1
// Copyright 2014 Google Inc. All Rights Reserved.
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
7
// http://www.apache.org/licenses/LICENSE-2.0
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
20
"golang.org/x/net/context"
21
raw "google.golang.org/api/storage/v1"
24
// ACLRole is the the access permission for the entity.
28
RoleOwner ACLRole = "OWNER"
29
RoleReader ACLRole = "READER"
32
// ACLEntity is an entity holding an ACL permission.
34
// It could be in the form of:
35
// "user-<userId>", "user-<email>","group-<groupId>", "group-<email>",
36
// "domain-<domain>" and "project-team-<projectId>".
38
// Or one of the predefined constants: AllUsers, AllAuthenticatedUsers.
42
AllUsers ACLEntity = "allUsers"
43
AllAuthenticatedUsers ACLEntity = "allAuthenticatedUsers"
46
// ACLRule represents an access control list rule entry for a Google Cloud Storage object or bucket.
47
// A bucket is a Google Cloud Storage container whose name is globally unique and contains zero or
48
// more objects. An object is a blob of data that is stored in a bucket.
50
// Entity identifies the entity holding the current rule's permissions.
53
// Role is the the access permission for the entity.
57
// DefaultACL returns the default object ACL entries for the named bucket.
58
func DefaultACL(ctx context.Context, bucket string) ([]ACLRule, error) {
59
acls, err := rawService(ctx).DefaultObjectAccessControls.List(bucket).Do()
61
return nil, fmt.Errorf("storage: error listing default object ACL for bucket %q: %v", bucket, err)
63
r := make([]ACLRule, 0, len(acls.Items))
64
for _, v := range acls.Items {
65
if m, ok := v.(map[string]interface{}); ok {
66
entity, ok1 := m["entity"].(string)
67
role, ok2 := m["role"].(string)
69
r = append(r, ACLRule{Entity: ACLEntity(entity), Role: ACLRole(role)})
76
// PutDefaultACLRule saves the named default object ACL entity with the provided role for the named bucket.
77
func PutDefaultACLRule(ctx context.Context, bucket string, entity ACLEntity, role ACLRole) error {
78
acl := &raw.ObjectAccessControl{
80
Entity: string(entity),
83
_, err := rawService(ctx).DefaultObjectAccessControls.Update(bucket, string(entity), acl).Do()
85
return fmt.Errorf("storage: error updating default ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
90
// DeleteDefaultACLRule deletes the named default ACL entity for the named bucket.
91
func DeleteDefaultACLRule(ctx context.Context, bucket string, entity ACLEntity) error {
92
err := rawService(ctx).DefaultObjectAccessControls.Delete(bucket, string(entity)).Do()
94
return fmt.Errorf("storage: error deleting default ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
99
// BucketACL returns the ACL entries for the named bucket.
100
func BucketACL(ctx context.Context, bucket string) ([]ACLRule, error) {
101
acls, err := rawService(ctx).BucketAccessControls.List(bucket).Do()
103
return nil, fmt.Errorf("storage: error listing bucket ACL for bucket %q: %v", bucket, err)
105
r := make([]ACLRule, len(acls.Items))
106
for i, v := range acls.Items {
107
r[i].Entity = ACLEntity(v.Entity)
108
r[i].Role = ACLRole(v.Role)
113
// PutBucketACLRule saves the named ACL entity with the provided role for the named bucket.
114
func PutBucketACLRule(ctx context.Context, bucket string, entity ACLEntity, role ACLRole) error {
115
acl := &raw.BucketAccessControl{
117
Entity: string(entity),
120
_, err := rawService(ctx).BucketAccessControls.Update(bucket, string(entity), acl).Do()
122
return fmt.Errorf("storage: error updating bucket ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
127
// DeleteBucketACLRule deletes the named ACL entity for the named bucket.
128
func DeleteBucketACLRule(ctx context.Context, bucket string, entity ACLEntity) error {
129
err := rawService(ctx).BucketAccessControls.Delete(bucket, string(entity)).Do()
131
return fmt.Errorf("storage: error deleting bucket ACL rule for bucket %q, entity %q: %v", bucket, entity, err)
136
// ACL returns the ACL entries for the named object.
137
func ACL(ctx context.Context, bucket, object string) ([]ACLRule, error) {
138
acls, err := rawService(ctx).ObjectAccessControls.List(bucket, object).Do()
140
return nil, fmt.Errorf("storage: error listing object ACL for bucket %q, file %q: %v", bucket, object, err)
142
r := make([]ACLRule, 0, len(acls.Items))
143
for _, v := range acls.Items {
144
if m, ok := v.(map[string]interface{}); ok {
145
entity, ok1 := m["entity"].(string)
146
role, ok2 := m["role"].(string)
148
r = append(r, ACLRule{Entity: ACLEntity(entity), Role: ACLRole(role)})
155
// PutACLRule saves the named ACL entity with the provided role for the named object.
156
func PutACLRule(ctx context.Context, bucket, object string, entity ACLEntity, role ACLRole) error {
157
acl := &raw.ObjectAccessControl{
159
Entity: string(entity),
162
_, err := rawService(ctx).ObjectAccessControls.Update(bucket, object, string(entity), acl).Do()
164
return fmt.Errorf("storage: error updating object ACL rule for bucket %q, file %q, entity %q: %v", bucket, object, entity, err)
169
// DeleteACLRule deletes the named ACL entity for the named object.
170
func DeleteACLRule(ctx context.Context, bucket, object string, entity ACLEntity) error {
171
err := rawService(ctx).ObjectAccessControls.Delete(bucket, object, string(entity)).Do()
173
return fmt.Errorf("storage: error deleting object ACL rule for bucket %q, file %q, entity %q: %v", bucket, object, entity, err)