aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/cloud.google.com/go/storage/acl.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/cloud.google.com/go/storage/acl.go')
-rw-r--r--vendor/cloud.google.com/go/storage/acl.go335
1 files changed, 335 insertions, 0 deletions
diff --git a/vendor/cloud.google.com/go/storage/acl.go b/vendor/cloud.google.com/go/storage/acl.go
new file mode 100644
index 000000000..7855d110a
--- /dev/null
+++ b/vendor/cloud.google.com/go/storage/acl.go
@@ -0,0 +1,335 @@
+// Copyright 2014 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package storage
+
+import (
+ "context"
+ "net/http"
+ "reflect"
+
+ "cloud.google.com/go/internal/trace"
+ "google.golang.org/api/googleapi"
+ raw "google.golang.org/api/storage/v1"
+)
+
+// ACLRole is the level of access to grant.
+type ACLRole string
+
+const (
+ RoleOwner ACLRole = "OWNER"
+ RoleReader ACLRole = "READER"
+ RoleWriter ACLRole = "WRITER"
+)
+
+// ACLEntity refers to a user or group.
+// They are sometimes referred to as grantees.
+//
+// It could be in the form of:
+// "user-<userId>", "user-<email>", "group-<groupId>", "group-<email>",
+// "domain-<domain>" and "project-team-<projectId>".
+//
+// Or one of the predefined constants: AllUsers, AllAuthenticatedUsers.
+type ACLEntity string
+
+const (
+ AllUsers ACLEntity = "allUsers"
+ AllAuthenticatedUsers ACLEntity = "allAuthenticatedUsers"
+)
+
+// ACLRule represents a grant for a role to an entity (user, group or team) for a
+// Google Cloud Storage object or bucket.
+type ACLRule struct {
+ Entity ACLEntity
+ EntityID string
+ Role ACLRole
+ Domain string
+ Email string
+ ProjectTeam *ProjectTeam
+}
+
+// ProjectTeam is the project team associated with the entity, if any.
+type ProjectTeam struct {
+ ProjectNumber string
+ Team string
+}
+
+// ACLHandle provides operations on an access control list for a Google Cloud Storage bucket or object.
+type ACLHandle struct {
+ c *Client
+ bucket string
+ object string
+ isDefault bool
+ userProject string // for requester-pays buckets
+}
+
+// Delete permanently deletes the ACL entry for the given entity.
+func (a *ACLHandle) Delete(ctx context.Context, entity ACLEntity) (err error) {
+ ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Delete")
+ defer func() { trace.EndSpan(ctx, err) }()
+
+ if a.object != "" {
+ return a.objectDelete(ctx, entity)
+ }
+ if a.isDefault {
+ return a.bucketDefaultDelete(ctx, entity)
+ }
+ return a.bucketDelete(ctx, entity)
+}
+
+// Set sets the role for the given entity.
+func (a *ACLHandle) Set(ctx context.Context, entity ACLEntity, role ACLRole) (err error) {
+ ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Set")
+ defer func() { trace.EndSpan(ctx, err) }()
+
+ if a.object != "" {
+ return a.objectSet(ctx, entity, role, false)
+ }
+ if a.isDefault {
+ return a.objectSet(ctx, entity, role, true)
+ }
+ return a.bucketSet(ctx, entity, role)
+}
+
+// List retrieves ACL entries.
+func (a *ACLHandle) List(ctx context.Context) (rules []ACLRule, err error) {
+ ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.List")
+ defer func() { trace.EndSpan(ctx, err) }()
+
+ if a.object != "" {
+ return a.objectList(ctx)
+ }
+ if a.isDefault {
+ return a.bucketDefaultList(ctx)
+ }
+ return a.bucketList(ctx)
+}
+
+func (a *ACLHandle) bucketDefaultList(ctx context.Context) ([]ACLRule, error) {
+ var acls *raw.ObjectAccessControls
+ var err error
+ err = runWithRetry(ctx, func() error {
+ req := a.c.raw.DefaultObjectAccessControls.List(a.bucket)
+ a.configureCall(ctx, req)
+ acls, err = req.Do()
+ return err
+ })
+ if err != nil {
+ return nil, err
+ }
+ return toObjectACLRules(acls.Items), nil
+}
+
+func (a *ACLHandle) bucketDefaultDelete(ctx context.Context, entity ACLEntity) error {
+ return runWithRetry(ctx, func() error {
+ req := a.c.raw.DefaultObjectAccessControls.Delete(a.bucket, string(entity))
+ a.configureCall(ctx, req)
+ return req.Do()
+ })
+}
+
+func (a *ACLHandle) bucketList(ctx context.Context) ([]ACLRule, error) {
+ var acls *raw.BucketAccessControls
+ var err error
+ err = runWithRetry(ctx, func() error {
+ req := a.c.raw.BucketAccessControls.List(a.bucket)
+ a.configureCall(ctx, req)
+ acls, err = req.Do()
+ return err
+ })
+ if err != nil {
+ return nil, err
+ }
+ return toBucketACLRules(acls.Items), nil
+}
+
+func (a *ACLHandle) bucketSet(ctx context.Context, entity ACLEntity, role ACLRole) error {
+ acl := &raw.BucketAccessControl{
+ Bucket: a.bucket,
+ Entity: string(entity),
+ Role: string(role),
+ }
+ err := runWithRetry(ctx, func() error {
