Beispiel #1
0
    @Override
    public List<Grant> apply(OwnerIdPair ownerIds) {
      ArrayList<Grant> privateGrants = new ArrayList<Grant>();
      Grant ownerFullControl = new Grant();
      Grantee owner = new Grantee();
      String displayName = "";
      String ownerCanonicalId = null;
      if (!Strings.isNullOrEmpty(ownerIds.getObjectOwnerCanonicalId())) {
        ownerCanonicalId = ownerIds.getObjectOwnerCanonicalId();
      } else {
        ownerCanonicalId = ownerIds.getBucketOwnerCanonicalId();
      }

      try {
        displayName = Accounts.lookupAccountByCanonicalId(ownerCanonicalId).getName();
      } catch (AuthException e) {
        displayName = "";
      }
      owner.setCanonicalUser(new CanonicalUser(ownerCanonicalId, displayName));
      owner.setType("CanonicalUser");
      ownerFullControl.setGrantee(owner);
      ownerFullControl.setPermission(ObjectStorageProperties.Permission.FULL_CONTROL.toString());
      privateGrants.add(ownerFullControl);
      return privateGrants;
    }
Beispiel #2
0
  /**
   * Checks grants and transforms grantees into canonicalId from eucalyptus account id or email
   * address
   *
   * @param acl
   * @return
   */
  public static AccessControlList scrubAcl(AccessControlList acl) {
    AccessControlList scrubbed = new AccessControlList();
    if (acl == null || acl.getGrants() == null || acl.getGrants().size() == 0) {
      return scrubbed;
    }

    String canonicalId = null;
    Grantee grantee;
    CanonicalUser canonicalUser;
    Group group;
    String email;

    for (Grant g : acl.getGrants()) {
      grantee = g.getGrantee();
      if (grantee == null) {
        continue; // skip, no grantee
      } else {
        canonicalUser = grantee.getCanonicalUser();
        group = grantee.getGroup();
        email = grantee.getEmailAddress();
      }

      canonicalId = canonicalUser == null ? null : resolveCanonicalId(canonicalUser.getID());
      if (canonicalId == null) {
        try {
          User user = Accounts.lookupUserByEmailAddress(email);
          if (user != null && user.isAccountAdmin() && user.getAccount() != null) {
            canonicalId = user.getAccount().getCanonicalId();
          }
        } catch (AuthException authEx) {
          // no-op, we'll check the group
        }
      }
      if (canonicalId == null && group != null && !Strings.isNullOrEmpty(group.getUri())) {
        ObjectStorageProperties.S3_GROUP foundGroup = AclUtils.getGroupFromUri(group.getUri());
        if (foundGroup == null) {
          throw new NoSuchElementException("URI: " + group.getUri() + " not found in group map");
        }
        // Group URI, use as canonicalId for now.
        canonicalId = group.getUri();
      }

      if (canonicalId == null) {
        throw new NoSuchElementException("No canonicalId found for grant: " + g.toString());
      } else {
        if (grantee.getCanonicalUser() == null) {
          grantee.setCanonicalUser(new CanonicalUser(canonicalId, ""));
        } else {
          grantee.getCanonicalUser().setID(canonicalId);
        }
      }
    }

    return acl;
  }
Beispiel #3
0
    @Override
    public List<Grant> apply(OwnerIdPair ownerIds) {
      List<Grant> bucketOwnerRead = PrivateOnlyGrantBuilder.INSTANCE.apply(ownerIds);
      String canonicalId = ownerIds.getBucketOwnerCanonicalId();
      String displayName = "";
      try {
        displayName = Accounts.lookupAccountByCanonicalId(canonicalId).getName();
      } catch (AuthException e) {
        displayName = "";
      }

      Grantee bucketOwner = new Grantee();
      bucketOwner.setCanonicalUser(new CanonicalUser(canonicalId, displayName));
      Grant bucketOwnerGrant = new Grant();
      bucketOwnerGrant.setPermission(ObjectStorageProperties.Permission.READ.toString());
      bucketOwnerGrant.setGrantee(bucketOwner);
      bucketOwnerRead.add(bucketOwnerGrant);
      return bucketOwnerRead;
    }