Class: AWSS3Client

Inherits:

Object

• Object
• AWSS3Client

Defined in:

lib/yore/AWSS3Client.rb

Overview

although this is implemented as an instantiable object, not a singleton, the AWS gem seems to operate as a singleton, so don’t create more than one of these.

Instance Attribute Summary

• #credentials ⇒ Object

  Returns the value of attribute credentials.

Instance Method Summary

• #bucket(aName) ⇒ Object
• #bucket_exists?(aName) ⇒ Boolean
• #connect(aId = nil, aKey = nil) ⇒ Object
• #download(aFilename, aBucketName, aObjectName = nil) ⇒ Object

  should replace string_to_file with file object.

• #ensure_backup_bucket(aBucketName, aOtherUserAttrs = nil) ⇒ Object

  ensures the destination bucket exists with the right permissions for upload_backup eg.

• #ensure_clean_bucket(aName) ⇒ Object
• #get_content(aFilename, aBucketName) ⇒ Object
• #grant_bucket_permissions(aBucketName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object
• #grant_object_permissions(aBucketName, aObjectName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object
• #initialize(aCredentials = nil) ⇒ AWSS3Client constructor

  A new instance of AWSS3Client.

• #new_backup_bucket(aBucketName, aOtherUserAttrs) ⇒ Object
• #policy_add(aPolicy, aGranteeAttrs, aPermissions) ⇒ Object

  eg.

• #put_content(aFilename, aContent, aBucketName) ⇒ Object

  aContent can be a String or File eg.

• #upload(aFilename, aBucketName, aObjectName = nil) ⇒ Object
• #upload_backup(aFileName, aBucketName, aObjectName = nil) ⇒ Object

  Summary: Uploads the given file to the bucket, then gives up permissions to the bucket owner Details : * intended to allow files to be uploaded to S3, but not allowing the files to be interfered with should the web server get hacked.

Constructor Details

#initialize(aCredentials = nil) ⇒ AWSS3Client

Returns a new instance of AWSS3Client.

# File 'lib/yore/AWSS3Client.rb', line 12

def initialize(aCredentials=nil)
	@credentials = aCredentials || Credentials.new()
	connect
end

Instance Attribute Details

#credentials ⇒ Object

Returns the value of attribute credentials.

# File 'lib/yore/AWSS3Client.rb', line 10

def credentials
  @credentials
end

Instance Method Details

#bucket(aName) ⇒ Object

# File 'lib/yore/AWSS3Client.rb', line 26

def bucket(aName)
	return AWS::S3::Bucket.find(aName)
end

#bucket_exists?(aName) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/yore/AWSS3Client.rb', line 30

def bucket_exists?(aName)	
	AWS::S3::Bucket.find(aName)
	true
rescue
	false	
end

#connect(aId = nil, aKey = nil) ⇒ Object

# File 'lib/yore/AWSS3Client.rb', line 17

def connect(aId=nil,aKey=nil)
	aId ||= @credentials[:s3_access_key_id]
	aKey ||= @credentials[:s3_secret_access_key]
	AWS::S3::Base.establish_connection!(
		:access_key_id     => aId,
		:secret_access_key => aKey
	)
end

#download(aFilename, aBucketName, aObjectName = nil) ⇒ Object

should replace string_to_file with file object

# File 'lib/yore/AWSS3Client.rb', line 103

def download(aFilename,aBucketName,aObjectName=nil)
	aObjectName ||= File.basename(aFilename)
	#AWS::S3::S3Object.store(aObjectName, MiscUtils.string_from_file(aFilename), aBucketName)
	MiscUtils.string_to_file(get_content(aObjectName,aBucketName),aFilename)
end

#ensure_backup_bucket(aBucketName, aOtherUserAttrs = nil) ⇒ Object

ensures the destination bucket exists with the right permissions for upload_backup eg. @s3client.ensure_backup_bucket(‘a_bucket’,=> ‘user@domain.com’)

# File 'lib/yore/AWSS3Client.rb', line 45

def ensure_backup_bucket(aBucketName,aOtherUserAttrs=nil)
	AWS::S3::Bucket.create(aBucketName) unless bucket_exists?(aBucketName)
	grant_bucket_permissions(aBucketName,%w(WRITE READ_ACP),aOtherUserAttrs,true) if aOtherUserAttrs
end

#ensure_clean_bucket(aName) ⇒ Object

# File 'lib/yore/AWSS3Client.rb', line 37

def ensure_clean_bucket(aName)
	AWS::S3::Bucket.delete(aName, :force => true) if bucket_exists?(aName)
	AWS::S3::Bucket.create(aName)
	AWS::S3::Bucket.find(aName)
end

