Examples with Owner com.amazonaws.services.s3.model.Owner used on opensource projects

Example 11 with Owner

use of com.amazonaws.services.s3.model.Owner in project nifi by apache.

the class AbstractS3Processor method createACL.

/**
 * Create AccessControlList if appropriate properties are configured.
 *
 * @param context ProcessContext
 * @param flowFile FlowFile
 * @return AccessControlList or null if no ACL properties were specified
 */
protected final AccessControlList createACL(final ProcessContext context, final FlowFile flowFile) {
    // lazy-initialize ACL, as it should not be used if no properties were specified
    AccessControlList acl = null;
    final String ownerId = context.getProperty(OWNER).evaluateAttributeExpressions(flowFile).getValue();
    if (!StringUtils.isEmpty(ownerId)) {
        final Owner owner = new Owner();
        owner.setId(ownerId);
        if (acl == null) {
            acl = new AccessControlList();
        }
        acl.setOwner(owner);
    }
    for (final Grantee grantee : createGrantees(context.getProperty(FULL_CONTROL_USER_LIST).evaluateAttributeExpressions(flowFile).getValue())) {
        if (acl == null) {
            acl = new AccessControlList();
        }
        acl.grantPermission(grantee, Permission.FullControl);
    }
    for (final Grantee grantee : createGrantees(context.getProperty(READ_USER_LIST).evaluateAttributeExpressions(flowFile).getValue())) {
        if (acl == null) {
            acl = new AccessControlList();
        }
        acl.grantPermission(grantee, Permission.Read);
    }
    for (final Grantee grantee : createGrantees(context.getProperty(WRITE_USER_LIST).evaluateAttributeExpressions(flowFile).getValue())) {
        if (acl == null) {
            acl = new AccessControlList();
        }
        acl.grantPermission(grantee, Permission.Write);
    }
    for (final Grantee grantee : createGrantees(context.getProperty(READ_ACL_LIST).evaluateAttributeExpressions(flowFile).getValue())) {
        if (acl == null) {
            acl = new AccessControlList();
        }
        acl.grantPermission(grantee, Permission.ReadAcp);
    }
    for (final Grantee grantee : createGrantees(context.getProperty(WRITE_ACL_LIST).evaluateAttributeExpressions(flowFile).getValue())) {
        if (acl == null) {
            acl = new AccessControlList();
        }
        acl.grantPermission(grantee, Permission.WriteAcp);
    }
    return acl;
}

Example 12 with Owner

use of com.amazonaws.services.s3.model.Owner in project nifi by apache.

the class ListS3 method onTrigger.

@Override
public void onTrigger(final ProcessContext context, final ProcessSession session) {
    try {
        restoreState(context);
    } catch (IOException ioe) {
        getLogger().error("Failed to restore processor state; yielding", ioe);
        context.yield();
        return;
    }
    final long startNanos = System.nanoTime();
    final String bucket = context.getProperty(BUCKET).evaluateAttributeExpressions().getValue();
    final long minAgeMilliseconds = context.getProperty(MIN_AGE).asTimePeriod(TimeUnit.MILLISECONDS);
    final long listingTimestamp = System.currentTimeMillis();
    final AmazonS3 client = getClient();
    int listCount = 0;
    long maxTimestamp = 0L;
    String delimiter = context.getProperty(DELIMITER).getValue();
    String prefix = context.getProperty(PREFIX).evaluateAttributeExpressions().getValue();
    boolean useVersions = context.getProperty(USE_VERSIONS).asBoolean();
    int listType = context.getProperty(LIST_TYPE).asInteger();
    S3BucketLister bucketLister = useVersions ? new S3VersionBucketLister(client) : listType == 2 ? new S3ObjectBucketListerVersion2(client) : new S3ObjectBucketLister(client);
    bucketLister.setBucketName(bucket);
    if (delimiter != null && !delimiter.isEmpty()) {
        bucketLister.setDelimiter(delimiter);
    }
    if (prefix != null && !prefix.isEmpty()) {
        bucketLister.setPrefix(prefix);
    }
    VersionListing versionListing;
    do {
        versionListing = bucketLister.listVersions();
        for (S3VersionSummary versionSummary : versionListing.getVersionSummaries()) {
            long lastModified = versionSummary.getLastModified().getTime();
            if (lastModified < currentTimestamp || lastModified == currentTimestamp && currentKeys.contains(versionSummary.getKey()) || lastModified > (listingTimestamp - minAgeMilliseconds)) {
                continue;
            }
            // Create the attributes
            final Map<String, String> attributes = new HashMap<>();
            attributes.put(CoreAttributes.FILENAME.key(), versionSummary.getKey());
            attributes.put("s3.bucket", versionSummary.getBucketName());
            if (versionSummary.getOwner() != null) {
                // We may not have permission to read the owner
                attributes.put("s3.owner", versionSummary.getOwner().getId());
            }
            attributes.put("s3.etag", versionSummary.getETag());
            attributes.put("s3.lastModified", String.valueOf(lastModified));
            attributes.put("s3.length", String.valueOf(versionSummary.getSize()));
            attributes.put("s3.storeClass", versionSummary.getStorageClass());
            attributes.put("s3.isLatest", String.valueOf(versionSummary.isLatest()));
            if (versionSummary.getVersionId() != null) {
                attributes.put("s3.version", versionSummary.getVersionId());
            }
            // Create the flowfile
            FlowFile flowFile = session.create();
            flowFile = session.putAllAttributes(flowFile, attributes);
            session.transfer(flowFile, REL_SUCCESS);
            // Update state
            if (lastModified > maxTimestamp) {
                maxTimestamp = lastModified;
                currentKeys.clear();
            }
            if (lastModified == maxTimestamp) {
                currentKeys.add(versionSummary.getKey());
            }
            listCount++;
        }
        bucketLister.setNextMarker();
        commit(context, session, listCount);
        listCount = 0;
    } while (bucketLister.isTruncated());
    currentTimestamp = maxTimestamp;
    final long listMillis = TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - startNanos);
    getLogger().info("Successfully listed S3 bucket {} in {} millis", new Object[] { bucket, listMillis });
    if (!commit(context, session, listCount)) {
        if (currentTimestamp > 0) {
            persistState(context);
        }
        getLogger().debug("No new objects in S3 bucket {} to list. Yielding.", new Object[] { bucket });
        context.yield();
    }
}

