/// <summary>
/// Constructs a new empty BucketObjectsWindow.
/// </summary>
/// <param name="regionBucketAndPrefix">The region, bucket, and prefix, in the following form: [region:]bucket/prefix.</param>
/// <param name="batchIdCounter">The <see cref="BatchIdCounter"/> for this window.</param>
/// <param name="unprefixedStartAtKey">The key to start at or <b>null</b> to start at the beginning.</param>
/// <param name="unprefixedStopAtKey">The key to stop at or <b>null</b> to start at the beginning.</param>
/// <param name="cannedAcl">A <see cref="S3CannedACL"/> to use for the target file.</param>
/// <param name="grant">A <see cref="S3Grant"/> indicating rights grants to apply to the target file.</param>
public BucketObjectsWindow(string regionBucketAndPrefix, BatchIdCounter batchIdCounter, string unprefixedStartAtKey = null, string unprefixedStopAtKey = null, S3CannedACL cannedAcl = null, S3Grant grant = null, ServerSideEncryptionMethod targetEncryptionMethod = null)
{
_batchIdCounter = batchIdCounter;
Tuple <string, string, string> parsedRegionBucketAndPrefix = ParseRegionBucketAndPrefix(regionBucketAndPrefix);
Amazon.RegionEndpoint region = Amazon.RegionEndpoint.GetBySystemName(string.IsNullOrEmpty(parsedRegionBucketAndPrefix.Item1)
? GetBucketRegion(parsedRegionBucketAndPrefix.Item2)
: parsedRegionBucketAndPrefix.Item1);
_s3 = new AmazonS3Client(region);
_bucket = parsedRegionBucketAndPrefix.Item2;
_prefix = parsedRegionBucketAndPrefix.Item3;
_grant = grant;
_grantCannedAcl = cannedAcl;
_queue = new ConcurrentQueue <Batch>();
if (!string.IsNullOrEmpty(unprefixedStartAtKey))
{
_startAtKey = _prefix + unprefixedStartAtKey;
_unprefixedLeastKey = unprefixedStartAtKey;
}
else
{
_unprefixedLeastKey = string.Empty;
}
if (!string.IsNullOrEmpty(unprefixedStopAtKey))
{
_stopAtKey = _prefix + unprefixedStopAtKey;
}
_unprefixedGreatestKey = string.Empty;
_targetEncryptionMethod = targetEncryptionMethod;
}
private static async Task TestObjectACLTestAsync()
{
try
{
// Retrieve the ACL for the object.
GetACLResponse aclResponse = await client.GetACLAsync(new GetACLRequest
{
BucketName = bucketName,
Key = keyName
});
S3AccessControlList acl = aclResponse.AccessControlList;
// Retrieve the owner (we use this to re-add permissions after we clear the ACL).
Owner owner = acl.Owner;
// Clear existing grants.
acl.Grants.Clear();
// Add a grant to reset the owner's full permission (the previous clear statement removed all permissions).
S3Grant fullControlGrant = new S3Grant
{
Grantee = new S3Grantee {
CanonicalUser = owner.Id
},
Permission = S3Permission.FULL_CONTROL
};
// Describe the grant for the permission using an email address.
S3Grant grantUsingEmail = new S3Grant
{
Grantee = new S3Grantee {
EmailAddress = emailAddress
},
Permission = S3Permission.WRITE_ACP
};
acl.Grants.AddRange(new List <S3Grant> {
fullControlGrant, grantUsingEmail
});
// Set a new ACL.