#get_content(aFilename, aBucketName) ⇒ Object

# File 'lib/yore/AWSS3Client.rb', line 98

def get_content(aFilename, aBucketName)	
	return AWS::S3::S3Object.value(aFilename, aBucketName)
end

#grant_bucket_permissions(aBucketName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object

# File 'lib/yore/AWSS3Client.rb', line 69

def grant_bucket_permissions(aBucketName,aPermissions,aGranteeAttrs,aMerge = false)
	policy = (aMerge ? AWS::S3::Bucket.acl(aBucketName) : nil)
	policy = policy_add(policy,aGranteeAttrs,aPermissions)
	policy.owner ||= Owner.current
	AWS::S3::Bucket.acl(aBucketName,policy)
	policy
end

#grant_object_permissions(aBucketName, aObjectName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object

# File 'lib/yore/AWSS3Client.rb', line 77

def grant_object_permissions(aBucketName,aObjectName,aPermissions,aGranteeAttrs,aMerge = false)
	policy = (aMerge ? AWS::S3::S3Object.acl(aObjectName,aBucketName) : nil)
	policy = policy_add(policy,aGranteeAttrs,aPermissions)
	policy.owner ||= Owner.current
	AWS::S3::S3Object.acl(aObjectName,aBucketName,policy)  #S3Object.acl('kiss.jpg', 'marcel')
	policy
end

#new_backup_bucket(aBucketName, aOtherUserAttrs) ⇒ Object

# File 'lib/yore/AWSS3Client.rb', line 50

def new_backup_bucket(aBucketName,aOtherUserAttrs)
	AWS::S3::Bucket.create(aBucketName)
	grant_bucket_permissions(aBucketName,%w(WRITE READ_ACP),aOtherUserAttrs,true)
end

#policy_add(aPolicy, aGranteeAttrs, aPermissions) ⇒ Object

eg. policy = policy_add(policy,=> ‘dssdfsdf’,%w(READ WRITE))

# File 'lib/yore/AWSS3Client.rb', line 56

def policy_add(aPolicy,aGranteeAttrs,aPermissions)
	aPolicy ||= AWS::S3::ACL::Policy.new
	grantee = AWS::S3::ACL::Grantee.new(aGranteeAttrs)
	grantee.display_name ||= 'display_name'
	aPermissions.each do |p|
		grant = AWS::S3::ACL::Grant.new
		grant.permission = p
		grant.grantee = grantee
		aPolicy.grants << grant
	end
	aPolicy
end

#put_content(aFilename, aContent, aBucketName) ⇒ Object

aContent can be a String or File eg. ‘something’ or open(‘file.txt’)

# File 'lib/yore/AWSS3Client.rb', line 86

def put_content(aFilename, aContent, aBucketName)
	AWS::S3::S3Object.store(aFilename, aContent, aBucketName)
end

#upload(aFilename, aBucketName, aObjectName = nil) ⇒ Object

# File 'lib/yore/AWSS3Client.rb', line 90

def upload(aFilename,aBucketName,aObjectName=nil)
	aObjectName ||= File.basename(aFileName)
	#AWS::S3::S3Object.store(aObjectName, MiscUtils.string_from_file(aFileName), aBucketName)
	#content = MiscUtils.string_from_file(aFileName)

	put_content(aObjectName, open(aFilename), aBucketName)
end

#upload_backup(aFileName, aBucketName, aObjectName = nil) ⇒ Object

Summary: Uploads the given file to the bucket, then gives up permissions to the bucket owner Details :

• intended to allow files to be uploaded to S3, but not allowing the files to be interfered with should the web server get hacked.

In truth, S3 permissions aren’t adequate and the best we can do is that the file can’t be read, but can be written over. The user also can’t get a listing of the bucket

• S3 won’t allow objects (or buckets) to change owner, but we do everything else ie give FULL_CONTROL,

and remove it from self, to hand control to the bucket owner

• This requires the bucket to give WRITE & READ_ACP permissions to this user

# File 'lib/yore/AWSS3Client.rb', line 118

def upload_backup(aFileName,aBucketName,aObjectName = nil)
	aObjectName ||= File.basename(aFileName)
	AWS::S3::S3Object.store(aObjectName, open(aFileName), aBucketName)
	bucket_owner = AWS::S3::Bucket.acl(aBucketName).owner
	policy = AWS::S3::S3Object.acl(aObjectName,aBucketName)
	policy.grants.clear
	policy = policy_add(policy,{'id' => bucket_owner.id, 'display_name' => bucket_owner.display_name},'FULL_CONTROL')

	# replace policy with full control to bucket owner, none to test_user
		AWS::S3::S3Object.acl(aObjectName,aBucketName,policy)
end