Example 13 with Owner

use of com.amazonaws.services.s3.model.Owner in project aws-doc-sdk-examples by awsdocs.

the class CreateBucketWithACL method main.

public static void main(String[] args) throws IOException {
    Regions clientRegion = Regions.DEFAULT_REGION;
    String bucketName = "*** Bucket name ***";
    String userEmailForReadPermission = "*** user@example.com ***";
    try {
        AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withRegion(clientRegion).build();
        // Create a bucket with a canned ACL. This ACL will be replaced by the setBucketAcl()
        // calls below. It is included here for demonstration purposes.
        CreateBucketRequest createBucketRequest = new CreateBucketRequest(bucketName, clientRegion.getName()).withCannedAcl(CannedAccessControlList.LogDeliveryWrite);
        s3Client.createBucket(createBucketRequest);
        // Create a collection of grants to add to the bucket.
        ArrayList<Grant> grantCollection = new ArrayList<Grant>();
        // Grant the account owner full control.
        Grant grant1 = new Grant(new CanonicalGrantee(s3Client.getS3AccountOwner().getId()), Permission.FullControl);
        grantCollection.add(grant1);
        // Grant the LogDelivery group permission to write to the bucket.
        Grant grant2 = new Grant(GroupGrantee.LogDelivery, Permission.Write);
        grantCollection.add(grant2);
        // Save grants by replacing all current ACL grants with the two we just created.
        AccessControlList bucketAcl = new AccessControlList();
        bucketAcl.grantAllPermissions(grantCollection.toArray(new Grant[0]));
        s3Client.setBucketAcl(bucketName, bucketAcl);
        // Retrieve the bucket's ACL, add another grant, and then save the new ACL.
        AccessControlList newBucketAcl = s3Client.getBucketAcl(bucketName);
        Grant grant3 = new Grant(new EmailAddressGrantee(userEmailForReadPermission), Permission.Read);
        newBucketAcl.grantAllPermissions(grant3);
        s3Client.setBucketAcl(bucketName, newBucketAcl);
    } catch (AmazonServiceException e) {
        // The call was transmitted successfully, but Amazon S3 couldn't process
        // it and returned an error response.
        e.printStackTrace();
    } catch (SdkClientException e) {
        // Amazon S3 couldn't be contacted for a response, or the client
        // couldn't parse the response from Amazon S3.
        e.printStackTrace();
    }
}

Example 14 with Owner

use of com.amazonaws.services.s3.model.Owner in project alluxio by Alluxio.

the class S3AUnderFileSystem method getPermissionsInternal.

/**
 * Since there is no group in S3 acl, the owner is reused as the group. This method calls the
 * S3 API and requires additional permissions aside from just read only. This method is best
 * effort and will continue with default permissions (no owner, no group, 0700).
 *
 * @return the permissions associated with this under storage system
 */
private ObjectPermissions getPermissionsInternal() {
    short bucketMode = ModeUtils.getUMask(mUfsConf.getString(PropertyKey.UNDERFS_S3_DEFAULT_MODE)).toShort();
    String accountOwner = DEFAULT_OWNER;
    // if ACL enabled try to inherit bucket acl for all the objects.
    if (Boolean.parseBoolean(mUfsConf.getString(PropertyKey.UNDERFS_S3_INHERIT_ACL))) {
        try {
            Owner owner = mClient.getS3AccountOwner();
            AccessControlList acl = mClient.getBucketAcl(mBucketName);
            bucketMode = S3AUtils.translateBucketAcl(acl, owner.getId());
            if (mUfsConf.isSet(PropertyKey.UNDERFS_S3_OWNER_ID_TO_USERNAME_MAPPING)) {
                // Here accountOwner can be null if there is no mapping set for this owner id
                accountOwner = CommonUtils.getValueFromStaticMapping(mUfsConf.getString(PropertyKey.UNDERFS_S3_OWNER_ID_TO_USERNAME_MAPPING), owner.getId());
            }
            if (accountOwner == null || accountOwner.equals(DEFAULT_OWNER)) {
                // If there is no user-defined mapping, use display name or id.
                accountOwner = owner.getDisplayName() != null ? owner.getDisplayName() : owner.getId();
            }
        } catch (AmazonClientException e) {
            LOG.warn("Failed to inherit bucket ACLs, proceeding with defaults. {}", e.toString());
        }
    }
    return new ObjectPermissions(accountOwner, accountOwner, bucketMode);
}

Example 15 with Owner

use of com.amazonaws.services.s3.model.Owner in project alluxio by Alluxio.

the class S3AUnderFileSystemTest method getPermissionsCached.

@Test
public void getPermissionsCached() throws Exception {
    Mockito.when(mClient.getS3AccountOwner()).thenReturn(new Owner("0", "test"));
    Mockito.when(mClient.getBucketAcl(Mockito.anyString())).thenReturn(new AccessControlList());
    mS3UnderFileSystem.getPermissions();
    mS3UnderFileSystem.getPermissions();
    Mockito.verify(mClient).getS3AccountOwner();
    Mockito.verify(mClient).getBucketAcl(Mockito.anyString());
}