Class: Aws::S3::Plugins::AccessGrants::Handler Private

Inherits:
Seahorse::Client::Handler
  • Object
show all
Defined in:
lib/aws-sdk-s3/plugins/access_grants.rb

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Constant Summary collapse

PERMISSION_MAP =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future. 

{
  head_object: 'READ',
  get_object: 'READ',
  get_object_acl: 'READ',
  list_multipart_uploads: 'READ',
  list_objects_v2: 'READ',
  list_object_versions: 'READ',
  list_parts: 'READ',
  head_bucket: 'READ',
  get_object_attributes: 'READ',
  put_object: 'WRITE',
  put_object_acl: 'WRITE',
  delete_object: 'WRITE',
  abort_multipart_upload: 'WRITE',
  create_multipart_upload: 'WRITE',
  upload_part: 'WRITE',
  complete_multipart_upload: 'WRITE',
  delete_objects: 'WRITE',
  copy_object: 'READWRITE'
}.freeze

Instance Method Summary collapse

Instance Method Details

#call(context) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'lib/aws-sdk-s3/plugins/access_grants.rb', line 60

def call(context)
  provider = context.config.access_grants_credentials_provider

  if access_grants_operation?(context) &&
     !s3_express_endpoint?(context) &&
     !credentials_head_bucket_call?(provider)
    params = context[:endpoint_params]
    permission = PERMISSION_MAP[context.operation_name]

    key =
      case context.operation_name
      when :delete_objects
        delete_params = context.params[:delete]
        common_prefixes(delete_params[:objects].map { |o| o[:key] })
      when :copy_object
        source_bucket, source_key = params[:copy_source].split('/', 2)
        if params[:bucket] != source_bucket
          raise ArgumentError,
                'source and destination bucket must be the same'
        end
        common_prefixes([params[:key], source_key])
      else
        params[:key]
      end

    credentials = provider.access_grants_credentials_for(
      bucket: params[:bucket],
      key: key,
      prefix: params[:prefix],
      permission: permission
    )
    context[:sigv4_credentials] = credentials # Sign will use this
  end

  with_metric(credentials) { @handler.call(context) }
end