PutACLResponse response = await client.PutACLAsync(new PutACLRequest
{
BucketName = bucketName,
Key = keyName,
AccessControlList = acl
});
}
catch (AmazonS3Exception amazonS3Exception)
{
Console.WriteLine("An AmazonS3Exception was thrown. Exception: " + amazonS3Exception.ToString());
}
catch (Exception e)
{
Console.WriteLine("Exception: " + e.ToString());
}
}
public async Task PutGetObjectAcl()
{
string objectKey = nameof(PutGetObjectAcl);
//Create an object
await UploadAsync(objectKey).ConfigureAwait(false);
//Get the ACL, which should be the default one (owner has ACL)
GetObjectAclResponse getResp = await ObjectClient.GetObjectAclAsync(BucketName, objectKey).ConfigureAwait(false);
Assert.True(getResp.IsSuccess);
S3Grant grant = Assert.Single(getResp.Grants);
Assert.Equal(TestConstants.TestUserId, grant.Id);
Assert.Equal(TestConstants.TestUsername, grant.Name);
Assert.Equal(Permission.FullControl, grant.Permission);
Assert.Equal(GrantType.User, grant.Type);
//Update the object to have another ACL using Canned ACLs
PutObjectAclResponse putResp = await ObjectClient.PutObjectAclAsync(BucketName, objectKey, req => req.Acl = ObjectCannedAcl.PublicReadWrite).ConfigureAwait(false);
Assert.True(putResp.IsSuccess);
GetObjectAclResponse getResp2 = await ObjectClient.GetObjectAclAsync(BucketName, objectKey).ConfigureAwait(false);
Assert.True(getResp2.IsSuccess);
Assert.Equal(TestConstants.TestUserId, getResp2.Owner.Id);
Assert.Equal(TestConstants.TestUsername, getResp2.Owner.Name);
Assert.Equal(3, getResp2.Grants.Count);
//This is the default owner ACL
S3Grant first = getResp2.Grants[0];
Assert.Equal(TestConstants.TestUserId, first.Id);
Assert.Equal(TestConstants.TestUsername, first.Name);
Assert.Equal(Permission.FullControl, first.Permission);
Assert.Equal(GrantType.User, first.Type);
//Next 2 ACLs should be READ + WRITE for AllUsers
S3Grant second = getResp2.Grants[1];
Assert.Equal("http://acs.amazonaws.com/groups/global/AllUsers", second.Uri);
Assert.Equal(Permission.Read, second.Permission);
Assert.Equal(GrantType.Group, second.Type);
S3Grant third = getResp2.Grants[2];
Assert.Equal("http://acs.amazonaws.com/groups/global/AllUsers", third.Uri);
Assert.Equal(Permission.Write, third.Permission);
Assert.Equal(GrantType.Group, third.Type);
}
public void MarshalResponse(IConfig config, GetObjectAclResponse response, IDictionary <string, string> headers, Stream responseStream)
{
response.RequestCharged = headers.ContainsKey(AmzHeaders.XAmzRequestCharged);
XmlSerializer s = new XmlSerializer(typeof(AccessControlPolicy));
using (XmlTextReader r = new XmlTextReader(responseStream))
{
r.Namespaces = true;
AccessControlPolicy aclOutput = (AccessControlPolicy)s.Deserialize(r);
if (aclOutput.Owner != null)
{
response.Owner = new S3Identity();
response.Owner.Id = aclOutput.Owner.Id;
response.Owner.Name = aclOutput.Owner.DisplayName;
}
if (aclOutput.AccessControlList?.Grants != null)
{
response.Grants = new List <S3Grant>(aclOutput.AccessControlList.Grants.Sum(x => x.Grantee.Count));
foreach (Grant grant in aclOutput.AccessControlList.Grants)
{
foreach (GranteeBase grantee in grant.Grantee)
{
S3Grant s3Grant = new S3Grant();
s3Grant.Permission = ValueHelper.ParseEnum <Permission>(grant.Permission);
if (grantee is Group grantGroup)
{
s3Grant.Uri = grantGroup.Uri;
s3Grant.Type = GrantType.Group;
}
else if (grantee is CanonicalUser grantUser)
{
s3Grant.Id = grantUser.Id;
