Examples with AccessControlList com.emc.object.s3.bean.AccessControlList used on opensource projects
Example 1 with AccessControlList
use of com.emc.object.s3.bean.AccessControlList in project pravega by pravega.
the class ExtendedS3Storage method doCreate.
private SegmentProperties doCreate(String streamSegmentName) throws StreamSegmentExistsException {
long traceId = LoggerHelpers.traceEnter(log, "create", streamSegmentName);
if (!client.listObjects(config.getBucket(), config.getRoot() + streamSegmentName).getObjects().isEmpty()) {
throw new StreamSegmentExistsException(streamSegmentName);
}
S3ObjectMetadata metadata = new S3ObjectMetadata();
metadata.setContentLength((long) 0);
PutObjectRequest request = new PutObjectRequest(config.getBucket(), config.getRoot() + streamSegmentName, null);
AccessControlList acl = new AccessControlList();
acl.addGrants(new Grant(new CanonicalUser(config.getAccessKey(), config.getAccessKey()), READ_WRITE_PERMISSION));
request.setAcl(acl);
/* Default behavior of putObject is to overwrite an existing object. This behavior can cause data loss.
* Here is one of the scenarios in which data loss is observed:
* 1. Host A owns the container and gets a create operation. It has not executed the putObject operation yet.
* 2. Ownership changes and host B becomes the owner of the container. It picks up putObject from the queue, executes it.
* 3. Host B gets a write operation which executes successfully.
* 4. Now host A schedules the putObject. This will overwrite the write by host B.
*
* The solution for this issue is to implement put-if-absent behavior by using Set-If-None-Match header as described here:
* http://www.emc.com/techpubs/api/ecs/v3-0-0-0/S3ObjectOperations_createOrUpdateObject_7916bd6f789d0ae0ff39961c0e660d00_ba672412ac371bb6cf4e69291344510e_detail.htm
* But this does not work. Currently all the calls to putObject API fail if made with reqest.setIfNoneMatch("*").
* once the issue with extended S3 API is fixed, addition of this one line will ensure put-if-absent semantics.
* See: https://github.com/pravega/pravega/issues/1564
*
* This issue is fixed in some versions of extended S3 implementation. The following code sets the IfNoneMatch
* flag based on configuration.
*/
if (config.isUseNoneMatch()) {
request.setIfNoneMatch("*");
}
client.putObject(request);
LoggerHelpers.traceLeave(log, "create", traceId);
return doGetStreamSegmentInfo(streamSegmentName);
}
Also used :
AccessControlList(com.emc.object.s3.bean.AccessControlList)
Grant(com.emc.object.s3.bean.Grant)
StreamSegmentExistsException(io.pravega.segmentstore.contracts.StreamSegmentExistsException)
S3ObjectMetadata(com.emc.object.s3.S3ObjectMetadata)
CanonicalUser(com.emc.object.s3.bean.CanonicalUser)
PutObjectRequest(com.emc.object.s3.request.PutObjectRequest)
Example 2 with AccessControlList
use of com.emc.object.s3.bean.AccessControlList in project pravega by pravega.
the class ExtendedS3Storage method doGetStreamSegmentInfo.
private StreamSegmentInformation doGetStreamSegmentInfo(String streamSegmentName) {
long traceId = LoggerHelpers.traceEnter(log, "getStreamSegmentInfo", streamSegmentName);
S3ObjectMetadata result = client.getObjectMetadata(config.getBucket(), config.getRoot() + streamSegmentName);
AccessControlList acls = client.getObjectAcl(config.getBucket(), config.getRoot() + streamSegmentName);
boolean canWrite = acls.getGrants().stream().anyMatch(grant -> grant.getPermission().compareTo(Permission.WRITE) >= 0);
StreamSegmentInformation information = StreamSegmentInformation.builder().name(streamSegmentName).length(result.getContentLength()).sealed(!canWrite).lastModified(new ImmutableDate(result.getLastModified().toInstant().toEpochMilli())).build();
LoggerHelpers.traceLeave(log, "getStreamSegmentInfo", traceId, streamSegmentName);
return information;
}
Also used :
AccessControlList(com.emc.object.s3.bean.AccessControlList)
StreamSegmentInformation(io.pravega.segmentstore.contracts.StreamSegmentInformation)
ImmutableDate(io.pravega.common.util.ImmutableDate)
S3ObjectMetadata(com.emc.object.s3.S3ObjectMetadata)
Example 3 with AccessControlList
use of com.emc.object.s3.bean.AccessControlList in project pravega by pravega.
the class ExtendedS3Storage method setPermission.
private void setPermission(SegmentHandle handle, Permission permission) {
AccessControlList acl = client.getObjectAcl(config.getBucket(), config.getRoot() + handle.getSegmentName());
acl.getGrants().clear();
acl.addGrants(new Grant(new CanonicalUser(config.getAccessKey(), config.getAccessKey()), permission));
client.setObjectAcl(new SetObjectAclRequest(config.getBucket(), config.getRoot() + handle.getSegmentName()).withAcl(acl));
}
Also used :
AccessControlList(com.emc.object.s3.bean.AccessControlList)
Grant(com.emc.object.s3.bean.Grant)
SetObjectAclRequest(com.emc.object.s3.request.SetObjectAclRequest)
CanonicalUser(com.emc.object.s3.bean.CanonicalUser)
Aggregations
AccessControlList (com.emc.object.s3.bean.AccessControlList)3
S3ObjectMetadata (com.emc.object.s3.S3ObjectMetadata)2
CanonicalUser (com.emc.object.s3.bean.CanonicalUser)2
Grant (com.emc.object.s3.bean.Grant)2
PutObjectRequest (com.emc.object.s3.request.PutObjectRequest)1
SetObjectAclRequest (com.emc.object.s3.request.SetObjectAclRequest)1
ImmutableDate (io.pravega.common.util.ImmutableDate)1
StreamSegmentExistsException (io.pravega.segmentstore.contracts.StreamSegmentExistsException)1
StreamSegmentInformation (io.pravega.segmentstore.contracts.StreamSegmentInformation)1
