get_put_bucket_acl.cpp
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX - License - Identifier: Apache - 2.0 #include <iostream> #include <aws/core/Aws.h> #include <aws/s3/model/Permission.h> #include <aws/s3/model/Type.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/Owner.h> #include <aws/s3/model/Grantee.h> #include <aws/s3/model/Grant.h> #include <aws/s3/model/AccessControlPolicy.h> #include <aws/s3/model/PutBucketAclRequest.h> #include <aws/s3/model/GetBucketAclRequest.h> #include <awsdoc/s3/s3_examples.h> /* //////////////////////////////////////////////////////////////////////////// * Function: SetGranteePermission * * Purpose: Converts a human-readable string to a * built-in permission enumeration. * * Inputs: A human-readable string. * * Outputs: A related built-in permission enumeration, if one exists; * otherwise, the enumeration Aws::S3::Model::Permission::NOT_SET. * //////////////////////////////////////////////////////////////////////////// * Function: GetGranteeType * * Purpose: Converts a built-in permission enumeration to a * human-readable string. * * Inputs: A built-in permission enumeration. * * Outputs: A related human-readable string, if one exists; otherwise, * the string "Not set". * //////////////////////////////////////////////////////////////////////////// * Function: SetGranteeType * * Purpose: Converts a human-readable string to a * built-in type enumeration. * * Prerequisites: * * Inputs: A human-readable string. * * Outputs: A related built-in type enumeration, if one exists; otherwise, * the enumeration Aws::S3::Model::Type::NOT_SET. * //////////////////////////////////////////////////////////////////////////// * Function: PutBucketAcl * * Purpose: Set the access control list (ACL) for an Amazon S3 bucket. * * Prerequisites: An existing bucket. * * Inputs: * - bucketName: The name of the bucket to set the ACL for. For example, * "my-bucket". * - region: The AWS Region identifier for the bucket. For example, "us-east-1". * - ownerID: The canonical ID of the bucket owner. For example, * "b380d412791d395dbcdc1fb1728b32a7cd07edae6467220ac4b7c0769EXAMPLE". * - granteePermission: The access level to enable for the grantee. For example: * - "FULL_CONTROL": Can list objects in the bucket, create/overwrite/delete * objects in the bucket, and read/write the bucket's permissions. * - "WRITE": Can write to the bucket. * - "READ": Can list objects in the bucket. * - "WRITE_ACP": Can write the bucket's permissions. * - "READ_ACP": Can read the bucket's permissions. * - granteeType: The type of grantee. For example: * - "Amazon customer by email": A user identified by the email associated with * their AWS account. * - "Canonical user": A user identified by their canonical ID or display name. * - "Group": A built-in access group. For example, all authenticated users. * - granteeID: The canonical ID of the grantee. For example, * "51ffd418eb142601651cc9d54984604a32b51a23153b4898fd2224772EXAMPLE". * - granteeDisplayName: The display name of the grantee. For example, "janedoe". * - granteeEmailAddress: The email address associated with the grantee's AWS * account. For example, "janedoe@example.com". * - granteeURI: The URI of a built-in access group. For example, * "http://acs.amazonaws.com/groups/global/AuthenticatedUsers" * for all authenticated users. * * Outputs: true if the ACL was set for the bucket; otherwise, false. * //////////////////////////////////////////////////////////////////////////// * Function: GetBucketAcl * * Purpose: Gets information about the access control list (ACL) for an * Amazon S3 bucket. * * Prerequisites: An existing bucket. * * Inputs: * - bucketName: The name of the bucket to get ACL informaton for. For example, * "my-bucket". * - region: The AWS Region identifier for the bucket. For example, "us-east-1". * * Outputs: true if ACL information was retrieved for the bucket; * otherwise, false. * ///////////////////////////////////////////////////////////////////////// */ Aws::S3::Model::Permission SetGranteePermission(const Aws::String& access) { if (access == "FULL_CONTROL") return Aws::S3::Model::Permission::FULL_CONTROL; if (access == "WRITE") return Aws::S3::Model::Permission::WRITE; if (access == "READ") return Aws::S3::Model::Permission::READ; if (access == "WRITE_ACP") return Aws::S3::Model::Permission::WRITE_ACP; if (access == "READ_ACP") return Aws::S3::Model::Permission::READ_ACP; return Aws::S3::Model::Permission::NOT_SET; } Aws::String GetGranteeType(const Aws::S3::Model::Type& type) { if (type == Aws::S3::Model::Type::AmazonCustomerByEmail) return "Amazon customer by email"; if (type == Aws::S3::Model::Type::CanonicalUser) return "Canonical user"; if (type == Aws::S3::Model::Type::Group) return "Group"; return "Not