b8a2592719
Bumps the go-deps group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.41.0` | `1.42.0` | | [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.5.2` | `1.6.0` | | [github.com/Azure/go-autorest/autorest/azure/auth](https://github.com/Azure/go-autorest) | `0.5.12` | `0.5.13` | | [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | `1.3.2` | `1.4.0` | | [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) | `1.53.6` | `1.54.2` | | [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) | `0.27.0` | `0.28.1` | | [github.com/gophercloud/gophercloud](https://github.com/gophercloud/gophercloud) | `1.11.0` | `1.12.0` | | [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) | `0.7.6` | `0.7.7` | | [github.com/openshift-online/ocm-sdk-go](https://github.com/openshift-online/ocm-sdk-go) | `0.1.420` | `0.1.425` | | [github.com/osbuild/images](https://github.com/osbuild/images) | `0.65.0` | `0.66.0` | | [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.8.0` | `1.8.1` | | [github.com/vmware/govmomi](https://github.com/vmware/govmomi) | `0.37.2` | `0.37.3` | Updates `cloud.google.com/go/storage` from 1.41.0 to 1.42.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.41.0...spanner/v1.42.0) Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.5.2 to 1.6.0 - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/release.md) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/internal/v1.5.2...sdk/azcore/v1.6.0) Updates `github.com/Azure/go-autorest/autorest/azure/auth` from 0.5.12 to 0.5.13 - [Release notes](https://github.com/Azure/go-autorest/releases) - [Changelog](https://github.com/Azure/go-autorest/blob/main/CHANGELOG.md) - [Commits](https://github.com/Azure/go-autorest/compare/autorest/azure/auth/v0.5.12...autorest/azure/auth/v0.5.13) Updates `github.com/BurntSushi/toml` from 1.3.2 to 1.4.0 - [Release notes](https://github.com/BurntSushi/toml/releases) - [Commits](https://github.com/BurntSushi/toml/compare/v1.3.2...v1.4.0) Updates `github.com/aws/aws-sdk-go` from 1.53.6 to 1.54.2 - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.53.6...v1.54.2) Updates `github.com/getsentry/sentry-go` from 0.27.0 to 0.28.1 - [Release notes](https://github.com/getsentry/sentry-go/releases) - [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-go/compare/v0.27.0...v0.28.1) Updates `github.com/gophercloud/gophercloud` from 1.11.0 to 1.12.0 - [Release notes](https://github.com/gophercloud/gophercloud/releases) - [Changelog](https://github.com/gophercloud/gophercloud/blob/master/CHANGELOG.md) - [Commits](https://github.com/gophercloud/gophercloud/compare/v1.11.0...v1.12.0) Updates `github.com/hashicorp/go-retryablehttp` from 0.7.6 to 0.7.7 - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.6...v0.7.7) Updates `github.com/openshift-online/ocm-sdk-go` from 0.1.420 to 0.1.425 - [Release notes](https://github.com/openshift-online/ocm-sdk-go/releases) - [Changelog](https://github.com/openshift-online/ocm-sdk-go/blob/main/CHANGES.md) - [Commits](https://github.com/openshift-online/ocm-sdk-go/compare/v0.1.420...v0.1.425) Updates `github.com/osbuild/images` from 0.65.0 to 0.66.0 - [Release notes](https://github.com/osbuild/images/releases) - [Commits](https://github.com/osbuild/images/compare/v0.65.0...v0.66.0) Updates `github.com/spf13/cobra` from 1.8.0 to 1.8.1 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1) Updates `github.com/vmware/govmomi` from 0.37.2 to 0.37.3 - [Release notes](https://github.com/vmware/govmomi/releases) - [Changelog](https://github.com/vmware/govmomi/blob/main/CHANGELOG.md) - [Commits](https://github.com/vmware/govmomi/compare/v0.37.2...v0.37.3) Updates `golang.org/x/oauth2` from 0.20.0 to 0.21.0 - [Commits](https://github.com/golang/oauth2/compare/v0.20.0...v0.21.0) Updates `golang.org/x/sys` from 0.20.0 to 0.21.0 - [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0) Updates `google.golang.org/api` from 0.181.0 to 0.183.0 - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.181.0...v0.183.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/storage dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/Azure/go-autorest/autorest/azure/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/BurntSushi/toml dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/getsentry/sentry-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/gophercloud/gophercloud dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/openshift-online/ocm-sdk-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/osbuild/images dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: github.com/vmware/govmomi dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-deps - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] <support@github.com>
345 lines
9.6 KiB
Go
345 lines
9.6 KiB
Go
// Copyright 2014 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package storage
|
|
|
|
import (
|
|
"context"
|
|
|
|
"cloud.google.com/go/internal/trace"
|
|
"cloud.google.com/go/storage/internal/apiv2/storagepb"
|
|
raw "google.golang.org/api/storage/v1"
|
|
)
|
|
|
|
// ACLRole is the level of access to grant.
