Class: AWSS3Client
- Inherits:
-
Object
- Object
- AWSS3Client
- Defined in:
- lib/yore/AWSS3Client.rb
Overview
although this is implemented as an instantiable object, not a singleton, the AWS gem seems to operate as a singleton, so don’t create more than one of these.
Instance Attribute Summary collapse
-
#credentials ⇒ Object
Returns the value of attribute credentials.
Instance Method Summary collapse
- #bucket(aName) ⇒ Object
- #bucket_exists?(aName) ⇒ Boolean
- #connect(aId = nil, aKey = nil) ⇒ Object
-
#download(aFilename, aBucketName, aObjectName = nil) ⇒ Object
should replace string_to_file with file object.
-
#ensure_backup_bucket(aBucketName, aOtherUserAttrs = nil) ⇒ Object
ensures the destination bucket exists with the right permissions for upload_backup eg.
- #ensure_clean_bucket(aName) ⇒ Object
- #get_content(aFilename, aBucketName) ⇒ Object
- #grant_bucket_permissions(aBucketName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object
- #grant_object_permissions(aBucketName, aObjectName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object
-
#initialize(aCredentials = nil) ⇒ AWSS3Client
constructor
A new instance of AWSS3Client.
- #new_backup_bucket(aBucketName, aOtherUserAttrs) ⇒ Object
-
#policy_add(aPolicy, aGranteeAttrs, aPermissions) ⇒ Object
eg.
-
#put_content(aFilename, aContent, aBucketName) ⇒ Object
aContent can be a String or File eg.
- #upload(aFilename, aBucketName, aObjectName = nil) ⇒ Object
-
#upload_backup(aFileName, aBucketName, aObjectName = nil) ⇒ Object
Summary: Uploads the given file to the bucket, then gives up permissions to the bucket owner Details : * intended to allow files to be uploaded to S3, but not allowing the files to be interfered with should the web server get hacked.
Constructor Details
#initialize(aCredentials = nil) ⇒ AWSS3Client
Returns a new instance of AWSS3Client.
12 13 14 15 |
# File 'lib/yore/AWSS3Client.rb', line 12 def initialize(aCredentials=nil) @credentials = aCredentials || Credentials.new() connect end |
Instance Attribute Details
#credentials ⇒ Object
Returns the value of attribute credentials.
10 11 12 |
# File 'lib/yore/AWSS3Client.rb', line 10 def credentials @credentials end |
Instance Method Details
#bucket(aName) ⇒ Object
26 27 28 |
# File 'lib/yore/AWSS3Client.rb', line 26 def bucket(aName) return AWS::S3::Bucket.find(aName) end |
#bucket_exists?(aName) ⇒ Boolean
30 31 32 33 34 35 |
# File 'lib/yore/AWSS3Client.rb', line 30 def bucket_exists?(aName) AWS::S3::Bucket.find(aName) true rescue false end |
#connect(aId = nil, aKey = nil) ⇒ Object
17 18 19 20 21 22 23 24 |
# File 'lib/yore/AWSS3Client.rb', line 17 def connect(aId=nil,aKey=nil) aId ||= @credentials[:s3_access_key_id] aKey ||= @credentials[:s3_secret_access_key] AWS::S3::Base.establish_connection!( :access_key_id => aId, :secret_access_key => aKey ) end |
#download(aFilename, aBucketName, aObjectName = nil) ⇒ Object
should replace string_to_file with file object
103 104 105 106 107 |
# File 'lib/yore/AWSS3Client.rb', line 103 def download(aFilename,aBucketName,aObjectName=nil) aObjectName ||= File.basename(aFilename) #AWS::S3::S3Object.store(aObjectName, MiscUtils.string_from_file(aFilename), aBucketName) MiscUtils.string_to_file(get_content(aObjectName,aBucketName),aFilename) end |
#ensure_backup_bucket(aBucketName, aOtherUserAttrs = nil) ⇒ Object
ensures the destination bucket exists with the right permissions for upload_backup eg. @s3client.ensure_backup_bucket(‘a_bucket’,=> ‘[email protected]’)
45 46 47 48 |
# File 'lib/yore/AWSS3Client.rb', line 45 def ensure_backup_bucket(aBucketName,aOtherUserAttrs=nil) AWS::S3::Bucket.create(aBucketName) unless bucket_exists?(aBucketName) (aBucketName,%w(WRITE READ_ACP),aOtherUserAttrs,true) if aOtherUserAttrs end |
#ensure_clean_bucket(aName) ⇒ Object
37 38 39 40 41 |
# File 'lib/yore/AWSS3Client.rb', line 37 def ensure_clean_bucket(aName) AWS::S3::Bucket.delete(aName, :force => true) if bucket_exists?(aName) AWS::S3::Bucket.create(aName) AWS::S3::Bucket.find(aName) end |
#get_content(aFilename, aBucketName) ⇒ Object
