| Index: gslib/commands/defacl.py
|
| ===================================================================
|
| --- gslib/commands/defacl.py (revision 33376)
|
| +++ gslib/commands/defacl.py (working copy)
|
| @@ -1,3 +1,4 @@
|
| +# -*- coding: utf-8 -*-
|
| # Copyright 2011 Google Inc. All Rights Reserved.
|
| #
|
| # Licensed under the Apache License, Version 2.0 (the "License");
|
| @@ -11,42 +12,39 @@
|
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| # See the License for the specific language governing permissions and
|
| # limitations under the License.
|
| +"""Implementation of default object acl command for Google Cloud Storage."""
|
|
|
| +from __future__ import absolute_import
|
| +
|
| import getopt
|
|
|
| -from boto.exception import GSResponseError
|
| from gslib import aclhelpers
|
| +from gslib.cloud_api import AccessDeniedException
|
| +from gslib.cloud_api import BadRequestException
|
| +from gslib.cloud_api import Preconditions
|
| +from gslib.cloud_api import ServiceException
|
| from gslib.command import Command
|
| -from gslib.command import COMMAND_NAME
|
| -from gslib.command import COMMAND_NAME_ALIASES
|
| -from gslib.command import FILE_URIS_OK
|
| -from gslib.command import MAX_ARGS
|
| -from gslib.command import MIN_ARGS
|
| -from gslib.command import PROVIDER_URIS_OK
|
| -from gslib.command import SUPPORTED_SUB_ARGS
|
| -from gslib.command import URIS_START_ARG
|
| +from gslib.command import SetAclExceptionHandler
|
| +from gslib.command import SetAclFuncWrapper
|
| +from gslib.cs_api_map import ApiSelector
|
| from gslib.exception import CommandException
|
| from gslib.help_provider import CreateHelpText
|
| -from gslib.help_provider import HELP_NAME
|
| -from gslib.help_provider import HELP_NAME_ALIASES
|
| -from gslib.help_provider import HELP_ONE_LINE_SUMMARY
|
| -from gslib.help_provider import HELP_TEXT
|
| -from gslib.help_provider import HelpType
|
| -from gslib.help_provider import HELP_TYPE
|
| -from gslib.help_provider import SUBCOMMAND_HELP_TEXT
|
| +from gslib.storage_url import StorageUrlFromString
|
| +from gslib.third_party.storage_apitools import storage_v1_messages as apitools_messages
|
| from gslib.util import NO_MAX
|
| from gslib.util import Retry
|
| +from gslib.util import UrlsAreForSingleProvider
|
|
|
| _SET_SYNOPSIS = """
|
| - gsutil defacl set file-or-canned_acl_name uri...
|
| + gsutil defacl set file-or-canned_acl_name url...
|
| """
|
|
|
| _GET_SYNOPSIS = """
|
| - gsutil defacl get uri
|
| + gsutil defacl get url
|
| """
|
|
|
| _CH_SYNOPSIS = """
|
| - gsutil defacl ch -u|-g|-d <grant>... uri...
|
| + gsutil defacl ch -u|-g|-d <grant>... url...
|
| """
|
|
|
| _SET_DESCRIPTION = """
|
| @@ -57,7 +55,7 @@
|
| bucket.
|
|
|
| Similar to the "acl set" command, the file-or-canned_acl_name names either a
|
| - canned ACL or the path to a file that contains ACL XML. (See "gsutil
|
| + canned ACL or the path to a file that contains ACL text. (See "gsutil
|
| help acl" for examples of editing and setting ACLs via the
|
| acl command.)
|
|
|
| @@ -74,7 +72,7 @@
|
|
|
| _GET_DESCRIPTION = """
|
| <B>GET</B>
|
| - Gets the default ACL XML for a bucket, which you can save and edit
|
| + Gets the default ACL text for a bucket, which you can save and edit
|
| for use with the "defacl set" command.