|
|
type ACLRole string
|
|
|
|
const (
|
|
RoleOwner ACLRole = "OWNER"
|
|
RoleReader ACLRole = "READER"
|
|
RoleWriter ACLRole = "WRITER"
|
|
)
|
|
|
|
// ACLEntity refers to a user or group.
|
|
// They are sometimes referred to as grantees.
|
|
//
|
|
// It could be in the form of:
|
|
// "user-<userId>", "user-<email>", "group-<groupId>", "group-<email>",
|
|
// "domain-<domain>" and "project-team-<projectId>".
|
|
//
|
|
// Or one of the predefined constants: AllUsers, AllAuthenticatedUsers.
|
|
type ACLEntity string
|
|
|
|
const (
|
|
AllUsers ACLEntity = "allUsers"
|
|
AllAuthenticatedUsers ACLEntity = "allAuthenticatedUsers"
|
|
)
|
|
|
|
// ACLRule represents a grant for a role to an entity (user, group or team) for a
|
|
// Google Cloud Storage object or bucket.
|
|
type ACLRule struct {
|
|
Entity ACLEntity
|
|
EntityID string
|
|
Role ACLRole
|
|
Domain string
|
|
Email string
|
|
ProjectTeam *ProjectTeam
|
|
}
|
|
|
|
// ProjectTeam is the project team associated with the entity, if any.
|
|
type ProjectTeam struct {
|
|
ProjectNumber string
|
|
Team string
|
|
}
|
|
|
|
// ACLHandle provides operations on an access control list for a Google Cloud Storage bucket or object.
|
|
// ACLHandle on an object operates on the latest generation of that object by default.
|
|
// Selecting a specific generation of an object is not currently supported by the client.
|
|
type ACLHandle struct {
|
|
c *Client
|
|
bucket string
|
|
object string
|
|
isDefault bool
|
|
userProject string // for requester-pays buckets
|
|
retry *retryConfig
|
|
}
|
|
|
|
// Delete permanently deletes the ACL entry for the given entity.
|
|
func (a *ACLHandle) Delete(ctx context.Context, entity ACLEntity) (err error) {
|
|
ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Delete")
|
|
defer func() { trace.EndSpan(ctx, err) }()
|
|
|
|
if a.object != "" {
|
|
return a.objectDelete(ctx, entity)
|
|
}
|
|
if a.isDefault {
|
|
return a.bucketDefaultDelete(ctx, entity)
|
|
}
|
|
return a.bucketDelete(ctx, entity)
|
|
}
|
|
|
|
// Set sets the role for the given entity.
|
|
func (a *ACLHandle) Set(ctx context.Context, entity ACLEntity, role ACLRole) (err error) {
|
|
ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Set")
|
|
defer func() { trace.EndSpan(ctx, err) }()
|
|
|
|
if a.object != "" {
|
|
return a.objectSet(ctx, entity, role, false)
|
|
}
|
|
if a.isDefault {
|
|
return a.objectSet(ctx, entity, role, true)
|
|
}
|
|
return a.bucketSet(ctx, entity, role)
|
|
}
|
|
|
|
// List retrieves ACL entries.
|
|
func (a *ACLHandle) List(ctx context.Context) (rules []ACLRule, err error) {
|
|
ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.List")
|
|
defer func() { trace.EndSpan(ctx, err) }()
|
|
|
|
if a.object != "" {
|
|
return a.objectList(ctx)
|
|
}
|
|
if a.isDefault {
|
|
return a.bucketDefaultList(ctx)
|
|
}
|
|
return a.bucketList(ctx)
|
|
}
|
|
|
|
func (a *ACLHandle) bucketDefaultList(ctx context.Context) ([]ACLRule, error) {
|
|
opts := makeStorageOpts(true, a.retry, a.userProject)
|
|
return a.c.tc.ListDefaultObjectACLs(ctx, a.bucket, opts...)
|
|
}
|
|
|
|
func (a *ACLHandle) bucketDefaultDelete(ctx context.Context, entity ACLEntity) error {
|
|
opts := makeStorageOpts(false, a.retry, a.userProject)
|
|
return a.c.tc.DeleteDefaultObjectACL(ctx, a.bucket, entity, opts...)
|
|
}
|
|
|
|
func (a *ACLHandle) bucketList(ctx context.Context) ([]ACLRule, error) {
|
|
opts := makeStorageOpts(true, a.retry, a.userProject)
|
|
return a.c.tc.ListBucketACLs(ctx, a.bucket, opts...)
