awscloud: add option to mark S3 object as public

By setting the object's ACL to "public-read", anyone can download the object even without authenticating with AWS. The osbuild-upload-generic-s3 command got a new -public argument that uses this new feature. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
2022-08-15 15:16:09 +02:00 · 2022-08-15 15:16:09 +02:00 · 0e6c132ee6
commit 0e6c132ee6
parent 1c3fe82d1e
2 changed files with 25 additions and 0 deletions
--- a/cmd/osbuild-upload-generic-s3/main.go
+++ b/cmd/osbuild-upload-generic-s3/main.go
@ -21,6 +21,7 @@ func main() {
 	var bucketName string
 	var keyName string
 	var filename string
+	var public bool
 	flag.StringVar(&accessKeyID, "access-key-id", "", "access key ID")
 	flag.StringVar(&secretAccessKey, "secret-access-key", "", "secret access key")
 	flag.StringVar(&sessionToken, "session-token", "", "session token")
@ -31,6 +32,7 @@ func main() {
 	flag.StringVar(&bucketName, "bucket", "", "target S3 bucket name")
 	flag.StringVar(&keyName, "key", "", "target S3 key name")
 	flag.StringVar(&filename, "image", "", "image file to upload")
+	flag.BoolVar(&public, "public", false, "if set, the S3 object is marked as public (default: false)")
 	flag.Parse()

 	a, err := awscloud.NewForEndpoint(endpoint, region, accessKeyID, secretAccessKey, sessionToken, caBundle, skipSSLVerification)
@ -45,5 +47,13 @@ func main() {
 		os.Exit(1)
 	}

+	if public {
+		err := a.MarkS3ObjectAsPublic(bucketName, keyName)
+		if err != nil {
+			fmt.Println(err.Error())
+			os.Exit(1)
+		}
+	}
+
 	fmt.Printf("file uploaded to %s\n", aws.StringValue(&uploadOutput.Location))
 }