|
| """
|
|
|
| @@ -92,9 +90,9 @@
|
| gsutil defacl ch -u john.doe@example.com:READ gs://example-bucket
|
|
|
| Add the group admins@example.com to the default object ACL on bucket
|
| - example-bucket with FULL_CONTROL access:
|
| + example-bucket with OWNER access:
|
|
|
| - gsutil defacl ch -g admins@example.com:FC gs://example-bucket
|
| + gsutil defacl ch -g admins@example.com:O gs://example-bucket
|
| """
|
|
|
| _SYNOPSIS = (_SET_SYNOPSIS + _GET_SYNOPSIS.lstrip('\n') +
|
| @@ -104,7 +102,7 @@
|
| The defacl command has three sub-commands:
|
| """ + '\n'.join([_SET_DESCRIPTION + _GET_DESCRIPTION + _CH_DESCRIPTION])
|
|
|
| -_detailed_help_text = CreateHelpText(_SYNOPSIS, _DESCRIPTION)
|
| +_DETAILED_HELP_TEXT = CreateHelpText(_SYNOPSIS, _DESCRIPTION)
|
|
|
| _get_help_text = CreateHelpText(_GET_SYNOPSIS, _GET_DESCRIPTION)
|
| _set_help_text = CreateHelpText(_SET_SYNOPSIS, _SET_DESCRIPTION)
|
| @@ -114,46 +112,35 @@
|
| class DefAclCommand(Command):
|
| """Implementation of gsutil defacl command."""
|
|
|
| - # Command specification (processed by parent class).
|
| - command_spec = {
|
| - # Name of command.
|
| - COMMAND_NAME : 'defacl',
|
| - # List of command name aliases.
|
| - COMMAND_NAME_ALIASES : ['setdefacl', 'getdefacl', 'chdefacl'],
|
| - # Min number of args required by this command.
|
| - MIN_ARGS : 2,
|
| - # Max number of args required by this command, or NO_MAX.
|
| - MAX_ARGS : NO_MAX,
|
| - # Getopt-style string specifying acceptable sub args.
|
| - SUPPORTED_SUB_ARGS : 'fg:u:d:',
|
| - # True if file URIs acceptable for this command.
|
| - FILE_URIS_OK : False,
|
| - # True if provider-only URIs acceptable for this command.
|
| - PROVIDER_URIS_OK : False,
|
| - # Index in args of first URI arg.
|
| - URIS_START_ARG : 1,
|
| - }
|
| - help_spec = {
|
| - # Name of command or auxiliary help info for which this help applies.
|
| - HELP_NAME : 'defacl',
|
| - # List of help name aliases.
|
| - HELP_NAME_ALIASES : ['default acl', 'setdefacl', 'getdefacl', 'chdefacl'],
|
| - # Type of help:
|
| - HELP_TYPE : HelpType.COMMAND_HELP,
|
| - # One line summary of this help.
|
| - HELP_ONE_LINE_SUMMARY : 'Get, set, or change default ACL on buckets',
|
| - # The full help text.
|
| - HELP_TEXT : _detailed_help_text,
|
| - # Help text for sub-commands.
|
| - SUBCOMMAND_HELP_TEXT : {'get' : _get_help_text,
|
| - 'set' : _set_help_text,
|
| - 'ch' : _ch_help_text},
|
| - }
|
| + # Command specification. See base class for documentation.
|
| + command_spec = Command.CreateCommandSpec(
|
| + 'defacl',
|
| + command_name_aliases=['setdefacl', 'getdefacl', 'chdefacl'],
|
| + min_args=2,
|
| + max_args=NO_MAX,
|
| + supported_sub_args='fg:u:d:',
|
| + file_url_ok=False,
|
| + provider_url_ok=False,
|
| + urls_start_arg=1,
|
| + gs_api_support=[ApiSelector.XML, ApiSelector.JSON],
|
| + gs_default_api=ApiSelector.JSON,
|
| + )
|
| + # Help specification. See help_provider.py for documentation.