98 99 100 |
# File 'lib/yore/AWSS3Client.rb', line 98 def get_content(aFilename, aBucketName) return AWS::S3::S3Object.value(aFilename, aBucketName) end |
#grant_bucket_permissions(aBucketName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object
69 70 71 72 73 74 75 |
# File 'lib/yore/AWSS3Client.rb', line 69 def (aBucketName,aPermissions,aGranteeAttrs,aMerge = false) policy = (aMerge ? AWS::S3::Bucket.acl(aBucketName) : nil) policy = policy_add(policy,aGranteeAttrs,aPermissions) policy.owner ||= Owner.current AWS::S3::Bucket.acl(aBucketName,policy) policy end |
#grant_object_permissions(aBucketName, aObjectName, aPermissions, aGranteeAttrs, aMerge = false) ⇒ Object
77 78 79 80 81 82 83 |
# File 'lib/yore/AWSS3Client.rb', line 77 def (aBucketName,aObjectName,aPermissions,aGranteeAttrs,aMerge = false) policy = (aMerge ? AWS::S3::S3Object.acl(aObjectName,aBucketName) : nil) policy = policy_add(policy,aGranteeAttrs,aPermissions) policy.owner ||= Owner.current AWS::S3::S3Object.acl(aObjectName,aBucketName,policy) #S3Object.acl('kiss.jpg', 'marcel') policy end |
#new_backup_bucket(aBucketName, aOtherUserAttrs) ⇒ Object
50 51 52 53 |
# File 'lib/yore/AWSS3Client.rb', line 50 def new_backup_bucket(aBucketName,aOtherUserAttrs) AWS::S3::Bucket.create(aBucketName) (aBucketName,%w(WRITE READ_ACP),aOtherUserAttrs,true) end |
#policy_add(aPolicy, aGranteeAttrs, aPermissions) ⇒ Object
eg. policy = policy_add(policy,=> ‘dssdfsdf’,%w(READ WRITE))
56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/yore/AWSS3Client.rb', line 56 def policy_add(aPolicy,aGranteeAttrs,aPermissions) aPolicy ||= AWS::S3::ACL::Policy.new grantee = AWS::S3::ACL::Grantee.new(aGranteeAttrs) grantee.display_name ||= 'display_name' aPermissions.each do |p| grant = AWS::S3::ACL::Grant.new grant. = p grant.grantee = grantee aPolicy.grants << grant end aPolicy end |
#put_content(aFilename, aContent, aBucketName) ⇒ Object
aContent can be a String or File eg. ‘something’ or open(‘file.txt’)
86 87 88 |
# File 'lib/yore/AWSS3Client.rb', line 86 def put_content(aFilename, aContent, aBucketName) AWS::S3::S3Object.store(aFilename, aContent, aBucketName) end |
#upload(aFilename, aBucketName, aObjectName = nil) ⇒ Object
90 91 92 93 94 95 96 |
# File 'lib/yore/AWSS3Client.rb', line 90 def upload(aFilename,aBucketName,aObjectName=nil) aObjectName ||= File.basename(aFileName) #AWS::S3::S3Object.store(aObjectName, MiscUtils.string_from_file(aFileName), aBucketName) #content = MiscUtils.string_from_file(aFileName) put_content(aObjectName, open(aFilename), aBucketName) end |
#upload_backup(aFileName, aBucketName, aObjectName = nil) ⇒ Object
Summary: Uploads the given file to the bucket, then gives up permissions to the bucket owner Details :
-
intended to allow files to be uploaded to S3, but not allowing the files to be interfered with should the web server get hacked.
In truth, S3 permissions aren’t adequate and the best we can do is that the file can’t be read, but can be written over. The user also can’t get a listing of the bucket
-
S3 won’t allow objects (or buckets) to change owner, but we do everything else ie give FULL_CONTROL,
and remove it from self, to hand control to the bucket owner
-
This requires the bucket to give WRITE & READ_ACP permissions to this user
118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/yore/AWSS3Client.rb', line 118 def upload_backup(aFileName,aBucketName,aObjectName = nil) aObjectName ||= File.basename(aFileName) AWS::S3::S3Object.store(aObjectName, open(aFileName), aBucketName) bucket_owner = AWS::S3::Bucket.acl(aBucketName).owner policy = AWS::S3::S3Object.acl(aObjectName,aBucketName) policy.grants.clear policy = policy_add(policy,{'id' => bucket_owner.id, 'display_name' => bucket_owner.display_name},'FULL_CONTROL') # replace policy with full control to bucket owner, none to test_user AWS::S3::S3Object.acl(aObjectName,aBucketName,policy) end |