yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/google/bucketacl.go (about) 1 // Copyright 2019 Yunion 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package google 16 17 import ( 18 "fmt" 19 "net/url" 20 21 "cloud.google.com/go/storage" 22 23 "yunion.io/x/jsonutils" 24 "yunion.io/x/pkg/errors" 25 26 "yunion.io/x/cloudmux/pkg/cloudprovider" 27 ) 28 29 type GCSAcl struct { 30 Kind string 31 Id string 32 SelfLink string 33 Bucket string 34 Entity string 35 Role string 36 Etag string 37 ProjectTeam map[string]string 38 } 39 40 func (region *SRegion) GetBucketAcl(bucket string) ([]GCSAcl, error) { 41 resource := fmt.Sprintf("b/%s/acl", bucket) 42 acls := []GCSAcl{} 43 err := region.StorageListAll(resource, map[string]string{}, &acls) 44 if err != nil { 45 return nil, errors.Wrapf(err, "StorageListAll(%s)", resource) 46 } 47 return acls, nil 48 } 49 50 func (region *SRegion) SetObjectAcl(bucket, object string, cannedAcl cloudprovider.TBucketACLType) error { 51 resource := fmt.Sprintf("b/%s/o/%s", bucket, url.PathEscape(object)) 52 acl := map[string]string{} 53 switch cannedAcl { 54 case cloudprovider.ACLPrivate: 55 acls, err := region.GetObjectAcl(bucket, object) 56 if err != nil { 57 return errors.Wrap(err, "GetObjectAcl") 58 } 59 for _, _acl := range acls { 60 if _acl.Entity == string(storage.AllUsers) || _acl.Entity == string(storage.AllAuthenticatedUsers) { 61 resource := fmt.Sprintf("b/%s/o/%s/acl/%s", bucket, url.PathEscape(object), _acl.Entity) 62 err = region.StorageDelete(resource) 63 if err != nil { 64 return errors.Wrapf(err, "StorageDelete(%s)", resource) 65 } 66 } 67 } 68 return nil 69 case cloudprovider.ACLAuthRead: 70 acl["entity"] = "allAuthenticatedUsers" 71 acl["role"] = "READER" 72 case cloudprovider.ACLPublicRead: 73 acl["entity"] = "allUsers" 74 acl["role"] = "READER" 75 case cloudprovider.ACLPublicReadWrite: 76 acl["entity"] = "allUsers" 77 acl["role"] = "OWNER" 78 } 79 body := jsonutils.Marshal(acl) 80 return region.StorageDo(resource, "acl", nil, body) 81 } 82 83 type BindingCondition struct { 84 Title string 85 Description string 86 Expression string 87 } 88 89 type SBucketBinding struct { 90 Role string 91 Members []string 92 Condition BindingCondition 93 } 94 95 type SBucketIam struct { 96 Version int 97 Kind string 98 ResourceId string 99 Bindings []SBucketBinding 100 Etag string 101 } 102 103 func (region *SRegion) GetBucketIam(bucket string) (*SBucketIam, error) { 104 resource := fmt.Sprintf("b/%s/iam", bucket) 105 iam := SBucketIam{} 106 err := region.StorageGet(resource, &iam) 107 if err != nil { 108 return nil, errors.Wrapf(err, "StorageListAll(%s)", resource) 109 } 110 return &iam, nil 111 } 112 113 func (region *SRegion) SetBucketIam(bucket string, iam *SBucketIam) (*SBucketIam, error) { 114 resource := fmt.Sprintf("b/%s/iam", bucket) 115 ret := SBucketIam{} 116 err := region.StoragePut(resource, jsonutils.Marshal(iam), &ret) 117 if err != nil { 118 return nil, errors.Wrapf(err, "StoragePut(%s)", resource) 119 } 120 return &ret, nil 121 } 122 123 func (region *SRegion) GetObjectAcl(bucket string, object string) ([]GCSAcl, error) { 124 resource := fmt.Sprintf("b/%s/o/%s/acl", bucket, url.PathEscape(object)) 125 acls := []GCSAcl{} 126 err := region.StorageListAll(resource, map[string]string{}, &acls) 127 if err != nil { 128 return nil, errors.Wrapf(err, "StorageListAll(%s)", resource) 129 } 130 return acls, nil 131 }