set"; } Aws::S3::Model::Type SetGranteeType(const Aws::String& type) { if (type == "Amazon customer by email") return Aws::S3::Model::Type::AmazonCustomerByEmail; if (type == "Canonical user") return Aws::S3::Model::Type::CanonicalUser; if (type == "Group") return Aws::S3::Model::Type::Group; return Aws::S3::Model::Type::NOT_SET; } bool AwsDoc::S3::PutBucketAcl(const Aws::String& bucketName, const Aws::String& ownerID, const Aws::String& granteePermission, const Aws::String& granteeType, const Aws::String& granteeID, const Aws::String& region, const Aws::String& granteeDisplayName, const Aws::String& granteeEmailAddress, const Aws::String& granteeURI) { Aws::Client::ClientConfiguration config; config.region = region; Aws::S3::S3Client s3_client(config); Aws::S3::Model::Owner owner; owner.SetID(ownerID); Aws::S3::Model::Grantee grantee; grantee.SetType(SetGranteeType(granteeType)); if (granteeEmailAddress != "") { grantee.SetEmailAddress(granteeEmailAddress); } if (granteeID != "") { grantee.SetID(granteeID); } if (granteeDisplayName != "") { grantee.SetDisplayName(granteeDisplayName); } if (granteeURI != "") { grantee.SetURI(granteeURI); } Aws::S3::Model::Grant grant; grant.SetGrantee(grantee); grant.SetPermission(SetGranteePermission(granteePermission)); Aws::Vector<Aws::S3::Model::Grant> grants; grants.push_back(grant); Aws::S3::Model::AccessControlPolicy acp; acp.SetOwner(owner); acp.SetGrants(grants); Aws::S3::Model::PutBucketAclRequest request; request.SetAccessControlPolicy(acp); request.SetBucket(bucketName); Aws::S3::Model::PutBucketAclOutcome outcome = s3_client.PutBucketAcl(request); if (outcome.IsSuccess()) { return true; } else { auto error = outcome.GetError(); std::cout << "Error: PutBucketAcl: " << error.GetExceptionName() << " - " << error.GetMessage() << std::endl; return false; } } bool AwsDoc::S3::GetBucketAcl(const Aws::String& bucketName, const Aws::String& region) { Aws::Client::ClientConfiguration config; config.region = region; Aws::S3::S3Client s3_client(config); Aws::S3::Model::GetBucketAclRequest request; request.SetBucket(bucketName); Aws::S3::Model::GetBucketAclOutcome outcome = s3_client.GetBucketAcl(request); if (outcome.IsSuccess()) { Aws::S3::Model::Owner owner = outcome.GetResult().GetOwner(); Aws::Vector<Aws::S3::Model::Grant> grants = outcome.GetResult().GetGrants(); std::cout << "Bucket ACL information for bucket '" << bucketName << "':" << std::endl << std::endl; std::cout << "Owner:" << std::endl << std::endl; std::cout << "Display name: " << owner.GetDisplayName() << std::endl; std::cout << "ID: " << owner.GetID() << std::endl << std::endl; std::cout << "Grantees:" << std::endl << std::endl; for (auto it = std::begin(grants); it != end(grants); ++it) { auto grantee = it->GetGrantee(); std::cout << "Display name: " << grantee.GetDisplayName() << std::endl; std::cout << "Email address: " << grantee.GetEmailAddress() << std::endl; std::cout << "ID: " << grantee.GetID() << std::endl; std::cout << "Type: " << GetGranteeType( grantee.GetType()) << std::endl; std::cout << "URI: " << grantee.GetURI() << std::endl << std::endl; } return true; } else { auto error = outcome.GetError(); std::cout << "Error: GetBucketAcl: " << error.GetExceptionName() << " - " << error.GetMessage() << std::endl; return false; } } int main() { Aws::SDKOptions options; Aws::InitAPI(options); { const Aws::String bucket_name = "my-bucket"; // Set the ACL's owner information. const Aws::String owner_id = "b380d412791d395dbcdc1fb1728b32a7cd07edae6467220ac4b7c0769EXAMPLE"; // Set the ACL's grantee information. const Aws::String grantee_permission = "READ"; // If the grantee is by canonical user, then either the user's ID or // display name must be specified: const Aws::String grantee_type = "Canonical user"; const Aws::String grantee_id = "51ffd418eb142601651cc9d54984604a32b51a23153b4898fd2224772EXAMPLE"; // const Aws::String grantee_display_name = "janedoe"; // If the grantee is by Amazon customer by email, then the email // address must be specified: // const Aws::String grantee_type = "Amazon customer by email"; // const Aws::String grantee_email_address = "janedoe@example.com"; // If the grantee is by group, then the predefined group URI must // be specified: // const Aws::String grantee_type = "Group"; // const Aws::String grantee_uri = // "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"; // Set the bucket's ACL. if (!AwsDoc::S3::PutBucketAcl(bucket_name, "us-east-1", owner_id, grantee_permission, grantee_type, grantee_id)) // grantee_display_name, // grantee_email_address, // grantee_uri)); { return 1; } // Get the bucket's ACL information that was just set. if (!AwsDoc::S3::GetBucketAcl(bucket_name, "us-east-1")) { return 1; } } Aws::ShutdownAPI(options); return 0; }