s3Grant.Name = grantUser.DisplayName;
s3Grant.Type = GrantType.User;
}
response.Grants.Add(s3Grant);
}
}
}
else
{
response.Grants = Array.Empty <S3Grant>();
}
}
}
static void WriteObjectAcl()
{
string id = Common.InputString("Key:", null, false);
string owner = Common.InputString("Owner:", "default", false);
try
{
PutACLRequest request = new PutACLRequest
{
BucketName = _Bucket,
Key = id
};
request.Key = id;
request.AccessControlList = new S3AccessControlList();
request.AccessControlList.Owner = new Owner();
request.AccessControlList.Owner.DisplayName = owner;
request.AccessControlList.Grants = new List <S3Grant>();
S3Grant grant = new S3Grant();
S3Grantee grantee = new S3Grantee();
grantee.CanonicalUser = owner;
grantee.DisplayName = owner;
grantee.EmailAddress = owner;
grant.Grantee = grantee;
request.AccessControlList.Grants.Add(grant);
PutACLResponse response = _S3Client.PutACLAsync(request).Result;
int statusCode = (int)response.HttpStatusCode;
if (response != null)
{
Console.WriteLine("Success");
return;
}
else
{
Console.WriteLine("Failed");
return;
}
}
catch (Exception e)
{
Console.WriteLine(Common.SerializeJson(e, true));
}
}
static async Task WritingAnObjectAsync()
{
try
{
S3Grant s = new S3Grant();
s.Permission = S3Permission.READ;
S3Grantee grantee = new S3Grantee();
grantee.URI = "http://acs.amazonaws.com/groups/global/AllUsers";//(https://www.cloudconformity.com/knowledge-base/aws/S3/s3-bucket-public-read-access.html)
s.Grantee = grantee;
List <S3Grant> list = new List <S3Grant>();
list.Add(s);
var putRequest2 = new PutObjectRequest
{
BucketName = bucketName,
Key = keyName,
FilePath = filePath,
ContentType = "image/png",
Grants = list,
};
putRequest2.Metadata.Add("x-amz-meta-title", "someTitle");
PutObjectResponse response2 = await client.PutObjectAsync(putRequest2);
}
catch (AmazonS3Exception e)
{
Console.WriteLine(
"Error encountered ***. Message:'{0}' when writing an object"
, e.Message);
}
catch (System.Exception e)
{
Console.WriteLine(
"Unknown encountered on server. Message: '{0}' when writing an object", e.Message
);
}
}
static void WriteBucketAcl()
{
string id = Common.InputString("Bucket:", null, false);
string owner = Common.InputString("Owner:", "default", false);
PutACLRequest request = new PutACLRequest();
request.BucketName = id;
request.AccessControlList = new S3AccessControlList();
request.AccessControlList.Owner = new Owner();
request.AccessControlList.Owner.DisplayName = owner;
request.AccessControlList.Grants = new List <S3Grant>();
S3Grant grant = new S3Grant();
S3Grantee grantee = new S3Grantee();
grantee.CanonicalUser = owner;
grantee.DisplayName = owner;
grant.Grantee = grantee;
request.AccessControlList.Grants.Add(grant);
PutACLResponse response = _S3Client.PutACLAsync(request).Result;
int statusCode = (int)response.HttpStatusCode;
if (response != null)
{
Console.WriteLine("Success");
return;
}
else
{
Console.WriteLine("Failed");
return;
}
}
public async Task PutGetObjectAcl(S3Provider provider, string bucket, ISimpleClient client)
{
string objectKey = nameof(PutGetObjectAcl);
//Create an object
PutObjectResponse putResp1 = await client.PutObjectAsync(bucket, objectKey, null).ConfigureAwait(false);
Assert.Equal(200, putResp1.StatusCode);
//Get the ACL, which should be the default one (owner has ACL)
GetObjectAclResponse getResp = await client.GetObjectAclAsync(bucket, objectKey).ConfigureAwait(false);
Assert.Equal(200, getResp.StatusCode);
