ChenSammi commented on a change in pull request #1701:
URL: https://github.com/apache/ozone/pull/1701#discussion_r565893240
##########
File path:
hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java
##########
@@ -353,6 +375,215 @@ public MultiDeleteResponse
multiDelete(@PathParam("bucket") String bucketName,
return result;
}
+ /**
+ * Implement acl get.
+ * <p>
+ * see: https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetBucketAcl.html
+ */
+ public S3BucketAcl getAcl(String bucketName)
+ throws OS3Exception, IOException {
+ S3BucketAcl result = new S3BucketAcl();
+ try {
+ OzoneBucket bucket = getBucket(bucketName);
+ OzoneVolume volume = getVolume();
+ S3Owner owner = new S3Owner(volume.getOwner(), volume.getOwner());
+ result.setOwner(owner);
+ // Use set to remove ACLs with different scopes(ACCESS and DEFAULT)
+ Set<Grant> grantSet = new HashSet<>();
+ // Return ACL list
+ for (OzoneAcl acl : bucket.getAcls()) {
+ List<Grant> grants = S3Acl.ozoneNativeAclToS3Acl(acl);
+ grantSet.addAll(grants);
+ }
+ ArrayList<Grant> grantList = new ArrayList<>();
+ grantList.addAll(grantSet);
+ result.setAclList(
+ new S3BucketAcl.AccessControlList(grantList));
+ return result;
+ } catch (OMException ex) {
+ if (ex.getResult() == ResultCodes.BUCKET_NOT_FOUND) {
+ throw S3ErrorTable.newError(S3ErrorTable
+ .NO_SUCH_BUCKET, bucketName);
+ } else if (ex.getResult() == ResultCodes.PERMISSION_DENIED) {
+ throw S3ErrorTable.newError(S3ErrorTable
+ .ACCESS_DENIED, bucketName);
+ } else {
+ LOG.error("Failed to get acl of Bucket " + bucketName, ex);
+ throw S3ErrorTable.newError(S3ErrorTable.INTERNAL_ERROR, bucketName);
+ }
+ }
+ }
+
+ /**
+ * Implement acl put.
+ * <p>
+ * see: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketAcl.html
+ */
+ public Response putAcl(String bucketName, HttpHeaders httpHeaders,
+ InputStream body) throws IOException, OS3Exception {
+ String grantReads = httpHeaders.getHeaderString(S3Acl.grantRead);
+ String grantWrites = httpHeaders.getHeaderString(S3Acl.grantWrite);
+ String grantReadACP = httpHeaders.getHeaderString(S3Acl.grantReadACP);
+ String grantWriteACP = httpHeaders.getHeaderString(S3Acl.grantWriteACP);
+ String grantFull = httpHeaders.getHeaderString(S3Acl.grantFullControl);
+
+ try {
+ OzoneBucket bucket = getBucket(bucketName);
+ OzoneVolume volume = getVolume();
+
+ List<OzoneAcl> ozoneAclListOnBucket = new ArrayList<>();
+ List<OzoneAcl> ozoneAclListOnVolume = new ArrayList<>();
+
+ if (grantReads == null && grantWrites == null && grantReadACP == null
+ && grantWriteACP == null && grantFull == null) {
+ S3BucketAcl putBucketAclRequest =
+ new PutBucketAclRequestUnmarshaller().readFrom(
+ null, null, null, null, null, body);
+ // Handle grants in body
+ ozoneAclListOnBucket.addAll(
+ S3Acl.s3AclToOzoneNativeAclOnBucket(putBucketAclRequest));
+ ozoneAclListOnVolume.addAll(
+ S3Acl.s3AclToOzoneNativeAclOnVolume(putBucketAclRequest));
+ } else {
+
+ // Handle grants in headers
+ if (grantReads != null) {
+ ozoneAclListOnBucket.addAll(getAndConvertAclOnBucket(grantReads,
+ S3Acl.ACLType.READ.getValue()));
+ ozoneAclListOnVolume.addAll(getAndConvertAclOnVolume(grantReads,
+ S3Acl.ACLType.READ.getValue()));
+ }
+ if (grantWrites != null) {
+ ozoneAclListOnBucket.addAll(getAndConvertAclOnBucket(grantWrites,
+ S3Acl.ACLType.WRITE.getValue()));
+ ozoneAclListOnVolume.addAll(getAndConvertAclOnVolume(grantWrites,
+ S3Acl.ACLType.WRITE.getValue()));
+ }
+ if (grantReadACP != null) {
+ ozoneAclListOnBucket.addAll(getAndConvertAclOnBucket(grantReadACP,
+ S3Acl.ACLType.READ_ACP.getValue()));
+ ozoneAclListOnVolume.addAll(getAndConvertAclOnVolume(grantReadACP,
+ S3Acl.ACLType.READ_ACP.getValue()));
+ }
+ if (grantWriteACP != null) {
+ ozoneAclListOnBucket.addAll(getAndConvertAclOnBucket(grantWriteACP,
+ S3Acl.ACLType.WRITE_ACP.getValue()));
+ ozoneAclListOnVolume.addAll(getAndConvertAclOnVolume(grantWriteACP,
+ S3Acl.ACLType.WRITE_ACP.getValue()));
+ }
+ if (grantFull != null) {
+ ozoneAclListOnBucket.addAll(getAndConvertAclOnBucket(grantFull,
+ S3Acl.ACLType.FULL_CONTROL.getValue()));
+ ozoneAclListOnVolume.addAll(getAndConvertAclOnVolume(grantFull,
+ S3Acl.ACLType.FULL_CONTROL.getValue()));
+ }
+ }
+
+ List<OzoneAcl> oldBucketAcls = bucket.getAcls();
+ List<OzoneAcl> oldVolumeAcls =
+ S3Acl.getVolumeAclFromBucketAcl(oldBucketAcls);
+
+ // Add new ACLs
+ for (OzoneAcl addAcl : ozoneAclListOnBucket) {
+ bucket.addAcl(addAcl);
Review comment:
Good point. Currently setAcl is not exposed in OzoneBucket and
OzoneVolume, I will add it first.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
