| Index: third_party/gsutil/gslib/addlhelp/acls.py
|
| diff --git a/third_party/gsutil/gslib/addlhelp/acls.py b/third_party/gsutil/gslib/addlhelp/acls.py
|
| deleted file mode 100644
|
| index 64788e72ba49bcd4d989a42a499efbb13a52e541..0000000000000000000000000000000000000000
|
| --- a/third_party/gsutil/gslib/addlhelp/acls.py
|
| +++ /dev/null
|
| @@ -1,234 +0,0 @@
|
| -# Copyright 2012 Google Inc. All Rights Reserved.
|
| -#
|
| -# Licensed under the Apache License, Version 2.0 (the "License");
|
| -# you may not use this file except in compliance with the License.
|
| -# You may obtain a copy of the License at
|
| -#
|
| -# http://www.apache.org/licenses/LICENSE-2.0
|
| -#
|
| -# Unless required by applicable law or agreed to in writing, software
|
| -# distributed under the License is distributed on an "AS IS" BASIS,
|
| -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| -# See the License for the specific language governing permissions and
|
| -# limitations under the License.
|
| -
|
| -from gslib.help_provider import HELP_NAME
|
| -from gslib.help_provider import HELP_NAME_ALIASES
|
| -from gslib.help_provider import HELP_ONE_LINE_SUMMARY
|
| -from gslib.help_provider import HelpProvider
|
| -from gslib.help_provider import HELP_TEXT
|
| -from gslib.help_provider import HelpType
|
| -from gslib.help_provider import HELP_TYPE
|
| -
|
| -_detailed_help_text = ("""
|
| -<B>OVERVIEW</B>
|
| - Access Control Lists (ACLs) allow you to control who can read and write
|
| - your data, and who can read and write the ACLs themselves.
|
| -
|
| - If not specified at the time an object is uploaded (e.g., via the gsutil cp
|
| - -a option), objects will be created with a default object ACL set on the
|
| - bucket (see "gsutil help setdefacl"). You can replace the ACL on an object
|
| - or bucket using the gsutil setacl command (see "gsutil help setacl"), or
|
| - modify the existing ACL using the gsutil chacl command (see "gsutil help
|
| - chacl").
|
| -
|
| -
|
| -<B>BUCKET VS OBJECT ACLS</B>
|
| - In Google Cloud Storage, the bucket ACL works as follows:
|
| -
|
| - - Users granted READ access are allowed to list the bucket contents.
|
| -
|
| - - Users granted WRITE access are allowed READ access and also are
|
| - allowed to write and delete objects in that bucket -- including
|
| - overwriting previously written objects.
|
| -
|
| - - Users granted FULL_CONTROL access are allowed WRITE access and also
|
| - are allowed to read and write the bucket's ACL.
|
| -
|
| - The object ACL works as follows:
|
| -
|
| - - Users granted READ access are allowed to read the object's data and
|
| - metadata.
|
| -
|
| - - Users granted FULL_CONTROL access are allowed READ access and also
|
| - are allowed to read and write the object's ACL.
|
| -
|
| - A couple of points are worth noting, that sometimes surprise users:
|
| -
|
| - 1. There is no WRITE access for objects; attempting to set an ACL with WRITE
|
| - permission for an object will result in an error.
|
| -
|
| - 2. The bucket ACL plays no role in determining who can read objects; only the
|
| - object ACL matters for that purpose. This is different from how things
|
| - work in Linux file systems, where both the file and directory permission
|
| - control file read access. It also means, for example, that someone with
|
| - FULL_CONTROL over the bucket may not have read access to objects in
|
| - the bucket. This is by design, and supports useful cases. For example,
|
| - you might want to set up bucket ownership so that a small group of
|
| - administrators have FULL_CONTROL on the bucket (with the ability to
|
| - delete data to control storage costs), but not grant those users read
|
| - access to the object data (which might be sensitive data that should
|
| - only be accessed by a different specific group of users).
|
| -
|
| -
|
| -<B>CANNED ACLS</B>
|
| - The simplest way to set an ACL on a bucket or object is using a "canned
|
| - ACL". The available canned ACLs are:
|
| -
|
| - project-private Gives permission to the project team based on their
|
| - roles. Anyone who is part of the team has READ
|
| - permission, and project owners and project editors
|
| - have FULL_CONTROL permission. This is the default
|
| - ACL for newly created buckets. This is also the
|
| - default ACL for newly created objects unless the
|
| - default object ACL for that bucket has been
|
| - changed. For more details see
|
| - "gsutil help projects".
|
| -
|
| - private Gives the requester (and only the requester)
|
| - FULL_CONTROL permission for a bucket or object.
|
| -
|
| - public-read Gives the requester FULL_CONTROL permission and
|
| - gives all users READ permission. When you apply
|
| - this to an object, anyone on the Internet can
|
| - read the object without authenticating.
|
| -
|
| - public-read-write Gives the requester FULL_CONTROL permission and
|
| - gives all users READ and WRITE permission. This
|
| - ACL applies only to buckets.
|
| -
|
| - authenticated-read Gives the requester FULL_CONTROL permission and
|
| - gives all authenticated Google account holders
|
| - READ permission.
|
| -
|
| - bucket-owner-read Gives the requester FULL_CONTROL permission and
|
| - gives the bucket owner READ permission. This is
|
| - used only with objects.
