/// <summary> /// Constructs a new empty BucketObjectsWindow. /// </summary> /// <param name="regionBucketAndPrefix">The region, bucket, and prefix, in the following form: [region:]bucket/prefix.</param> /// <param name="batchIdCounter">The <see cref="BatchIdCounter"/> for this window.</param> /// <param name="unprefixedStartAtKey">The key to start at or <b>null</b> to start at the beginning.</param> /// <param name="unprefixedStopAtKey">The key to stop at or <b>null</b> to start at the beginning.</param> /// <param name="cannedAcl">A <see cref="S3CannedACL"/> to use for the target file.</param> /// <param name="grant">A <see cref="S3Grant"/> indicating rights grants to apply to the target file.</param> public BucketObjectsWindow(string regionBucketAndPrefix, BatchIdCounter batchIdCounter, string unprefixedStartAtKey = null, string unprefixedStopAtKey = null, S3CannedACL cannedAcl = null, S3Grant grant = null, ServerSideEncryptionMethod targetEncryptionMethod = null) { _batchIdCounter = batchIdCounter; Tuple <string, string, string> parsedRegionBucketAndPrefix = ParseRegionBucketAndPrefix(regionBucketAndPrefix); Amazon.RegionEndpoint region = Amazon.RegionEndpoint.GetBySystemName(string.IsNullOrEmpty(parsedRegionBucketAndPrefix.Item1) ? GetBucketRegion(parsedRegionBucketAndPrefix.Item2) : parsedRegionBucketAndPrefix.Item1); _s3 = new AmazonS3Client(region); _bucket = parsedRegionBucketAndPrefix.Item2; _prefix = parsedRegionBucketAndPrefix.Item3; _grant = grant; _grantCannedAcl = cannedAcl; _queue = new ConcurrentQueue <Batch>(); if (!string.IsNullOrEmpty(unprefixedStartAtKey)) { _startAtKey = _prefix + unprefixedStartAtKey; _unprefixedLeastKey = unprefixedStartAtKey; } else { _unprefixedLeastKey = string.Empty; } if (!string.IsNullOrEmpty(unprefixedStopAtKey)) { _stopAtKey = _prefix + unprefixedStopAtKey; } _unprefixedGreatestKey = string.Empty; _targetEncryptionMethod = targetEncryptionMethod; }
private static async Task TestObjectACLTestAsync() { try { // Retrieve the ACL for the object. GetACLResponse aclResponse = await client.GetACLAsync(new GetACLRequest { BucketName = bucketName, Key = keyName }); S3AccessControlList acl = aclResponse.AccessControlList; // Retrieve the owner (we use this to re-add permissions after we clear the ACL). Owner owner = acl.Owner; // Clear existing grants. acl.Grants.Clear(); // Add a grant to reset the owner's full permission (the previous clear statement removed all permissions). S3Grant fullControlGrant = new S3Grant { Grantee = new S3Grantee { CanonicalUser = owner.Id }, Permission = S3Permission.FULL_CONTROL }; // Describe the grant for the permission using an email address. S3Grant grantUsingEmail = new S3Grant { Grantee = new S3Grantee { EmailAddress = emailAddress }, Permission = S3Permission.WRITE_ACP }; acl.Grants.AddRange(new List <S3Grant> { fullControlGrant, grantUsingEmail }); // Set a new ACL. PutACLResponse response = await client.PutACLAsync(new PutACLRequest { BucketName = bucketName, Key = keyName, AccessControlList = acl }); } catch (AmazonS3Exception amazonS3Exception) { Console.WriteLine("An AmazonS3Exception was thrown. Exception: " + amazonS3Exception.ToString()); } catch (Exception e) { Console.WriteLine("Exception: " + e.ToString()); } }
public async Task PutGetObjectAcl() { string objectKey = nameof(PutGetObjectAcl); //Create an object await UploadAsync(objectKey).ConfigureAwait(false); //Get the ACL, which should be the default one (owner has ACL) GetObjectAclResponse getResp = await ObjectClient.GetObjectAclAsync(BucketName, objectKey).ConfigureAwait(false); Assert.True(getResp.IsSuccess); S3Grant grant = Assert.Single(getResp.Grants); Assert.Equal(TestConstants.TestUserId, grant.Id); Assert.Equal(TestConstants.TestUsername, grant.Name); Assert.Equal(Permission.FullControl, grant.Permission); Assert.Equal(GrantType.User, grant.Type); //Update the object to have another ACL using Canned ACLs PutObjectAclResponse putResp = await ObjectClient.PutObjectAclAsync(BucketName, objectKey, req => req.Acl = ObjectCannedAcl.PublicReadWrite).ConfigureAwait(false); Assert.True(putResp.IsSuccess); GetObjectAclResponse getResp2 = await ObjectClient.GetObjectAclAsync(BucketName, objectKey).ConfigureAwait(false); Assert.True(getResp2.IsSuccess); Assert.Equal(TestConstants.TestUserId, getResp2.Owner.Id); Assert.Equal(TestConstants.TestUsername, getResp2.Owner.Name); Assert.Equal(3, getResp2.Grants.Count); //This is the default owner ACL S3Grant first = getResp2.Grants[0]; Assert.Equal(TestConstants.TestUserId, first.Id); Assert.Equal(TestConstants.TestUsername, first.Name); Assert.Equal(Permission.FullControl, first.Permission); Assert.Equal(GrantType.User, first.Type); //Next 2 ACLs should be READ + WRITE for AllUsers S3Grant second = getResp2.Grants[1]; Assert.Equal("http://acs.amazonaws.com/groups/global/AllUsers", second.Uri); Assert.Equal(Permission.Read, second.Permission); Assert.Equal(GrantType.Group, second.Type); S3Grant third = getResp2.Grants[2]; Assert.Equal("http://acs.amazonaws.com/groups/global/AllUsers", third.Uri); Assert.Equal(Permission.Write, third.Permission); Assert.Equal(GrantType.Group, third.Type); }
public void MarshalResponse(IConfig config, GetObjectAclResponse response, IDictionary <string, string> headers, Stream responseStream) { response.RequestCharged = headers.ContainsKey(AmzHeaders.XAmzRequestCharged); XmlSerializer s = new XmlSerializer(typeof(AccessControlPolicy)); using (XmlTextReader r = new XmlTextReader(responseStream)) { r.Namespaces = true; AccessControlPolicy aclOutput = (AccessControlPolicy)s.Deserialize(r); if (aclOutput.Owner != null) { response.Owner = new S3Identity(); response.Owner.Id = aclOutput.Owner.Id; response.Owner.Name = aclOutput.Owner.DisplayName; } if (aclOutput.AccessControlList?.Grants != null) { response.Grants = new List <S3Grant>(aclOutput.AccessControlList.Grants.Sum(x => x.Grantee.Count)); foreach (Grant grant in aclOutput.AccessControlList.Grants) { foreach (GranteeBase grantee in grant.Grantee) { S3Grant s3Grant = new S3Grant(); s3Grant.Permission = ValueHelper.ParseEnum <Permission>(grant.Permission); if (grantee is Group grantGroup) { s3Grant.Uri = grantGroup.Uri; s3Grant.Type = GrantType.Group; } else if (grantee is CanonicalUser grantUser) { s3Grant.Id = grantUser.Id; s3Grant.Name = grantUser.DisplayName; s3Grant.Type = GrantType.User; } response.Grants.Add(s3Grant); } } } else { response.Grants = Array.Empty <S3Grant>(); } } }
static void WriteObjectAcl() { string id = Common.InputString("Key:", null, false); string owner = Common.InputString("Owner:", "default", false); try { PutACLRequest request = new PutACLRequest { BucketName = _Bucket, Key = id }; request.Key = id; request.AccessControlList = new S3AccessControlList(); request.AccessControlList.Owner = new Owner(); request.AccessControlList.Owner.DisplayName = owner; request.AccessControlList.Grants = new List <S3Grant>(); S3Grant grant = new S3Grant(); S3Grantee grantee = new S3Grantee(); grantee.CanonicalUser = owner; grantee.DisplayName = owner; grantee.EmailAddress = owner; grant.Grantee = grantee; request.AccessControlList.Grants.Add(grant); PutACLResponse response = _S3Client.PutACLAsync(request).Result; int statusCode = (int)response.HttpStatusCode; if (response != null) { Console.WriteLine("Success"); return; } else { Console.WriteLine("Failed"); return; } } catch (Exception e) { Console.WriteLine(Common.SerializeJson(e, true)); } }
static async Task WritingAnObjectAsync() { try { S3Grant s = new S3Grant(); s.Permission = S3Permission.READ; S3Grantee grantee = new S3Grantee(); grantee.URI = "http://acs.amazonaws.com/groups/global/AllUsers";//(https://www.cloudconformity.com/knowledge-base/aws/S3/s3-bucket-public-read-access.html) s.Grantee = grantee; List <S3Grant> list = new List <S3Grant>(); list.Add(s); var putRequest2 = new PutObjectRequest { BucketName = bucketName, Key = keyName, FilePath = filePath, ContentType = "image/png", Grants = list, }; putRequest2.Metadata.Add("x-amz-meta-title", "someTitle"); PutObjectResponse response2 = await client.PutObjectAsync(putRequest2); } catch (AmazonS3Exception e) { Console.WriteLine( "Error encountered ***. Message:'{0}' when writing an object" , e.Message); } catch (System.Exception e) { Console.WriteLine( "Unknown encountered on server. Message: '{0}' when writing an object", e.Message ); } }
static void WriteBucketAcl() { string id = Common.InputString("Bucket:", null, false); string owner = Common.InputString("Owner:", "default", false); PutACLRequest request = new PutACLRequest(); request.BucketName = id; request.AccessControlList = new S3AccessControlList(); request.AccessControlList.Owner = new Owner(); request.AccessControlList.Owner.DisplayName = owner; request.AccessControlList.Grants = new List <S3Grant>(); S3Grant grant = new S3Grant(); S3Grantee grantee = new S3Grantee(); grantee.CanonicalUser = owner; grantee.DisplayName = owner; grant.Grantee = grantee; request.AccessControlList.Grants.Add(grant); PutACLResponse response = _S3Client.PutACLAsync(request).Result; int statusCode = (int)response.HttpStatusCode; if (response != null) { Console.WriteLine("Success"); return; } else { Console.WriteLine("Failed"); return; } }
public async Task PutGetObjectAcl(S3Provider provider, string bucket, ISimpleClient client) { string objectKey = nameof(PutGetObjectAcl); //Create an object PutObjectResponse putResp1 = await client.PutObjectAsync(bucket, objectKey, null).ConfigureAwait(false); Assert.Equal(200, putResp1.StatusCode); //Get the ACL, which should be the default one (owner has ACL) GetObjectAclResponse getResp = await client.GetObjectAclAsync(bucket, objectKey).ConfigureAwait(false); Assert.Equal(200, getResp.StatusCode); S3Grant?grant = Assert.Single(getResp.Grants); Assert.Equal(S3Permission.FullControl, grant.Permission); if (provider == S3Provider.AmazonS3) { Assert.Equal(GrantType.CanonicalUser, grant.Grantee.Type); Assert.Equal(TestConstants.TestUserId, grant.Grantee.Id); Assert.Equal(TestConstants.TestUsername, grant.Grantee.DisplayName); } //Update the object to have another ACL using Canned ACLs PutObjectAclResponse putResp2 = await client.PutObjectAclAsync(bucket, objectKey, r => r.Acl = ObjectCannedAcl.PublicRead).ConfigureAwait(false); Assert.Equal(200, putResp2.StatusCode); GetObjectAclResponse getResp2 = await client.GetObjectAclAsync(bucket, objectKey).ConfigureAwait(false); Assert.Equal(200, getResp2.StatusCode); Assert.Equal(2, getResp2.Grants.Count); if (provider == S3Provider.AmazonS3) { Assert.Equal(TestConstants.TestUserId, getResp2.Owner.Id); Assert.Equal(TestConstants.TestUsername, getResp2.Owner.Name); } //This is the default owner ACL S3Grant first = getResp2.Grants[0]; if (provider == S3Provider.AmazonS3) { Assert.Equal(TestConstants.TestUserId, first.Grantee.Id); Assert.Equal(TestConstants.TestUsername, first.Grantee.DisplayName); Assert.Equal(GrantType.CanonicalUser, first.Grantee.Type); } Assert.Equal(S3Permission.FullControl, first.Permission); //Next 2 ACLs should be READ + WRITE for AllUsers S3Grant second = getResp2.Grants[1]; Assert.Equal("http://acs.amazonaws.com/groups/global/AllUsers", second.Grantee.Uri); Assert.Equal(S3Permission.Read, second.Permission); Assert.Equal(GrantType.Group, second.Grantee.Type); //if (provider == S3Provider.AmazonS3) //{ // S3Grant third = getResp2.Grants[2]; // Assert.Equal("http://acs.amazonaws.com/groups/global/AllUsers", third.Grantee.Uri); // Assert.Equal(S3Permission.Write, third.Permission); // Assert.Equal(GrantType.Group, third.Grantee.Type); //} }
public void AclSamples() { { #region PutACL Sample 1 // Create a client AmazonS3Client client = new AmazonS3Client(); // Set Canned ACL (PublicRead) for an existing item client.PutACL(new PutACLRequest { BucketName = "SampleBucket", Key = "Item1", CannedACL = S3CannedACL.PublicRead }); // Set Canned ACL (PublicRead) for an existing item // (This reverts ACL back to default for object) client.PutACL(new PutACLRequest { BucketName = "SampleBucket", Key = "Item1", CannedACL = S3CannedACL.Private }); #endregion } { #region GetACL\PutACL Samples // Create a client AmazonS3Client client = new AmazonS3Client(); // Retrieve ACL for object S3AccessControlList acl = client.GetACL(new GetACLRequest { BucketName = "SampleBucket", Key = "Item1", }).AccessControlList; // Retrieve owner Owner owner = acl.Owner; // Describe grant S3Grant grant = new S3Grant { Grantee = new S3Grantee { EmailAddress = "*****@*****.