public override async Task ActivatingAsync()
{
if (_options.CreateBucket &&
_shellSettings.State != Environment.Shell.Models.TenantState.Uninitialized &&
!String.IsNullOrEmpty(_options.BucketName))
{
_logger.LogDebug("Testing Amazon S3 Bucket {BucketName} existence", _options.BucketName);
try
{
var isBucketExists = await AmazonS3Util.DoesS3BucketExistV2Async(_amazonS3Client, _options.BucketName);
if (isBucketExists)
{
_logger.LogInformation("Amazon S3 Bucket {BucketName} already exists.", _options.BucketName);
return;
}
var bucketRequest = new PutBucketRequest
{
BucketName = _options.BucketName,
UseClientRegion = true
};
// Tying to create bucket
var response = await _amazonS3Client.PutBucketAsync(bucketRequest);
if (!response.IsSuccessful())
{
_logger.LogError("Unable to create Amazon S3 Bucket. {Response}", response);
return;
}
// Blocking public access for the newly created bucket.
var blockConfiguration = new PublicAccessBlockConfiguration
{
BlockPublicAcls = true,
BlockPublicPolicy = true,
IgnorePublicAcls = true,
RestrictPublicBuckets = true
};
await _amazonS3Client.PutPublicAccessBlockAsync(new PutPublicAccessBlockRequest
{
PublicAccessBlockConfiguration = blockConfiguration,
BucketName = _options.BucketName
});
_logger.LogDebug("Amazon S3 Bucket {BucketName} created.", _options.BucketName);
}
catch (Exception e)
{
_logger.LogError(e, "Unable to create Amazon S3 Bucket.");
}
}
}
/// <summary>
/// Method creates new bucket in S3
/// </summary>
/// <param name="bucketName">Name of the bucket</param>
/// <param name="disablePublicAccess">Set to true if you want to disable public access to your bucket, set to false if you want to enable public access to your bucket</param>
public void CreateBucket(string bucketName, bool disablePublicAccess = true)
{
if (string.IsNullOrEmpty(bucketName))
{
throw new ArgumentNullException(nameof(bucketName));
}
PutBucketRequest s3PutBucketRequest = new PutBucketRequest();
s3PutBucketRequest.BucketName = bucketName;
s3PutBucketRequest.UseClientRegion = true;
try
{
using (Task <PutBucketResponse> s3PutBucketResponse = _client.PutBucketAsync(s3PutBucketRequest))
{
Console.WriteLine($"HTTP status code : {s3PutBucketResponse.Result.HttpStatusCode}");
PublicAccessBlockConfiguration s3PublicAccessBlockConfiguration = new PublicAccessBlockConfiguration();
s3PublicAccessBlockConfiguration.BlockPublicAcls = true;
s3PublicAccessBlockConfiguration.BlockPublicPolicy = true;
s3PublicAccessBlockConfiguration.IgnorePublicAcls = true;
s3PublicAccessBlockConfiguration.RestrictPublicBuckets = true;
PutPublicAccessBlockRequest s3PublicAccessBlockRequest = new PutPublicAccessBlockRequest();
s3PublicAccessBlockRequest.BucketName = bucketName;
s3PublicAccessBlockRequest.PublicAccessBlockConfiguration = s3PublicAccessBlockConfiguration;
using (Task <PutPublicAccessBlockResponse> s3PutPublicAccessBlockResponse = _client.PutPublicAccessBlockAsync(s3PublicAccessBlockRequest))
{
Console.WriteLine($"HTTP status code : {s3PutPublicAccessBlockResponse.Result.HttpStatusCode}");
}
}
}
catch (System.AggregateException ex)
{
if (ex.InnerException != null)
{
Console.WriteLine($"Message: {ex.InnerException.Message}");
}
}
}
private PutPublicAccessBlockResponse Call_PutPublicAccessBlock(IAmazonS3 client, string bucketName, out PublicAccessBlockConfiguration configuration)
{
configuration = new PublicAccessBlockConfiguration
{
BlockPublicAcls = true,
BlockPublicPolicy = true,
IgnorePublicAcls = true,
RestrictPublicBuckets = true
};
PutPublicAccessBlockRequest putRequest = new PutPublicAccessBlockRequest
{
BucketName = bucketName,
PublicAccessBlockConfiguration = configuration
};
var putResponse = client.PutPublicAccessBlock(putRequest);
Assert.AreEqual(true, putResponse.HttpStatusCode == HttpStatusCode.OK);
return(putResponse);
}
public void TestGetPublicAccessBlock()
{
string[] testProperties =
{
nameof(PublicAccessBlockConfiguration.BlockPublicAcls),
nameof(PublicAccessBlockConfiguration.BlockPublicPolicy),
nameof(PublicAccessBlockConfiguration.IgnorePublicAcls),
nameof(PublicAccessBlockConfiguration.RestrictPublicBuckets)
};
//Set each property in PublicAccessBlockConfiguration, do the put, then do the get to test that the value was set.
