forked from awsdocs/aws-doc-sdk-examples
/
PutBucketAcl.go
119 lines (101 loc) · 3.62 KB
/
PutBucketAcl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
/*
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
This file is licensed under the Apache License, Version 2.0 (the "License").
You may not use this file except in compliance with the License. A copy of
the License is located at
http://aws.amazon.com/apache2.0/
This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied. See the License for the
specific language governing permissions and limitations under the License.
*/
// snippet-start:[s3.go.put_bucket_acl]
package main
// snippet-start:[s3.go.put_bucket_acl.imports]
import (
"flag"
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/s3"
)
// snippet-end:[s3.go.put_bucket_acl.imports]
// SetBucketACL gives a user access to a bucket
// Inputs:
// sess is the current session, which provides configuration for the SDK's service clients
// bucket is the name of the bucket
// Output:
// If success, the SOMETHING of the RESOURCE and nil
// Otherwise, an empty string and an error from the call to FUNCTION
func SetBucketACL(sess *session.Session, bucket, address, permission *string) error {
// snippet-start:[s3.go.put_bucket_acl.service_acl]
svc := s3.New(sess)
result, err := svc.GetBucketAcl(&s3.GetBucketAclInput{
Bucket: bucket,
})
// snippet-end:[s3.go.put_bucket_acl.service_acl]
if err != nil {
return err
}
// snippet-start:[s3.go.put_bucket_acl.add_grant]
owner := *result.Owner.DisplayName
ownerID := *result.Owner.ID
grants := result.Grants
var newGrantee = s3.Grantee{
EmailAddress: address,
Type: aws.String("AmazonCustomerByEmail"),
}
var newGrant = s3.Grant{
Grantee: &newGrantee,
Permission: permission,
}
grants = append(grants, &newGrant)
// snippet-end:[s3.go.put_bucket_acl.add_grant]
// snippet-start:[s3.go.put_bucket_acl.call]
_, err = svc.PutBucketAcl(&s3.PutBucketAclInput{
Bucket: bucket,
AccessControlPolicy: &s3.AccessControlPolicy{
Grants: grants,
Owner: &s3.Owner{
DisplayName: &owner,
ID: &ownerID,
},
},
})
// snippet-end:[s3.go.put_bucket_acl.call]
if err != nil {
return err
}
return nil
}
func main() {
// snippet-start:[s3.go.put_bucket_acl.args]
bucket := flag.String("b", "", "The bucket to read")
address := flag.String("e", "", "The email address of the reader")
permission := flag.String("p", "READ", "The type of permission (FULL_CONTROL, WRITE, WRITE_ACP, READ, or READ_ACP)")
flag.Parse()
if *bucket == "" || *address == "" {
fmt.Println("You must supply a bucket (-b BUCKET) and email address (-e ADDRESS)")
return
}
if !(*permission == "FULL_CONTROL" || *permission == "WRITE" || *permission == "WRITE_ACP" || *permission == "READ" || *permission == "READ_ACP") {
fmt.Println("Illegal permission value. It must be one of:")
fmt.Println("FULL_CONTROL, WRITE, WRITE_ACP, READ, or READ_ACP")
return
}
// snippet-end:[s3.go.put_bucket_acl.args]
// snippet-start:[s3.go.put_bucket_acl.session]
sess := session.Must(session.NewSessionWithOptions(session.Options{
SharedConfigState: session.SharedConfigEnable,
}))
// snippet-end:[s3.go.put_bucket_acl.session]
err := SetBucketACL(sess, bucket, address, permission)
if err != nil {
fmt.Println("Got an error setting bucket ACL:")
fmt.Println(err)
return
}
// snippet-start:[s3.go.put_bucket_acl.print]
fmt.Println("Congratulations. You gave user with email address", address, permission, "permission to bucket", bucket)
// snippet-end:[s3.go.put_bucket_acl.print]
}
// snippet-end:[s3.go.put_bucket_acl]