|
| -
|
| - bucket-owner-full-control Gives the requester FULL_CONTROL permission and
|
| - gives the bucket owner FULL_CONTROL
|
| - permission. This is used only with objects.
|
| -
|
| -
|
| -<B>ACL XML</B>
|
| - When you use a canned ACL, it is translated into an XML representation
|
| - that can later be retrieved and edited to specify more fine-grained
|
| - detail about who can read and write buckets and objects. By running
|
| - the gsutil getacl command you can retrieve the ACL XML, and edit it to
|
| - customize the permissions.
|
| -
|
| - As an example, if you create an object in a bucket that has no default
|
| - object ACL set and then retrieve the ACL on the object, it will look
|
| - something like this:
|
| -
|
| - <AccessControlList>
|
| - <Owner>
|
| - <ID>
|
| - 00b4903a9740e42c29800f53bd5a9a62a2f96eb3f64a4313a115df3f3a776bf7
|
| - </ID>
|
| - </Owner>
|
| - <Entries>
|
| - <Entry>
|
| - <Scope type="GroupById">
|
| - <ID>
|
| - 00b4903a9740e42c29800f53bd5a9a62a2f96eb3f64a4313a115df3f3a776bf7
|
| - </ID>
|
| - </Scope>
|
| - <Permission>
|
| - FULL_CONTROL
|
| - </Permission>
|
| - </Entry>
|
| - <Entry>
|
| - <Scope type="GroupById">
|
| - <ID>
|
| - 00b4903a977fd817e9da167bc81306489181a110456bb635f466d71cf90a0d51
|
| - </ID>
|
| - </Scope>
|
| - <Permission>
|
| - FULL_CONTROL
|
| - </Permission>
|
| - </Entry>
|
| - <Entry>
|
| - <Scope type="GroupById">
|
| - <ID>
|
| - 00b4903a974898cc8fc309f2f2835308ba3d3df1b889d3fc7e33e187d52d8e71
|
| - </ID>
|
| - </Scope>
|
| - <Permission>
|
| - READ
|
| - </Permission>
|
| - </Entry>
|
| - </Entries>
|
| - </AccessControlList>
|
| -
|
| - The ACL consists of an Owner element and a collection of Entry elements,
|
| - each of which specifies a Scope and a Permission. Scopes are the way you
|
| - specify an individual or group of individuals, and Permissions specify what
|
| - access they're permitted.
|
| -
|
| - This particular ACL grants FULL_CONTROL to two groups (which means members
|
| - of those groups are allowed to read the object and read and write the ACL),
|
| - and READ permission to a third group. The project groups are (in order)
|
| - the owners group, editors group, and viewers group.
|
| -
|
| - The 64 digit hex identifiers used in this ACL are called canonical IDs,
|
| - and are used to identify predefined groups associated with the project that
|
| - owns the bucket. For more information about project groups, see "gsutil
|
| - help projects".
|
| -
|
| - Here's an example of an ACL specified using the GroupByEmail and GroupByDomain
|
| - scopes:
|
| -
|
| - <AccessControlList>
|
| - <Entries>
|
| - <Entry>
|
| - <Permission>
|
| - FULL_CONTROL
|
| - </Permission>
|
| - <Scope type="GroupByEmail">
|
| - <EmailAddress>travel-companion-owners@googlegroups.com</EmailAddress>
|
| - </Scope>
|
| - </Entry>
|
| - <Entry>
|
| - <Permission>
|
| - READ
|
| - </Permission>
|
| - <Scope type="GroupByDomain">
|
| - <Domain>example.com</Domain>
|
| - </Scope>
|
| - </Entry>
|
| - </Entries>
|
| - </AccessControlList>
|
| -
|
| - This ACL grants members of an email group FULL_CONTROL, and grants READ
|
| - access to any user in a domain (which must be a Google Apps for Business
|
| - domain). By applying email group grants to a collection of objects
|
| - you can edit access control for large numbers of objects at once via
|
| - http://groups.google.com. That way, for example, you can easily and quickly
|
| - change access to a group of company objects when employees join and leave
|
| - your company (i.e., without having to individually change ACLs across
|
| - potentially millions of objects).
|
| -
|
| -
|
| -<B>SHARING SCENARIOS</B>
|
| - For more detailed examples how to achieve various useful sharing use
|
| - cases see https://developers.google.com/storage/docs/collaboration
|
| -""")
|
| -
|
| -
|
| -class CommandOptions(HelpProvider):
|
| - """Additional help about Access Control Lists."""
|
| -
|
| - help_spec = {
|
| - # Name of command or auxiliary help info for which this help applies.
|
| - HELP_NAME : 'acls',
|
| - # List of help name aliases.
|
| - HELP_NAME_ALIASES : ['acl', 'ACL', 'access control', 'access control list',
|
| - 'authorization', 'canned', 'canned acl'],
|
| - # Type of help:
|
| - HELP_TYPE : HelpType.ADDITIONAL_HELP,
|
| - # One line summary of this help.
|
| - HELP_ONE_LINE_SUMMARY : 'Working with Access Control Lists',
|
| - # The full help text.
|
| - HELP_TEXT : _detailed_help_text,
|
| - }
|
|
|
Chromium Code Reviews
Issue 2280023003:
depot_tools: Remove third_party/gsutil (Closed)