S3Grant?grant = Assert.Single(getResp.Grants);
Assert.Equal(S3Permission.FullControl, grant.Permission);
if (provider == S3Provider.AmazonS3)
{
Assert.Equal(GrantType.CanonicalUser, grant.Grantee.Type);
Assert.Equal(TestConstants.TestUserId, grant.Grantee.Id);
Assert.Equal(TestConstants.TestUsername, grant.Grantee.DisplayName);
}
//Update the object to have another ACL using Canned ACLs
PutObjectAclResponse putResp2 = await client.PutObjectAclAsync(bucket, objectKey, r => r.Acl = ObjectCannedAcl.PublicRead).ConfigureAwait(false);
Assert.Equal(200, putResp2.StatusCode);
GetObjectAclResponse getResp2 = await client.GetObjectAclAsync(bucket, objectKey).ConfigureAwait(false);
Assert.Equal(200, getResp2.StatusCode);
Assert.Equal(2, getResp2.Grants.Count);
if (provider == S3Provider.AmazonS3)
{
Assert.Equal(TestConstants.TestUserId, getResp2.Owner.Id);
Assert.Equal(TestConstants.TestUsername, getResp2.Owner.Name);
}
//This is the default owner ACL
S3Grant first = getResp2.Grants[0];
if (provider == S3Provider.AmazonS3)
{
Assert.Equal(TestConstants.TestUserId, first.Grantee.Id);
Assert.Equal(TestConstants.TestUsername, first.Grantee.DisplayName);
Assert.Equal(GrantType.CanonicalUser, first.Grantee.Type);
}
Assert.Equal(S3Permission.FullControl, first.Permission);
//Next 2 ACLs should be READ + WRITE for AllUsers
S3Grant second = getResp2.Grants[1];
Assert.Equal("http://acs.amazonaws.com/groups/global/AllUsers", second.Grantee.Uri);
Assert.Equal(S3Permission.Read, second.Permission);
Assert.Equal(GrantType.Group, second.Grantee.Type);
//if (provider == S3Provider.AmazonS3)
//{
// S3Grant third = getResp2.Grants[2];
// Assert.Equal("http://acs.amazonaws.com/groups/global/AllUsers", third.Grantee.Uri);
// Assert.Equal(S3Permission.Write, third.Permission);
// Assert.Equal(GrantType.Group, third.Grantee.Type);
//}
}
public void AclSamples()
{
{
#region PutACL Sample 1
// Create a client
AmazonS3Client client = new AmazonS3Client();
// Set Canned ACL (PublicRead) for an existing item
client.PutACL(new PutACLRequest
{
BucketName = "SampleBucket",
Key = "Item1",
CannedACL = S3CannedACL.PublicRead
});
// Set Canned ACL (PublicRead) for an existing item
// (This reverts ACL back to default for object)
client.PutACL(new PutACLRequest
{
BucketName = "SampleBucket",
Key = "Item1",
CannedACL = S3CannedACL.Private
});
#endregion
}
{
#region GetACL\PutACL Samples
// Create a client
AmazonS3Client client = new AmazonS3Client();
// Retrieve ACL for object
S3AccessControlList acl = client.GetACL(new GetACLRequest
{
BucketName = "SampleBucket",
Key = "Item1",
}).AccessControlList;
// Retrieve owner
Owner owner = acl.Owner;
// Describe grant
S3Grant grant = new S3Grant
{
Grantee = new S3Grantee {
EmailAddress = "*****@*****.**"
},
Permission = S3Permission.WRITE_ACP
};
// Create new ACL
S3AccessControlList newAcl = new S3AccessControlList
{
Grants = new List <S3Grant> {
grant
},
Owner = owner
};
// Set new ACL
PutACLResponse response = client.PutACL(new PutACLRequest
{
BucketName = "SampleBucket",
Key = "Item1",
AccessControlList = acl
});
#endregion
}
}
static async Task AddACLToExistingObjectAsync(string bucketName, string keyName)
{
// Retrieve the ACL for an object.
GetACLResponse aclResponse = await client.GetACLAsync(new GetACLRequest
{
BucketName = bucketName,
Key = keyName
});
S3AccessControlList acl = aclResponse.AccessControlList;
// Retrieve the owner.
