Class: AWSS3Client
- Inherits:
-
Object
- Object
- AWSS3Client
- Defined in:
- lib/yore/AWSS3Client.rb
Overview
although this is implemented as an instantiable object, not a singleton, the AWS gem seems to operate as a singleton, so don’t create more than one of these.
Instance Attribute Summary collapse
-
#credentials ⇒ Object
Returns the value of attribute credentials.
Instance Method Summary collapse
- #bucket(aName) ⇒ Object
- #bucket_exists?(aName) ⇒ Boolean
- #connect(aId = nil, aKey = nil) ⇒ Object
- #download(aFilename, aBucketName, aObjectName = nil) ⇒ Object
-
#ensure_backup_bucket(aBucketName, aOtherUserAttrs = nil) ⇒ Object
ensures the destination bucket exists with the right permissions for upload_backup eg.
- #ensure_clean_bucket(aName) ⇒ Object
- #get_content(aFilename, aBucketName) ⇒ Object
- #grant_bucket_permissions(aBucketName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object
- #grant_object_permissions(aBucketName, aObjectName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object
-
#initialize(aCredentials = nil) ⇒ AWSS3Client
constructor
A new instance of AWSS3Client.
- #new_backup_bucket(aBucketName, aOtherUserAttrs) ⇒ Object
-
#policy_add(aPolicy, aGranteeAttrs, aPermissions) ⇒ Object
eg.
- #put_content(aFilename, aContent, aBucketName) ⇒ Object
- #upload(aFilename, aBucketName, aObjectName = nil) ⇒ Object
-
#upload_backup(aFileName, aBucketName, aObjectName = nil) ⇒ Object
Summary: Uploads the given file to the bucket, then gives up permissions to the bucket owner Details : * intended to allow files to be uploaded to S3, but not allowing the files to be interfered with should the web server get hacked.
Constructor Details
#initialize(aCredentials = nil) ⇒ AWSS3Client
Returns a new instance of AWSS3Client.
12 13 14 15 |
# File 'lib/yore/AWSS3Client.rb', line 12 def initialize(aCredentials=nil) @credentials = aCredentials || Credentials.new() connect end |
Instance Attribute Details
#credentials ⇒ Object
Returns the value of attribute credentials.
10 11 12 |
# File 'lib/yore/AWSS3Client.rb', line 10 def credentials @credentials end |
Instance Method Details
#bucket(aName) ⇒ Object
26 27 28 |
# File 'lib/yore/AWSS3Client.rb', line 26 def bucket(aName) return AWS::S3::Bucket.find(aName) end |
#bucket_exists?(aName) ⇒ Boolean
30 31 32 33 34 35 |
# File 'lib/yore/AWSS3Client.rb', line 30 def bucket_exists?(aName) AWS::S3::Bucket.find(aName) true rescue false end |
#connect(aId = nil, aKey = nil) ⇒ Object
17 18 19 20 21 22 23 24 |
# File 'lib/yore/AWSS3Client.rb', line 17 def connect(aId=nil,aKey=nil) aId ||= @credentials[:s3_access_key_id] aKey ||= @credentials[:s3_secret_access_key] AWS::S3::Base.establish_connection!( :access_key_id => aId, :secret_access_key => aKey ) end |
#download(aFilename, aBucketName, aObjectName = nil) ⇒ Object
101 102 103 104 105 |
# File 'lib/yore/AWSS3Client.rb', line 101 def download(aFilename,aBucketName,aObjectName=nil) aObjectName ||= File.basename(aFilename) #AWS::S3::S3Object.store(aObjectName, MiscUtils.string_from_file(aFilename), aBucketName) MiscUtils.string_to_file(get_content(aObjectName,aBucketName),aFilename) end |
#ensure_backup_bucket(aBucketName, aOtherUserAttrs = nil) ⇒ Object
ensures the destination bucket exists with the right permissions for upload_backup eg. @s3client.ensure_backup_bucket(‘a_bucket’,=> ‘[email protected]’)
45 46 47 48 |
# File 'lib/yore/AWSS3Client.rb', line 45 def ensure_backup_bucket(aBucketName,aOtherUserAttrs=nil) AWS::S3::Bucket.create(aBucketName) unless bucket_exists?(aBucketName) (aBucketName,%w(WRITE READ_ACP),aOtherUserAttrs,true) if aOtherUserAttrs end |
#ensure_clean_bucket(aName) ⇒ Object
37 38 39 40 41 |
# File 'lib/yore/AWSS3Client.rb', line 37 def ensure_clean_bucket(aName) AWS::S3::Bucket.delete(aName, :force => true) if bucket_exists?(aName) AWS::S3::Bucket.create(aName) AWS::S3::Bucket.find(aName) end |
#get_content(aFilename, aBucketName) ⇒ Object