|
| + help_spec = Command.HelpSpec(
|
| + help_name='defacl',
|
| + help_name_aliases=[
|
| + 'default acl', 'setdefacl', 'getdefacl', 'chdefacl'],
|
| + help_type='command_help',
|
| + help_one_line_summary='Get, set, or change default ACL on buckets',
|
| + help_text=_DETAILED_HELP_TEXT,
|
| + subcommand_help_text={
|
| + 'get': _get_help_text, 'set': _set_help_text, 'ch': _ch_help_text},
|
| + )
|
|
|
| - def _CalculateUrisStartArg(self):
|
| + def _CalculateUrlsStartArg(self):
|
| if not self.args:
|
| self._RaiseWrongNumberOfArgumentsException()
|
| - if (self.args[0].lower() == 'set'):
|
| + if self.args[0].lower() == 'set':
|
| return 2
|
| elif self.command_alias_used == 'getdefacl':
|
| return 0
|
| @@ -161,30 +148,24 @@
|
| return 1
|
|
|
| def _SetDefAcl(self):
|
| - if not self.suri_builder.StorageUri(self.args[-1]).names_bucket():
|
| - raise CommandException('URI must name a bucket for the %s command' %
|
| + if not StorageUrlFromString(self.args[-1]).IsBucket():
|
| + raise CommandException('URL must name a bucket for the %s command' %
|
| self.command_name)
|
| try:
|
| - self.SetAclCommandHelper()
|
| - except GSResponseError as e:
|
| - if e.code == 'AccessDenied' and e.reason == 'Forbidden' \
|
| - and e.status == 403:
|
| - self._WarnServiceAccounts()
|
| + self.SetAclCommandHelper(SetAclFuncWrapper, SetAclExceptionHandler)
|
| + except AccessDeniedException:
|
| + self._WarnServiceAccounts()
|
| raise
|
|
|
| def _GetDefAcl(self):
|
| - if not self.suri_builder.StorageUri(self.args[-1]).names_bucket():
|
| - raise CommandException('URI must name a bucket for the %s command' %
|
| + if not StorageUrlFromString(self.args[0]).IsBucket():
|
| + raise CommandException('URL must name a bucket for the %s command' %
|
| self.command_name)
|
| - try:
|
| - self.GetAclCommandHelper()
|
| - except GSResponseError as e:
|
| - if e.code == 'AccessDenied' and e.reason == 'Forbidden' \
|
| - and e.status == 403:
|
| - self._WarnServiceAccounts()
|
| - raise
|
| + self.GetAndPrintAcl(self.args[0])
|
|
|
| def _ChDefAcl(self):
|
| + """Parses options and changes default object ACLs on specified buckets."""
|
| + self.parse_versions = True
|
| self.changes = []
|
|
|
| if self.sub_opts:
|
| @@ -203,64 +184,64 @@
|
| 'Please specify at least one access change '
|
| 'with the -g, -u, or -d flags')
|
|
|
| - storage_uri = self.UrisAreForSingleProvider(self.args)
|
| - if not (storage_uri and storage_uri.get_provider().name == 'google'):
|
| + if (not UrlsAreForSingleProvider(self.args) or
|
| + StorageUrlFromString(self.args[0]).scheme != 'gs'):
|
| raise CommandException(
|
| - 'The "{0}" command can only be used with gs:// URIs'.format(
|
| + 'The "{0}" command can only be used with gs:// URLs'.format(
|
| self.command_name))
|
|
|
| - bucket_uris = set()
|
| - for uri_arg in self.args:
|
| - for result in self.WildcardIterator(uri_arg):
|
| - uri = result.uri
|
| - if not uri.names_bucket():
|
| + bucket_urls = set()
|
| + for url_arg in self.args:
|
| + for result in self.WildcardIterator(url_arg):
|
| + if not result.storage_url.IsBucket():
|
| raise CommandException(
|
| 'The defacl ch command can only be applied to buckets.')
