length = entry.Size,
ETag = entry.ETag,
ContentMD5 = entry.ETag,
ContentType = objectMetaResponse.Headers.ContentType,
LastModified = entry.LastModified,
Security = isPublic ? BlobSecurity.Public : BlobSecurity.Private
});
}
// If response is truncated, set the marker to get the next set of keys.
if (objectsResponse.IsTruncated)
{
objectsRequest.Marker = objectsResponse.NextMarker;
}
else
{
objectsRequest = null;
}
} while (objectsRequest != null);
return(descriptors);
}
catch (AmazonS3Exception asex)
{
if (IsInvalidAccessException(asex))
{
throw new StorageException(1000.ToStorageError(), asex);
}
else
{
throw new StorageException(1001.ToStorageError(), asex);
}
}
}
public GetACLResponse GetACL(GetACLRequest request)
{
throw new NotImplementedException();
}