97 98 99 |
# File 'lib/yore/AWSS3Client.rb', line 97 def get_content(aFilename, aBucketName) return AWS::S3::S3Object.value(aFilename, aBucketName) end |
#grant_bucket_permissions(aBucketName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object
69 70 71 72 73 74 75 |
# File 'lib/yore/AWSS3Client.rb', line 69 def (aBucketName,aPermissions,aGranteeAttrs,aMerge = false) policy = (aMerge ? AWS::S3::Bucket.acl(aBucketName) : nil) policy = policy_add(policy,aGranteeAttrs,aPermissions) policy.owner ||= Owner.current AWS::S3::Bucket.acl(aBucketName,policy) policy end |
#grant_object_permissions(aBucketName, aObjectName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object
77 78 79 80 81 82 83 |
# File 'lib/yore/AWSS3Client.rb', line 77 def (aBucketName,aObjectName,aPermissions,aGranteeAttrs,aMerge = false) policy = (aMerge ? AWS::S3::S3Object.acl(aObjectName,aBucketName) : nil) policy = policy_add(policy,aGranteeAttrs,aPermissions) policy.owner ||= Owner.current AWS::S3::S3Object.acl(aObjectName,aBucketName,policy) #S3Object.acl('kiss.jpg', 'marcel') policy end |
#new_backup_bucket(aBucketName, aOtherUserAttrs) ⇒ Object
50 51 52 53 |
# File 'lib/yore/AWSS3Client.rb', line 50 def new_backup_bucket(aBucketName,aOtherUserAttrs) AWS::S3::Bucket.create(aBucketName) (aBucketName,%w(WRITE READ_ACP),aOtherUserAttrs,true) end |
#policy_add(aPolicy, aGranteeAttrs, aPermissions) ⇒ Object
eg. policy = policy_add(policy,=> ‘dssdfsdf’,%w(READ WRITE))
56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/yore/AWSS3Client.rb', line 56 def policy_add(aPolicy,aGranteeAttrs,aPermissions) aPolicy ||= AWS::S3::ACL::Policy.new grantee = AWS::S3::ACL::Grantee.new(aGranteeAttrs) grantee.display_name ||= 'display_name' aPermissions.each do |p| grant = AWS::S3::ACL::Grant.new grant. = p grant.grantee = grantee aPolicy.grants << grant end aPolicy end |
#put_content(aFilename, aContent, aBucketName) ⇒ Object
85 86 87 |
# File 'lib/yore/AWSS3Client.rb', line 85 def put_content(aFilename, aContent, aBucketName) AWS::S3::S3Object.store(aFilename, aContent, aBucketName) end |
#upload(aFilename, aBucketName, aObjectName = nil) ⇒ Object
89 90 91 92 93 94 95 |
# File 'lib/yore/AWSS3Client.rb', line 89 def upload(aFilename,aBucketName,aObjectName=nil) aObjectName ||= File.basename(aFileName) #AWS::S3::S3Object.store(aObjectName, MiscUtils.string_from_file(aFileName), aBucketName) content = MiscUtils.string_from_file(aFileName) put_content(aObjectName, content, aBucketName) end |
#upload_backup(aFileName, aBucketName, aObjectName = nil) ⇒ Object
Summary: Uploads the given file to the bucket, then gives up permissions to the bucket owner Details :
-
intended to allow files to be uploaded to S3, but not allowing the files to be interfered with should the web server get hacked.
In truth, S3 permissions aren’t adequate and the best we can do is that the file can’t be read, but can be written over. The user also can’t get a listing of the bucket
-
S3 won’t allow objects (or buckets) to change owner, but we do everything else ie give FULL_CONTROL,
and remove it from self, to hand control to the bucket owner
-
This requires the bucket to give WRITE & READ_ACP permissions to this user
116 117 118 119 120 121 122 123 124 125 126 |
# File 'lib/yore/AWSS3Client.rb', line 116 def upload_backup(aFileName,aBucketName,aObjectName = nil) aObjectName ||= File.basename(aFileName) AWS::S3::S3Object.store(aObjectName, MiscUtils.string_from_file(aFileName), aBucketName) bucket_owner = AWS::S3::Bucket.acl(aBucketName).owner policy = AWS::S3::S3Object.acl(aObjectName,aBucketName) policy.grants.clear policy = policy_add(policy,{'id' => bucket_owner.id, 'display_name' => bucket_owner.display_name},'FULL_CONTROL') # replace policy with full control to bucket owner, none to test_user AWS::S3::S3Object.acl(aObjectName,aBucketName,policy) end |