|
|
}
|
|
|
|
func (a *ACLHandle) bucketSet(ctx context.Context, entity ACLEntity, role ACLRole) error {
|
|
opts := makeStorageOpts(false, a.retry, a.userProject)
|
|
return a.c.tc.UpdateBucketACL(ctx, a.bucket, entity, role, opts...)
|
|
}
|
|
|
|
func (a *ACLHandle) bucketDelete(ctx context.Context, entity ACLEntity) error {
|
|
opts := makeStorageOpts(false, a.retry, a.userProject)
|
|
return a.c.tc.DeleteBucketACL(ctx, a.bucket, entity, opts...)
|
|
}
|
|
|
|
func (a *ACLHandle) objectList(ctx context.Context) ([]ACLRule, error) {
|
|
opts := makeStorageOpts(true, a.retry, a.userProject)
|
|
return a.c.tc.ListObjectACLs(ctx, a.bucket, a.object, opts...)
|
|
}
|
|
|
|
func (a *ACLHandle) objectSet(ctx context.Context, entity ACLEntity, role ACLRole, isBucketDefault bool) error {
|
|
opts := makeStorageOpts(false, a.retry, a.userProject)
|
|
if isBucketDefault {
|
|
return a.c.tc.UpdateDefaultObjectACL(ctx, a.bucket, entity, role, opts...)
|
|
}
|
|
return a.c.tc.UpdateObjectACL(ctx, a.bucket, a.object, entity, role, opts...)
|
|
}
|
|
|
|
func (a *ACLHandle) objectDelete(ctx context.Context, entity ACLEntity) error {
|
|
opts := makeStorageOpts(false, a.retry, a.userProject)
|
|
return a.c.tc.DeleteObjectACL(ctx, a.bucket, a.object, entity, opts...)
|
|
}
|
|
|
|
func toObjectACLRules(items []*raw.ObjectAccessControl) []ACLRule {
|
|
var rs []ACLRule
|
|
for _, item := range items {
|
|
rs = append(rs, toObjectACLRule(item))
|
|
}
|
|
return rs
|
|
}
|
|
|
|
func toObjectACLRulesFromProto(items []*storagepb.ObjectAccessControl) []ACLRule {
|
|
var rs []ACLRule
|
|
for _, item := range items {
|
|
rs = append(rs, toObjectACLRuleFromProto(item))
|
|
}
|
|
return rs
|
|
}
|
|
|
|
func toBucketACLRules(items []*raw.BucketAccessControl) []ACLRule {
|
|
var rs []ACLRule
|
|
for _, item := range items {
|
|
rs = append(rs, toBucketACLRule(item))
|
|
}
|
|
return rs
|
|
}
|
|
|
|
func toBucketACLRulesFromProto(items []*storagepb.BucketAccessControl) []ACLRule {
|
|
var rs []ACLRule
|
|
for _, item := range items {
|
|
rs = append(rs, toBucketACLRuleFromProto(item))
|
|
}
|
|
return rs
|
|
}
|
|
|
|
func toObjectACLRule(a *raw.ObjectAccessControl) ACLRule {
|
|
return ACLRule{
|
|
Entity: ACLEntity(a.Entity),
|
|
EntityID: a.EntityId,
|
|
Role: ACLRole(a.Role),
|
|
Domain: a.Domain,
|
|
Email: a.Email,
|
|
ProjectTeam: toObjectProjectTeam(a.ProjectTeam),
|
|
}
|
|
}
|
|
|
|
func toObjectACLRuleFromProto(a *storagepb.ObjectAccessControl) ACLRule {
|
|
return ACLRule{
|
|
Entity: ACLEntity(a.GetEntity()),
|
|
EntityID: a.GetEntityId(),
|
|
Role: ACLRole(a.GetRole()),
|
|
Domain: a.GetDomain(),
|
|
Email: a.GetEmail(),
|
|
ProjectTeam: toProjectTeamFromProto(a.GetProjectTeam()),
|
|
}
|
|
}
|
|
|
|
func toBucketACLRule(a *raw.BucketAccessControl) ACLRule {
|
|
return ACLRule{
|
|
Entity: ACLEntity(a.Entity),
|
|
EntityID: a.EntityId,
|
|
Role: ACLRole(a.Role),
|
|
Domain: a.Domain,
|
|
Email: a.Email,
|
|
ProjectTeam: toBucketProjectTeam(a.ProjectTeam),
|
|
}
|
|
}
|
|
|
|
func toBucketACLRuleFromProto(a *storagepb.BucketAccessControl) ACLRule {
|
|
return ACLRule{
|
|
