aboutsummaryrefslogtreecommitdiff
path: root/vendor/cloud.google.com/go/storage/acl.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/cloud.google.com/go/storage/acl.go')
-rw-r--r--vendor/cloud.google.com/go/storage/acl.go335
1 files changed, 0 insertions, 335 deletions
diff --git a/vendor/cloud.google.com/go/storage/acl.go b/vendor/cloud.google.com/go/storage/acl.go
deleted file mode 100644
index 0cfc96e..0000000
--- a/vendor/cloud.google.com/go/storage/acl.go
+++ /dev/null
@@ -1,335 +0,0 @@
-// Copyright 2014 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package storage
-
-import (
- "net/http"
- "reflect"
-
- "cloud.google.com/go/internal/trace"
- "golang.org/x/net/context"
- "google.golang.org/api/googleapi"
- raw "google.golang.org/api/storage/v1"
-)
-
-// ACLRole is the level of access to grant.
-type ACLRole string
-
-const (
- RoleOwner ACLRole = "OWNER"
- RoleReader ACLRole = "READER"
- RoleWriter ACLRole = "WRITER"
-)
-
-// ACLEntity refers to a user or group.
-// They are sometimes referred to as grantees.
-//
-// It could be in the form of:
-// "user-<userId>", "user-<email>", "group-<groupId>", "group-<email>",
-// "domain-<domain>" and "project-team-<projectId>".
-//
-// Or one of the predefined constants: AllUsers, AllAuthenticatedUsers.
-type ACLEntity string
-
-const (
- AllUsers ACLEntity = "allUsers"
- AllAuthenticatedUsers ACLEntity = "allAuthenticatedUsers"
-)
-
-// ACLRule represents a grant for a role to an entity (user, group or team) for a
-// Google Cloud Storage object or bucket.
-type ACLRule struct {
- Entity ACLEntity
- EntityID string
- Role ACLRole
- Domain string
- Email string
- ProjectTeam *ProjectTeam
-}
-
-// ProjectTeam is the project team associated with the entity, if any.
-type ProjectTeam struct {
- ProjectNumber string
- Team string
-}
-
-// ACLHandle provides operations on an access control list for a Google Cloud Storage bucket or object.
-type ACLHandle struct {
- c *Client
- bucket string
- object string
- isDefault bool
- userProject string // for requester-pays buckets
-}
-
-// Delete permanently deletes the ACL entry for the given entity.
-func (a *ACLHandle) Delete(ctx context.Context, entity ACLEntity) (err error) {
- ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Delete")
- defer func() { trace.EndSpan(ctx, err) }()
-
- if a.object != "" {
- return a.objectDelete(ctx, entity)
- }
- if a.isDefault {
- return a.bucketDefaultDelete(ctx, entity)
- }
- return a.bucketDelete(ctx, entity)
-}
-
-// Set sets the role for the given entity.
-func (a *ACLHandle) Set(ctx context.Context, entity ACLEntity, role ACLRole) (err error) {
- ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Set")
- defer func() { trace.EndSpan(ctx, err) }()
-
- if a.object != "" {
- return a.objectSet(ctx, entity, role, false)
- }
- if a.isDefault {
- return a.objectSet(ctx, entity, role, true)
- }
- return a.bucketSet(ctx, entity, role)
-}
-
-// List retrieves ACL entries.
-func (a *ACLHandle) List(ctx context.Context) (rules []ACLRule, err error) {
- ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.List")
- defer func() { trace.EndSpan(ctx, err) }()
-
- if a.object != "" {
- return a.objectList(ctx)
- }
- if a.isDefault {
- return a.bucketDefaultList(ctx)
- }
- return a.bucketList(ctx)
-}
-
-func (a *ACLHandle) bucketDefaultList(ctx context.Context) ([]ACLRule, error) {
- var acls *raw.ObjectAccessControls
- var err error
- err = runWithRetry(ctx, func() error {
- req := a.c.raw.DefaultObjectAccessControls.List(a.bucket)
- a.configureCall(req, ctx)
- acls, err = req.Do()
- return err
- })
- if err != nil {
- return nil, err
- }
- return toObjectACLRules(acls.Items), nil
-}
-
-func (a *ACLHandle) bucketDefaultDelete(ctx context.Context, entity ACLEntity) error {
- return runWithRetry(ctx, func() error {
- req := a.c.raw.DefaultObjectAccessControls.Delete(a.bucket, string(entity))
- a.configureCall(req, ctx)
- return req.Do()
- })
-}
-
-func (a *ACLHandle) bucketList(ctx context.Context) ([]ACLRule, error) {
- var acls *raw.BucketAccessControls
- var err error
- err = runWithRetry(ctx, func() error {
- req := a.c.raw.BucketAccessControls.List(a.bucket)
- a.configureCall(req, ctx)
- acls, err = req.Do()
- return err
- })
- if err != nil {
- return nil, err
- }
- return toBucketACLRules(acls.Items), nil
-}
-
-func (a *ACLHandle) bucketSet(ctx context.Context, entity ACLEntity, role ACLRole) error {
- acl := &raw.BucketAccessControl{
- Bucket: a.bucket,
- Entity: string(entity),
- Role: string(role),
- }
- err := runWithRetry(ctx, func() error {
- req := a.c.raw.BucketAccessControls.Update(a.bucket, string(entity), acl)
- a.configureCall(req, ctx)
- _, err := req.Do()
- return err
- })
- if err != nil {
- return err
- }
- return nil
-}
-
-func (a *ACLHandle) bucketDelete(ctx context.Context, entity ACLEntity) error {
- return runWithRetry(ctx, func() error {
- req := a.c.raw.BucketAccessControls.Delete(a.bucket, string(entity))
- a.configureCall(req, ctx)
- return req.Do()
- })
-}
-
-func (a *ACLHandle) objectList(ctx context.Context) ([]ACLRule, error) {
- var acls *raw.ObjectAccessControls
- var err error
- err = runWithRetry(ctx, func() error {
- req := a.c.raw.ObjectAccessControls.List(a.bucket, a.object)
- a.configureCall(req, ctx)
- acls, err = req.Do()
- return err
- })
- if err != nil {
- return nil, err
- }
- return toObjectACLRules(acls.Items), nil
-}
-
-func (a *ACLHandle) objectSet(ctx context.Context, entity ACLEntity, role ACLRole, isBucketDefault bool) error {
- type setRequest interface {
- Do(opts ...googleapi.CallOption) (*raw.ObjectAccessControl, error)
- Header() http.Header
- }
-
- acl := &raw.ObjectAccessControl{
- Bucket: a.bucket,
- Entity: string(entity),
- Role: string(role),
- }
- var req setRequest
- if isBucketDefault {
- req = a.c.raw.DefaultObjectAccessControls.Update(a.bucket, string(entity), acl)
- } else {
- req = a.c.raw.ObjectAccessControls.Update(a.bucket, a.object, string(entity), acl)
- }
- a.configureCall(req, ctx)
- return runWithRetry(ctx, func() error {
- _, err := req.Do()
- return err
- })
-}
-
-func (a *ACLHandle) objectDelete(ctx context.Context, entity ACLEntity) error {
- return runWithRetry(ctx, func() error {
- req := a.c.raw.ObjectAccessControls.Delete(a.bucket, a.object, string(entity))
- a.configureCall(req, ctx)
- return req.Do()
- })
-}
-
-func (a *ACLHandle) configureCall(call interface{ Header() http.Header }, ctx context.Context) {
- vc := reflect.ValueOf(call)
- vc.MethodByName("Context").Call([]reflect.Value{reflect.ValueOf(ctx)})
- if a.userProject != "" {
- vc.MethodByName("UserProject").Call([]reflect.Value{reflect.ValueOf(a.userProject)})
- }
- setClientHeader(call.Header())
-}
-
-func toObjectACLRules(items []*raw.ObjectAccessControl) []ACLRule {
- var rs []ACLRule
- for _, item := range items {
- rs = append(rs, toObjectACLRule(item))
- }
- return rs
-}
-
-func toBucketACLRules(items []*raw.BucketAccessControl) []ACLRule {
- var rs []ACLRule
- for _, item := range items {
- rs = append(rs, toBucketACLRule(item))
- }
- return rs
-}
-
-func toObjectACLRule(a *raw.ObjectAccessControl) ACLRule {
- return ACLRule{
- Entity: ACLEntity(a.Entity),
- EntityID: a.EntityId,
- Role: ACLRole(a.Role),
- Domain: a.Domain,
- Email: a.Email,
- ProjectTeam: toObjectProjectTeam(a.ProjectTeam),
- }
-}
-
-func toBucketACLRule(a *raw.BucketAccessControl) ACLRule {
- return ACLRule{
- Entity: ACLEntity(a.Entity),
- EntityID: a.EntityId,
- Role: ACLRole(a.Role),
- Domain: a.Domain,
- Email: a.Email,
- ProjectTeam: toBucketProjectTeam(a.ProjectTeam),
- }
-}
-
-func toRawObjectACL(rules []ACLRule) []*raw.ObjectAccessControl {
- if len(rules) == 0 {
- return nil
- }
- r := make([]*raw.ObjectAccessControl, 0, len(rules))
- for _, rule := range rules {
- r = append(r, rule.toRawObjectAccessControl("")) // bucket name unnecessary
- }
- return r
-}
-
-func toRawBucketACL(rules []ACLRule) []*raw.BucketAccessControl {
- if len(rules) == 0 {
- return nil
- }
- r := make([]*raw.BucketAccessControl, 0, len(rules))
- for _, rule := range rules {
- r = append(r, rule.toRawBucketAccessControl("")) // bucket name unnecessary
- }
- return r
-}
-
-func (r ACLRule) toRawBucketAccessControl(bucket string) *raw.BucketAccessControl {
- return &raw.BucketAccessControl{
- Bucket: bucket,
- Entity: string(r.Entity),
- Role: string(r.Role),
- // The other fields are not settable.
- }
-}
-
-func (r ACLRule) toRawObjectAccessControl(bucket string) *raw.ObjectAccessControl {
- return &raw.ObjectAccessControl{
- Bucket: bucket,
- Entity: string(r.Entity),
- Role: string(r.Role),
- // The other fields are not settable.
- }
-}
-
-func toBucketProjectTeam(p *raw.BucketAccessControlProjectTeam) *ProjectTeam {
- if p == nil {
- return nil
- }
- return &ProjectTeam{
- ProjectNumber: p.ProjectNumber,
- Team: p.Team,
- }
-}
-
-func toObjectProjectTeam(p *raw.ObjectAccessControlProjectTeam) *ProjectTeam {
- if p == nil {
- return nil
- }
- return &ProjectTeam{
- ProjectNumber: p.ProjectNumber,
- Team: p.Team,
- }
-}