**" }, Permission = S3Permission.WRITE_ACP }; // Create new ACL S3AccessControlList newAcl = new S3AccessControlList { Grants = new List <S3Grant> { grant }, Owner = owner }; // Set new ACL PutACLResponse response = client.PutACL(new PutACLRequest { BucketName = "SampleBucket", Key = "Item1", AccessControlList = acl }); #endregion } }
static async Task AddACLToExistingObjectAsync(string bucketName, string keyName) { // Retrieve the ACL for an object. GetACLResponse aclResponse = await client.GetACLAsync(new GetACLRequest { BucketName = bucketName, Key = keyName }); S3AccessControlList acl = aclResponse.AccessControlList; // Retrieve the owner. Owner owner = acl.Owner; // Clear existing grants. acl.Grants.Clear(); // Add a grant to reset the owner's full permission // (the previous clear statement removed all permissions). S3Grant fullControlGrant = new S3Grant { Grantee = new S3Grantee { CanonicalUser = acl.Owner.Id } }; acl.AddGrant(fullControlGrant.Grantee, S3Permission.FULL_CONTROL); // Specify email to identify grantee for granting permissions. S3Grant grantUsingEmail = new S3Grant { Grantee = new S3Grantee { EmailAddress = emailAddress }, Permission = S3Permission.WRITE_ACP }; // Specify log delivery group as grantee. S3Grant grantLogDeliveryGroup = new S3Grant { Grantee = new S3Grantee { URI = "http://acs.amazonaws.com/groups/s3/LogDelivery" }, Permission = S3Permission.WRITE }; // Create a new ACL. S3AccessControlList newAcl = new S3AccessControlList { Grants = new List <S3Grant> { grantUsingEmail, grantLogDeliveryGroup }, Owner = owner }; // Set the new ACL. PutACLResponse response = await client.PutACLAsync(new PutACLRequest { BucketName = bucketName, Key = keyName, AccessControlList = newAcl }); }
public void AWSClientWithBasicCredentialsTest() { AWS.LoadAWSBasicCredentials(_region, _accessKey, _secretKey); #region S3 string bucketName = "awssimpletclienttest-s3bucket"; //Create Bucket var grant = new S3Grant() { Permission = S3Permission.FULL_CONTROL, Grantee = new S3Grantee { EmailAddress = _testEmail } }; var putBucketResponse = AWS.S3.PutBucketAsync(new PutBucketRequest() { BucketName = bucketName, BucketRegion = S3Region.APS1, BucketRegionName = "ap-southeast-1", Grants = new List <S3Grant>() { grant }, }).GetAwaiter().GetResult(); Assert.IsNotNull(putBucketResponse); Assert.IsTrue(putBucketResponse.HttpStatusCode == System.Net.HttpStatusCode.OK || putBucketResponse.HttpStatusCode == System.Net.HttpStatusCode.Accepted); //Delete Bucket var deleteBucketResponse = AWS.S3.DeleteBucketAsync(new DeleteBucketRequest() { BucketName = bucketName, BucketRegion = S3Region.APS1, UseClientRegion = true, }).GetAwaiter().GetResult(); Assert.IsNotNull(deleteBucketResponse); #endregion #region DynamoDB string tableName = "AWSSimpleClientDynamoTableTest"; string hashKey = "Name"; //Create Table var createTableResponse = AWS.DynamoDB.CreateTableAsync(new CreateTableRequest() { TableName = tableName, ProvisionedThroughput = new ProvisionedThroughput { ReadCapacityUnits = 3, WriteCapacityUnits = 1 }, KeySchema = new List <KeySchemaElement> { new KeySchemaElement { AttributeName = hashKey, KeyType = KeyType.HASH } }, AttributeDefinitions = new List <AttributeDefinition> { new AttributeDefinition { AttributeName = hashKey, AttributeType = ScalarAttributeType.S } } }).GetAwaiter().GetResult(); Assert.IsNotNull(createTableResponse); Assert.IsTrue(createTableResponse.HttpStatusCode == System.Net.HttpStatusCode.OK); Thread.Sleep(15000); //Delete Table var deleteTableResponse = AWS.DynamoDB.DeleteTableAsync(new DeleteTableRequest() { TableName = tableName, }).GetAwaiter().GetResult(); Assert.IsNotNull(deleteTableResponse); Assert.IsTrue(deleteTableResponse.HttpStatusCode == System.Net.HttpStatusCode.OK); #endregion }