Entity: ACLEntity(a.GetEntity()),
|
|
EntityID: a.GetEntityId(),
|
|
Role: ACLRole(a.GetRole()),
|
|
Domain: a.GetDomain(),
|
|
Email: a.GetEmail(),
|
|
ProjectTeam: toProjectTeamFromProto(a.GetProjectTeam()),
|
|
}
|
|
}
|
|
|
|
func toRawObjectACL(rules []ACLRule) []*raw.ObjectAccessControl {
|
|
if len(rules) == 0 {
|
|
return nil
|
|
}
|
|
r := make([]*raw.ObjectAccessControl, 0, len(rules))
|
|
for _, rule := range rules {
|
|
r = append(r, rule.toRawObjectAccessControl("")) // bucket name unnecessary
|
|
}
|
|
return r
|
|
}
|
|
|
|
func toProtoObjectACL(rules []ACLRule) []*storagepb.ObjectAccessControl {
|
|
if len(rules) == 0 {
|
|
return nil
|
|
}
|
|
r := make([]*storagepb.ObjectAccessControl, 0, len(rules))
|
|
for _, rule := range rules {
|
|
r = append(r, rule.toProtoObjectAccessControl("")) // bucket name unnecessary
|
|
}
|
|
return r
|
|
}
|
|
|
|
func toRawBucketACL(rules []ACLRule) []*raw.BucketAccessControl {
|
|
if len(rules) == 0 {
|
|
return nil
|
|
}
|
|
r := make([]*raw.BucketAccessControl, 0, len(rules))
|
|
for _, rule := range rules {
|
|
r = append(r, rule.toRawBucketAccessControl("")) // bucket name unnecessary
|
|
}
|
|
return r
|
|
}
|
|
|
|
func toProtoBucketACL(rules []ACLRule) []*storagepb.BucketAccessControl {
|
|
if len(rules) == 0 {
|
|
return nil
|
|
}
|
|
r := make([]*storagepb.BucketAccessControl, 0, len(rules))
|
|
for _, rule := range rules {
|
|
r = append(r, rule.toProtoBucketAccessControl())
|
|
}
|
|
return r
|
|
}
|
|
|
|
func (r ACLRule) toRawBucketAccessControl(bucket string) *raw.BucketAccessControl {
|
|
return &raw.BucketAccessControl{
|
|
Bucket: bucket,
|
|
Entity: string(r.Entity),
|
|
Role: string(r.Role),
|
|
// The other fields are not settable.
|
|
}
|
|
}
|
|
|
|
func (r ACLRule) toRawObjectAccessControl(bucket string) *raw.ObjectAccessControl {
|
|
return &raw.ObjectAccessControl{
|
|
Bucket: bucket,
|
|
Entity: string(r.Entity),
|
|
Role: string(r.Role),
|
|
// The other fields are not settable.
|
|
}
|
|
}
|
|
|
|
func (r ACLRule) toProtoObjectAccessControl(bucket string) *storagepb.ObjectAccessControl {
|
|
return &storagepb.ObjectAccessControl{
|
|
Entity: string(r.Entity),
|
|
Role: string(r.Role),
|
|
// The other fields are not settable.
|
|
}
|
|
}
|
|
|
|
func (r ACLRule) toProtoBucketAccessControl() *storagepb.BucketAccessControl {
|
|
return &storagepb.BucketAccessControl{
|
|
Entity: string(r.Entity),
|
|
Role: string(r.Role),
|
|
// The other fields are not settable.
|
|
}
|
|
}
|
|
|
|
func toBucketProjectTeam(p *raw.BucketAccessControlProjectTeam) *ProjectTeam {
|
|
if p == nil {
|
|
return nil
|
|
}
|
|
return &ProjectTeam{
|
|
ProjectNumber: p.ProjectNumber,
|
|
Team: p.Team,
|
|
}
|
|
}
|
|
|
|
func toProjectTeamFromProto(p *storagepb.ProjectTeam) *ProjectTeam {
|
|
if p == nil {
|
|
return nil
|
|
}
|
|
return &ProjectTeam{
|
|
ProjectNumber: p.GetProjectNumber(),
|
|
Team: p.GetTeam(),
|
|
}
|
|
}
|
|
|
|
func toObjectProjectTeam(p *raw.ObjectAccessControlProjectTeam) *ProjectTeam {
|
|
if p == nil {
|
|
return nil
|
|
}
|
|
return &ProjectTeam{
|
|
ProjectNumber: p.ProjectNumber,
|
|
Team: p.Team,
|
|
}
|
|
}
|