Commit 5583a4ae authored by L. Ellenbeck's avatar L. Ellenbeck
Browse files

NEW: Readonly implementation coscine/issues#1574

parent 830745c1
......@@ -102,12 +102,13 @@ namespace Coscine.ResourceTypeWaterbutlerRdsS3.Test
resourceType.CreateResource(new Dictionary<string, string> {
{ "bucketname", _bucketName },
{ "size", $"{_quota}" },
{ "accessKey", "" },
{ "accessKey", _accessKey },
{ "accessKeyRead", _readUser },
{ "secretKeyRead", _secretKey },
{ "accessKeyWrite", _writeUser },
{ "secretKeyWrite", _secretKey },
{ "endpoint", _endpoint },
{ "readonly", "false" },
}).Wait();
// No implementation for deletion
......
......@@ -204,15 +204,15 @@ namespace Coscine.ResourceTypeWaterbutlerRdsS3
}
}
public override async Task CreateResource(Dictionary<string, string> options = null)
public async override Task SetResourceReadonly(string id, bool status, Dictionary<string, string> options = null)
{
await _rdsS3EcsManager.CreateBucket(options["bucketname"], int.Parse(options["size"]));
await _userEcsManager.CreateObjectUser(options["accessKeyRead"], options["secretKeyRead"]);
await _userEcsManager.CreateObjectUser(options["accessKeyWrite"], options["secretKeyWrite"]);
await _rdsS3EcsManager.SetUserAcl(options["accessKeyRead"], options["bucketname"], _readRights);
await _rdsS3EcsManager.SetUserAcl(options["accessKeyWrite"], options["bucketname"], _writeRights);
var policy = GenerateAccessPolicy(options["accessKey"], options["accessKeyWrite"], options["accessKeyRead"], id, status);
var putRequest = new PutBucketPolicyRequest
{
BucketName = id,
Policy = policy
};
var amazonConfig = new AmazonS3Config
{
......@@ -221,30 +221,6 @@ namespace Coscine.ResourceTypeWaterbutlerRdsS3
};
using var client = new AmazonS3Client(_accessKey, _secretKey, amazonConfig);
var policy = $@"{{
""Version"": ""2012-10-17"",
""Id"": ""null"",
""Statement"":[
{{
""Action"": [""s3:PutObject"", ""s3:GetObject"", ""s3:GetObjectAcl"", ""s3:GetObjectVersion"", ""s3:DeleteObject"", ""s3:DeleteObjectVersion""],
""Effect"": ""Allow"",
""Resource"": [""{options["bucketname"]}/*""],
""Principal"": [""{options["accessKeyWrite"]}"", ""{options["accessKey"]}""]
}},
{{
""Action"": [""s3:GetObject"", ""s3:GetObjectAcl"", ""s3:GetObjectVersion""],
""Effect"": ""Allow"",
""Resource"": [""{options["bucketname"]}/*""],
""Principal"": [""{options["accessKeyRead"]}""]
}}
]
}}";
var putRequest = new PutBucketPolicyRequest
{
BucketName = options["bucketname"],
Policy = policy
};
// Exception will be thrown on dev systems.
// Works on live.
......@@ -257,6 +233,26 @@ namespace Coscine.ResourceTypeWaterbutlerRdsS3
}
}
public override async Task CreateResource(Dictionary<string, string> options = null)
{
await _rdsS3EcsManager.CreateBucket(options["bucketname"], int.Parse(options["size"]));
await _userEcsManager.CreateObjectUser(options["accessKeyRead"], options["secretKeyRead"]);
await _userEcsManager.CreateObjectUser(options["accessKeyWrite"], options["secretKeyWrite"]);
await _rdsS3EcsManager.SetUserAcl(options["accessKeyRead"], options["bucketname"], _readRights);
await _rdsS3EcsManager.SetUserAcl(options["accessKeyWrite"], options["bucketname"], _writeRights);
// Set to the readonly value, if present.
if (options != null && options.ContainsKey("readonly") && bool.TryParse(options["readonly"], out var result))
{
await SetResourceReadonly(options["bucketname"], result, options);
}
else
{
await SetResourceReadonly(options["bucketname"], false, options);
}
}
public override async Task<long> GetResourceQuotaUsed(string id, Dictionary<string, string> options = null)
{
......@@ -342,5 +338,50 @@ namespace Coscine.ResourceTypeWaterbutlerRdsS3
return new Uri(presignedUrl);
});
}
private static string GenerateAccessPolicy(Dictionary<string, string> options, bool isReadonly)
{
return GenerateAccessPolicy(options["accessKey"], options["accessKeyWrite"], options["accessKeyRead"], options["bucketname"], isReadonly);
}
private static string GenerateAccessPolicy(string accessKey, string writeKey, string accessKeyRead, string bucketname, bool isReadonly)
{
if (isReadonly)
{
return $@"{{
""Version"": ""2012-10-17"",
""Id"": ""null"",
""Statement"":[
{{
""Action"": [""s3:GetObject"", ""s3:GetObjectAcl"", ""s3:GetObjectVersion""],
""Effect"": ""Allow"",
""Resource"": [""{bucketname}/*""],
""Principal"": [""{writeKey}"", ""{accessKey}"",""{accessKeyRead}""]
}}
]
}}";
}
else
{
return $@"{{
""Version"": ""2012-10-17"",
""Id"": ""null"",
""Statement"":[
{{
""Action"": [""s3:PutObject"", ""s3:GetObject"", ""s3:GetObjectAcl"", ""s3:GetObjectVersion"", ""s3:DeleteObject"", ""s3:DeleteObjectVersion""],
""Effect"": ""Allow"",
""Resource"": [""{bucketname}/*""],
""Principal"": [""{writeKey}"", ""{accessKey}""]
}},
{{
""Action"": [""s3:GetObject"", ""s3:GetObjectAcl"", ""s3:GetObjectVersion""],
""Effect"": ""Allow"",
""Resource"": [""{bucketname}/*""],
""Principal"": [""{accessKeyRead}""]
}}
]
}}";
}
}
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment