Merge branch 'Hotfix/1485-policyFix' into 'master'

Hotfix/1485 policy fix See merge request !9

Merge branch 'Hotfix/1485-policyFix' into 'master'
Hotfix/1485 policy fix See merge request !9
d9c25152 · Petar Hristov · a4050fba · f281460f · d9c25152 · d9c25152
Commit d9c25152 authored May 19, 2021 by Petar Hristov 💬
--- a/src/ResourceTypeWaterbutlerRdsS3.Tests/ResourceTypeWaterbutlerS3Tests.cs
+++ b/src/ResourceTypeWaterbutlerRdsS3.Tests/ResourceTypeWaterbutlerS3Tests.cs
@@ -24,6 +24,8 @@ namespace Coscine.ResourceTypeWaterbutlerRdsS3.Test
        private Guid _guid;
        private string _bucketName;

+        private string _endpoint;
+
        private string _secretKey;

        private string _readUser;
@@ -42,6 +44,7 @@ namespace Coscine.ResourceTypeWaterbutlerRdsS3.Test
            _secretKey = "VERY_S3cr3t_Key!!!";
            _readUser = $"{_testPrefix}.read_{_guid}";
            _writeUser = $"{_testPrefix}.write_{_guid}";
+            _endpoint = _configuration.GetString("coscine/global/rds/ecs-rwth/rds-s3/s3_endpoint");

            _rdsS3EcsManager = new EcsManager
            {
@@ -102,6 +105,7 @@ namespace Coscine.ResourceTypeWaterbutlerRdsS3.Test
                { "secretKeyRead", _secretKey },
                { "accessKeyWrite", _writeUser },
                { "secretKeyWrite", _secretKey },
+                { "endpoint", _endpoint },
            }).Wait();

            // No implementation for deletion

--- a/src/ResourceTypeWaterbutlerRdsS3/ResourceTypeWaterbutlerRdsS3.cs
+++ b/src/ResourceTypeWaterbutlerRdsS3/ResourceTypeWaterbutlerRdsS3.cs
@@ -33,7 +33,7 @@ namespace Coscine.ResourceTypeWaterbutlerRdsS3
        private readonly List<string> _readRights;
        private readonly List<string> _writeRights;

-public ResourceTypeWaterbutlerRdsS3(string name, IConfiguration gConfig, ResourceTypeConfigurationObject resourceTypeConfiguration) : base(name, gConfig, resourceTypeConfiguration)
+        public ResourceTypeWaterbutlerRdsS3(string name, IConfiguration gConfig, ResourceTypeConfigurationObject resourceTypeConfiguration) : base(name, gConfig, resourceTypeConfiguration)
        {
            _waterbutlerInterface = new WaterbutlerInterface(Configuration, new DataSourceService(new HttpClient()));
            _rdsS3EcsManager = new EcsManager
@@ -119,7 +119,7 @@ public ResourceTypeWaterbutlerRdsS3(string name, IConfiguration gConfig, Resourc
            // Not found, upload new
            if (infos == null)
            {
-                var filename = key.Substring(key.LastIndexOf("/") + 1);
+                var filename = key[(key.LastIndexOf("/") + 1)..];
                var rootPath = key.Substring(0, key.Length - filename.Length);

                HandleResponse(await _waterbutlerInterface.UploadFileAsync(rootPath, filename, _provider, authHeader, body, contentLength));
@@ -212,6 +212,49 @@ public ResourceTypeWaterbutlerRdsS3(string name, IConfiguration gConfig, Resourc

            await _rdsS3EcsManager.SetUserAcl(options["accessKeyRead"], options["bucketname"], _readRights);
            await _rdsS3EcsManager.SetUserAcl(options["accessKeyWrite"], options["bucketname"], _writeRights);
+
+
+            var amazonConfig = new AmazonS3Config
+            {
+                ServiceURL = options["endpoint"],
+                ForcePathStyle = true
+            };
+
+            using var client = new AmazonS3Client(_accessKey, _secretKey, amazonConfig);
+            var policy = $@"{{
+                                ""Version"": ""2012-10-17"",
+                                ""Id"": ""null"",
+                                ""Statement"":[
+                                    {{
+                                        ""Action"": [""s3:PutObject"", ""s3:GetObject"", ""s3:GetObjectAcl"", ""s3:GetObjectVersion"", ""s3:DeleteObject"", ""s3:DeleteObjectVersion""],
+                                        ""Effect"": ""Allow"",
+                                        ""Resource"": [""{options["bucketname"]}/*""],
+                                        ""Principal"": [""{options["accessKeyWrite"]}""]
+                                    }},
+                                    {{
+                                        ""Action"": [""s3:GetObject"", ""s3:GetObjectAcl"", ""s3:GetObjectVersion""],
+                                        ""Effect"": ""Allow"",
+                                        ""Resource"": [""{options["bucketname"]}/*""],
+                                        ""Principal"": [""{options["accessKeyRead"]}""]
+                                    }}
+                                ]
+                            }}";
+
+            var putRequest = new PutBucketPolicyRequest
+            {
+                BucketName = options["bucketname"],
+                Policy = policy
+            };
+
+            // Exception will be thrown on dev systems.
+            // Works on live.
+            try
+            {
+                await client.PutBucketPolicyAsync(putRequest);
+            }
+            catch (Exception)
+            {
+            }
        }

        public override async Task<long> GetResourceQuotaUsed(string id, Dictionary<string, string> options = null)
@@ -223,27 +266,25 @@ public ResourceTypeWaterbutlerRdsS3(string name, IConfiguration gConfig, Resourc
                ForcePathStyle = true
            };

-            using (var client = new AmazonS3Client(_accessKey, _secretKey, amazonConfig))
+            using var client = new AmazonS3Client(_accessKey, _secretKey, amazonConfig);
+            long totalFileSize = 0;
+            long fileCount = 0;
+            var listRequest = new ListObjectsRequest()
            {
-                long totalFileSize = 0;
-                long fileCount = 0;
-                var listRequest = new ListObjectsRequest()
-                {
-                    BucketName = options["bucketname"]
-                };
+                BucketName = options["bucketname"]
+            };

-                ListObjectsResponse listResponse;
-                do
-                {
-                    listResponse = await client.ListObjectsAsync(listRequest);
-                    fileCount += listResponse.S3Objects.Count;
-                    totalFileSize += listResponse.S3Objects.Sum(x => x.Size);
-                    listRequest.Marker = listResponse.NextMarker;
+            ListObjectsResponse listResponse;
+            do
+            {
+                listResponse = await client.ListObjectsAsync(listRequest);
+                fileCount += listResponse.S3Objects.Count;
+                totalFileSize += listResponse.S3Objects.Sum(x => x.Size);
+                listRequest.Marker = listResponse.NextMarker;

-                } while (listResponse.IsTruncated);
+            } while (listResponse.IsTruncated);

-                return totalFileSize;
-            }
+            return totalFileSize;
        }

        public override async Task<long> GetResourceQuotaAvailable(string id, Dictionary<string, string> options = null)
@@ -265,19 +306,17 @@ public ResourceTypeWaterbutlerRdsS3(string name, IConfiguration gConfig, Resourc
                    ServiceURL = options["endpoint"],
                    ForcePathStyle = true
                };
-                using (var client = new AmazonS3Client(_accessKey, _secretKey, amazonConfig))
+                using var client = new AmazonS3Client(_accessKey, _secretKey, amazonConfig);
+                var presignedUrl = client.GetPreSignedURL(new GetPreSignedUrlRequest()
                {
-                    var presignedUrl = client.GetPreSignedURL(new GetPreSignedUrlRequest()
-                    {
-                        BucketName = options["bucketname"],
-                        Key = key,
-                        Verb = HttpVerb.GET,
-                        Protocol = Protocol.HTTP,
-                        // For now, expiry of a day is set, but this might be up to debate
-                        Expires = DateTime.UtcNow.AddHours(24)
-                    });
-                    return new Uri(presignedUrl);
-                }
+                    BucketName = options["bucketname"],
+                    Key = key,
+                    Verb = HttpVerb.GET,
+                    Protocol = Protocol.HTTP,
+                    // For now, expiry of a day is set, but this might be up to debate
+                    Expires = DateTime.UtcNow.AddHours(24)
+                });
+                return new Uri(presignedUrl);
            });
        }

@@ -290,19 +329,17 @@ public ResourceTypeWaterbutlerRdsS3(string name, IConfiguration gConfig, Resourc
                    ServiceURL = options["endpoint"],
                    ForcePathStyle = true
                };
-                using (var client = new AmazonS3Client(_accessKey, _secretKey, amazonConfig))
+                using var client = new AmazonS3Client(_accessKey, _secretKey, amazonConfig);
+                var presignedUrl = client.GetPreSignedURL(new GetPreSignedUrlRequest()
                {
-                    var presignedUrl = client.GetPreSignedURL(new GetPreSignedUrlRequest()
-                    {
-                        BucketName = options["bucketname"],
-                        Key = key,
-                        Verb = HttpVerb.PUT,
-                        Protocol = Protocol.HTTP,
-                        // For now, expiry of a day is set, but this might be up to debate
-                        Expires = DateTime.UtcNow.AddHours(24)
-                    });
-                    return new Uri(presignedUrl);
-                }
+                    BucketName = options["bucketname"],
+                    Key = key,
+                    Verb = HttpVerb.PUT,
+                    Protocol = Protocol.HTTP,
+                    // For now, expiry of a day is set, but this might be up to debate
+                    Expires = DateTime.UtcNow.AddHours(24)
+                });
+                return new Uri(presignedUrl);
            });
        }
    }