foreach (string propertyName in testProperties)
{
var configuration = new PublicAccessBlockConfiguration
{
BlockPublicAcls = false,
BlockPublicPolicy = false,
IgnorePublicAcls = false,
RestrictPublicBuckets = false
};
var putRequest = new PutPublicAccessBlockRequest
{
BucketName = bucketName,
PublicAccessBlockConfiguration = configuration
};
System.Reflection.PropertyInfo property = putRequest.PublicAccessBlockConfiguration.GetType().GetProperty(propertyName);
property.SetValue(configuration, true);
var putResponse = Client.PutPublicAccessBlock(putRequest);
Assert.AreEqual(true, putResponse.HttpStatusCode == HttpStatusCode.OK);
Call_GetPublicAccessBlock(Client, bucketName, configuration);
}
}
private GetPublicAccessBlockResponse Call_GetPublicAccessBlock(IAmazonS3 client, string bucketName, PublicAccessBlockConfiguration expectedConfiguration)
{
var getRequest = new GetPublicAccessBlockRequest
{
BucketName = bucketName
};
if (expectedConfiguration == null)
{
//If expectedConfiguration is null then we want GetPublicAccessBlock to throw an exception because the configuration was removed.
//Wait until the configuration was removed / until an exception is thrown.
UtilityMethods.WaitUntilException(() =>
{
client.GetPublicAccessBlock(getRequest);
});
Assert.Fail("An expected exception was not thrown");
}
var getResponse = S3TestUtils.WaitForConsistency(() =>
{
var res = client.GetPublicAccessBlock(getRequest);
return(res.HttpStatusCode == HttpStatusCode.OK &&
expectedConfiguration.BlockPublicAcls == res.PublicAccessBlockConfiguration.BlockPublicAcls &&
expectedConfiguration.BlockPublicPolicy == res.PublicAccessBlockConfiguration.BlockPublicPolicy &&
expectedConfiguration.IgnorePublicAcls == res.PublicAccessBlockConfiguration.IgnorePublicAcls &&
expectedConfiguration.RestrictPublicBuckets == res.PublicAccessBlockConfiguration.RestrictPublicBuckets ? res : null);
});
Assert.AreEqual(expectedConfiguration.BlockPublicAcls, getResponse.PublicAccessBlockConfiguration.BlockPublicAcls);
Assert.AreEqual(expectedConfiguration.BlockPublicPolicy, getResponse.PublicAccessBlockConfiguration.BlockPublicPolicy);
Assert.AreEqual(expectedConfiguration.IgnorePublicAcls, getResponse.PublicAccessBlockConfiguration.IgnorePublicAcls);
Assert.AreEqual(expectedConfiguration.RestrictPublicBuckets, getResponse.PublicAccessBlockConfiguration.RestrictPublicBuckets);
return(getResponse);
}
private GetPublicAccessBlockResponse Call_GetPublicAccessBlock(IAmazonS3 client, string bucketName, PublicAccessBlockConfiguration expectedConfiguration)
{
var getRequest = new GetPublicAccessBlockRequest
{
BucketName = bucketName
};
GetPublicAccessBlockResponse getResponse = null;
var sleeper = new UtilityMethods.ListSleeper(500, 1000, 2000, 5000, 10000, 15000);
UtilityMethods.WaitUntil(() =>
{
getResponse = client.GetPublicAccessBlock(getRequest);
if (expectedConfiguration == null)
{
//If expectedConfiguration is null then we want GetPublicAccessBlock to throw an exception because the configuration was removed.
//Wait until the configuration was removed / until an exception is thrown.
return(false);
}
return(getResponse.HttpStatusCode == HttpStatusCode.OK &&
expectedConfiguration.BlockPublicAcls == getResponse.PublicAccessBlockConfiguration.BlockPublicAcls &&
expectedConfiguration.BlockPublicPolicy == getResponse.PublicAccessBlockConfiguration.BlockPublicPolicy &&
expectedConfiguration.IgnorePublicAcls == getResponse.PublicAccessBlockConfiguration.IgnorePublicAcls &&
expectedConfiguration.RestrictPublicBuckets == getResponse.PublicAccessBlockConfiguration.RestrictPublicBuckets);
}, sleeper, 30);
Assert.AreEqual(true, getResponse != null && getResponse.HttpStatusCode == HttpStatusCode.OK);
Assert.AreEqual(expectedConfiguration.BlockPublicAcls, getResponse.PublicAccessBlockConfiguration.BlockPublicAcls);
Assert.AreEqual(expectedConfiguration.BlockPublicPolicy, getResponse.PublicAccessBlockConfiguration.BlockPublicPolicy);
Assert.AreEqual(expectedConfiguration.IgnorePublicAcls, getResponse.PublicAccessBlockConfiguration.IgnorePublicAcls);
Assert.AreEqual(expectedConfiguration.RestrictPublicBuckets, getResponse.PublicAccessBlockConfiguration.RestrictPublicBuckets);
return(getResponse);
}