Owner owner = acl.Owner;
// Clear existing grants.
acl.Grants.Clear();
// Add a grant to reset the owner's full permission
// (the previous clear statement removed all permissions).
S3Grant fullControlGrant = new S3Grant
{
Grantee = new S3Grantee {
CanonicalUser = acl.Owner.Id
}
};
acl.AddGrant(fullControlGrant.Grantee, S3Permission.FULL_CONTROL);
// Specify email to identify grantee for granting permissions.
S3Grant grantUsingEmail = new S3Grant
{
Grantee = new S3Grantee {
EmailAddress = emailAddress
},
Permission = S3Permission.WRITE_ACP
};
// Specify log delivery group as grantee.
S3Grant grantLogDeliveryGroup = new S3Grant
{
Grantee = new S3Grantee {
URI = "http://acs.amazonaws.com/groups/s3/LogDelivery"
},
Permission = S3Permission.WRITE
};
// Create a new ACL.
S3AccessControlList newAcl = new S3AccessControlList
{
Grants = new List <S3Grant> {
grantUsingEmail, grantLogDeliveryGroup
},
Owner = owner
};
// Set the new ACL.
PutACLResponse response = await client.PutACLAsync(new PutACLRequest
{
BucketName = bucketName,
Key = keyName,
AccessControlList = newAcl
});
}
public void AWSClientWithBasicCredentialsTest()
{
AWS.LoadAWSBasicCredentials(_region, _accessKey, _secretKey);
#region S3
string bucketName = "awssimpletclienttest-s3bucket";
//Create Bucket
var grant = new S3Grant()
{
Permission = S3Permission.FULL_CONTROL,
Grantee = new S3Grantee {
EmailAddress = _testEmail
}
};
var putBucketResponse = AWS.S3.PutBucketAsync(new PutBucketRequest()
{
BucketName = bucketName,
BucketRegion = S3Region.APS1,
BucketRegionName = "ap-southeast-1",
Grants = new List <S3Grant>()
{
grant
},
}).GetAwaiter().GetResult();
Assert.IsNotNull(putBucketResponse);
Assert.IsTrue(putBucketResponse.HttpStatusCode == System.Net.HttpStatusCode.OK || putBucketResponse.HttpStatusCode == System.Net.HttpStatusCode.Accepted);
//Delete Bucket
var deleteBucketResponse = AWS.S3.DeleteBucketAsync(new DeleteBucketRequest()
{
BucketName = bucketName,
BucketRegion = S3Region.APS1,
UseClientRegion = true,
}).GetAwaiter().GetResult();
Assert.IsNotNull(deleteBucketResponse);
#endregion
#region DynamoDB
string tableName = "AWSSimpleClientDynamoTableTest";
string hashKey = "Name";
//Create Table
var createTableResponse = AWS.DynamoDB.CreateTableAsync(new CreateTableRequest()
{
TableName = tableName,
ProvisionedThroughput = new ProvisionedThroughput
{
ReadCapacityUnits = 3,
WriteCapacityUnits = 1
},
KeySchema = new List <KeySchemaElement>
{
new KeySchemaElement
{
AttributeName = hashKey,
KeyType = KeyType.HASH
}
},
AttributeDefinitions = new List <AttributeDefinition>
{
new AttributeDefinition {
AttributeName = hashKey,
AttributeType = ScalarAttributeType.S
}
}
}).GetAwaiter().GetResult();
Assert.IsNotNull(createTableResponse);
Assert.IsTrue(createTableResponse.HttpStatusCode == System.Net.HttpStatusCode.OK);
Thread.Sleep(15000);
//Delete Table
var deleteTableResponse = AWS.DynamoDB.DeleteTableAsync(new DeleteTableRequest()
{
TableName = tableName,
}).GetAwaiter().GetResult();
Assert.IsNotNull(deleteTableResponse);
Assert.IsTrue(deleteTableResponse.HttpStatusCode == System.Net.HttpStatusCode.OK);
#endregion
}