|
| - bucket_uris.add(uri)
|
| + bucket_urls.add(result.storage_url)
|
|
|
| - for uri in bucket_uris:
|
| - self.ApplyAclChanges(uri)
|
| + for storage_url in bucket_urls:
|
| + self.ApplyAclChanges(storage_url)
|
|
|
| - @Retry(GSResponseError, tries=3, timeout_secs=1)
|
| - def ApplyAclChanges(self, uri):
|
| - """Applies the changes in self.changes to the provided URI."""
|
| - try:
|
| - current_acl = uri.get_def_acl()
|
| - except GSResponseError as e:
|
| - if (e.code == 'AccessDenied' and e.reason == 'Forbidden'
|
| - and e.status == 403):
|
| - self._WarnServiceAccounts()
|
| - self.logger.warning('Failed to set default acl for {0}: {1}'
|
| - .format(uri, e.reason))
|
| + @Retry(ServiceException, tries=3, timeout_secs=1)
|
| + def ApplyAclChanges(self, url):
|
| + """Applies the changes in self.changes to the provided URL."""
|
| + bucket = self.gsutil_api.GetBucket(
|
| + url.bucket_name, provider=url.scheme,
|
| + fields=['defaultObjectAcl', 'metageneration'])
|
| + current_acl = bucket.defaultObjectAcl
|
| + if not current_acl:
|
| + self._WarnServiceAccounts()
|
| + self.logger.warning('Failed to set acl for %s. Please ensure you have '
|
| + 'OWNER-role access to this resource.', url)
|
| return
|
|
|
| modification_count = 0
|
| for change in self.changes:
|
| - modification_count += change.Execute(uri, current_acl, self.logger)
|
| + modification_count += change.Execute(
|
| + url, current_acl, 'defacl', self.logger)
|
| if modification_count == 0:
|
| - self.logger.info('No changes to {0}'.format(uri))
|
| + self.logger.info('No changes to %s', url)
|
| return
|
|
|
| - # TODO: Add if-metageneration-match when boto provides access to bucket
|
| - # metageneration.
|
| -
|
| - # If this fails because of a precondition, it will raise a
|
| - # GSResponseError for @Retry to handle.
|
| try:
|
| - uri.set_def_acl(current_acl, validate=False)
|
| - except GSResponseError as e:
|
| + preconditions = Preconditions(meta_gen_match=bucket.metageneration)
|
| + bucket_metadata = apitools_messages.Bucket(defaultObjectAcl=current_acl)
|
| + self.gsutil_api.PatchBucket(url.bucket_name, bucket_metadata,
|
| + preconditions=preconditions,
|
| + provider=url.scheme, fields=['id'])
|
| + except BadRequestException as e:
|
| # Don't retry on bad requests, e.g. invalid email address.
|
| - if getattr(e, 'status', None) == 400:
|
| - raise CommandException('Received bad request from server: %s' % str(e))
|
| - raise
|
| - self.logger.info('Updated default ACL on {0}'.format(uri))
|
| + raise CommandException('Received bad request from server: %s' % str(e))
|
|
|
| - # Command entry point.
|
| + self.logger.info('Updated default ACL on %s', url)
|
| +
|
| def RunCommand(self):
|
| + """Command entry point for the defacl command."""
|
| action_subcommand = self.args.pop(0)
|
| - (self.sub_opts, self.args) = getopt.getopt(self.args,
|
| - self.command_spec[SUPPORTED_SUB_ARGS])
|
| + self.sub_opts, self.args = getopt.getopt(
|
| + self.args, self.command_spec.supported_sub_args)
|
| self.CheckArguments()
|
| + self.def_acl = True
|
| + self.continue_on_error = False
|
| if action_subcommand == 'get':
|
| func = self._GetDefAcl
|
| elif action_subcommand == 'set':
|
|
|
Chromium Code Reviews
Issue 698893003:
Update checked in version of gsutil to version 4.6 (Closed)
Base URL: http://dart.googlecode.com/svn/third_party/gsutil/