+ req := a.c.raw.BucketAccessControls.Update(a.bucket, string(entity), acl)
+ a.configureCall(ctx, req)
+ _, err := req.Do()
+ return err
+ })
+ if err != nil {
+ return err
+ }
+ return nil
+}
+
+func (a *ACLHandle) bucketDelete(ctx context.Context, entity ACLEntity) error {
+ return runWithRetry(ctx, func() error {
+ req := a.c.raw.BucketAccessControls.Delete(a.bucket, string(entity))
+ a.configureCall(ctx, req)
+ return req.Do()
+ })
+}
+
+func (a *ACLHandle) objectList(ctx context.Context) ([]ACLRule, error) {
+ var acls *raw.ObjectAccessControls
+ var err error
+ err = runWithRetry(ctx, func() error {
+ req := a.c.raw.ObjectAccessControls.List(a.bucket, a.object)
+ a.configureCall(ctx, req)
+ acls, err = req.Do()
+ return err
+ })
+ if err != nil {
+ return nil, err
+ }
+ return toObjectACLRules(acls.Items), nil
+}
+
+func (a *ACLHandle) objectSet(ctx context.Context, entity ACLEntity, role ACLRole, isBucketDefault bool) error {
+ type setRequest interface {
+ Do(opts ...googleapi.CallOption) (*raw.ObjectAccessControl, error)
+ Header() http.Header
+ }
+
+ acl := &raw.ObjectAccessControl{
+ Bucket: a.bucket,
+ Entity: string(entity),
+ Role: string(role),
+ }
+ var req setRequest
+ if isBucketDefault {
+ req = a.c.raw.DefaultObjectAccessControls.Update(a.bucket, string(entity), acl)
+ } else {
+ req = a.c.raw.ObjectAccessControls.Update(a.bucket, a.object, string(entity), acl)
+ }
+ a.configureCall(ctx, req)
+ return runWithRetry(ctx, func() error {
+ _, err := req.Do()
+ return err
+ })
+}
+
+func (a *ACLHandle) objectDelete(ctx context.Context, entity ACLEntity) error {
+ return runWithRetry(ctx, func() error {
+ req := a.c.raw.ObjectAccessControls.Delete(a.bucket, a.object, string(entity))
+ a.configureCall(ctx, req)
+ return req.Do()
+ })
+}
+
+func (a *ACLHandle) configureCall(ctx context.Context, call interface{ Header() http.Header }) {
+ vc := reflect.ValueOf(call)
+ vc.MethodByName("Context").Call([]reflect.Value{reflect.ValueOf(ctx)})
+ if a.userProject != "" {
+ vc.MethodByName("UserProject").Call([]reflect.Value{reflect.ValueOf(a.userProject)})
+ }
+ setClientHeader(call.Header())
+}
+
+func toObjectACLRules(items []*raw.ObjectAccessControl) []ACLRule {
+ var rs []ACLRule
+ for _, item := range items {
+ rs = append(rs, toObjectACLRule(item))
+ }
+ return rs
+}
+
+func toBucketACLRules(items []*raw.BucketAccessControl) []ACLRule {
+ var rs []ACLRule
+ for _, item := range items {
+ rs = append(rs, toBucketACLRule(item))
+ }
+ return rs
+}
+
+func toObjectACLRule(a *raw.ObjectAccessControl) ACLRule {
+ return ACLRule{
+ Entity: ACLEntity(a.Entity),
+ EntityID: a.EntityId,
+ Role: ACLRole(a.Role),
+ Domain: a.Domain,
+ Email: a.Email,
+ ProjectTeam: toObjectProjectTeam(a.ProjectTeam),
+ }
+}
+
+func toBucketACLRule(a *raw.BucketAccessControl) ACLRule {
+ return ACLRule{
+ Entity: ACLEntity(a.Entity),
+ EntityID: a.EntityId,
+ Role: ACLRole(a.Role),
+ Domain: a.Domain,
+ Email: a.Email,
+ ProjectTeam: toBucketProjectTeam(a.ProjectTeam),
+ }
+}
+
+func toRawObjectACL(rules []ACLRule) []*raw.ObjectAccessControl {
+ if len(rules) == 0 {
+ return nil
+ }
+ r := make([]*raw.ObjectAccessControl, 0, len(rules))
+ for _, rule := range rules {
+ r = append(r, rule.toRawObjectAccessControl("")) // bucket name unnecessary
+ }
+ return r
+}
+
+func toRawBucketACL(rules []ACLRule) []*raw.BucketAccessControl {
+ if len(rules) == 0 {
+ return nil
+ }
+ r := make([]*raw.BucketAccessControl, 0, len(rules))
+ for _, rule := range rules {
+ r = append(r, rule.toRawBucketAccessControl("")) // bucket name unnecessary
+ }
+ return r
+}
+
+func (r ACLRule) toRawBucketAccessControl(bucket string) *raw.BucketAccessControl {
+ return &raw.BucketAccessControl{
+ Bucket: bucket,
+ Entity: string(r.Entity),
+ Role: string(r.Role),
+ // The other fields are not settable.
+ }
+}
+
+func (r ACLRule) toRawObjectAccessControl(bucket string) *raw.ObjectAccessControl {
+ return &raw.ObjectAccessControl{
+ Bucket: bucket,
+ Entity: string(r.Entity),
+ Role: string(r.Role),
+ // The other fields are not settable.
+ }
+}
+
+func toBucketProjectTeam(p *raw.BucketAccessControlProjectTeam) *ProjectTeam {
+ if p == nil {
+ return nil
+ }
+ return &ProjectTeam{
+ ProjectNumber: p.ProjectNumber,
+ Team: p.Team,
+ }
+}
+
+func toObjectProjectTeam(p *raw.ObjectAccessControlProjectTeam) *ProjectTeam {
+ if p == nil {
+ return nil
+ }
+ return &ProjectTeam{
+ ProjectNumber: p.ProjectNumber,
+ Team: p.Team,
+ }
+}
generated by cgit (git 2.34.1) at 2024-11-14 07:51:02 +0800