forked from GoogleCloudPlatform/golang-samples
-
Notifications
You must be signed in to change notification settings - Fork 1
/
acl.go
153 lines (128 loc) · 3.7 KB
/
acl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
// Copyright 2016 Google Inc. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.
package main
import (
"fmt"
"io/ioutil"
"time"
"golang.org/x/net/context"
"cloud.google.com/go/storage"
)
// TODO(jbd): Add START and END tags once the names are finalized.
func addBucketACL(client *storage.Client, bucket string) error {
ctx := context.Background()
acl := client.Bucket(bucket).ACL()
if err := acl.Set(ctx, storage.AllAuthenticatedUsers, storage.RoleReader); err != nil {
return err
}
return nil
}
func addDefaultBucketACL(client *storage.Client, bucket string) error {
ctx := context.Background()
acl := client.Bucket(bucket).DefaultObjectACL()
if err := acl.Set(ctx, storage.AllAuthenticatedUsers, storage.RoleReader); err != nil {
return err
}
return nil
}
func bucketACL(client *storage.Client, bucket string) error {
ctx := context.Background()
rules, err := client.Bucket(bucket).ACL().List(ctx)
if err != nil {
return err
}
for _, rule := range rules {
fmt.Printf("ACL rule: %v\n", rule)
}
return nil
}
func bucketACLFiltered(client *storage.Client, bucket string, entity storage.ACLEntity) error {
ctx := context.Background()
rules, err := client.Bucket(bucket).ACL().List(ctx)
if err != nil {
return err
}
for _, r := range rules {
if r.Entity == entity {
fmt.Printf("ACL rule role: %v\n", r.Role)
}
}
return nil
}
func addObjectACL(client *storage.Client, bucket, object string) error {
ctx := context.Background()
acl := client.Bucket(bucket).Object(object).ACL()
if err := acl.Set(ctx, storage.AllAuthenticatedUsers, storage.RoleReader); err != nil {
return err
}
return nil
}
func objectACL(client *storage.Client, bucket, object string) error {
ctx := context.Background()
rules, err := client.Bucket(bucket).Object(object).ACL().List(ctx)
if err != nil {
return err
}
for _, rule := range rules {
fmt.Printf("ACL rule: %v\n", rule)
}
return nil
}
func objectACLFiltered(client *storage.Client, bucket, object string, entity storage.ACLEntity) error {
ctx := context.Background()
rules, err := client.Bucket(bucket).ACL().List(ctx)
if err != nil {
return err
}
for _, r := range rules {
if r.Entity == entity {
fmt.Printf("ACL rule role: %v\n", r.Role)
}
}
return nil
}
func deleteBucketACL(client *storage.Client, bucket string) error {
ctx := context.Background()
acl := client.Bucket(bucket).ACL()
if err := acl.Delete(ctx, storage.AllAuthenticatedUsers); err != nil {
return err
}
return nil
}
func deleteDefaultBucketACL(client *storage.Client, bucket string) error {
ctx := context.Background()
acl := client.Bucket(bucket).DefaultObjectACL()
if err := acl.Delete(ctx, storage.AllAuthenticatedUsers); err != nil {
return err
}
return nil
}
func deleteObjectACL(client *storage.Client, bucket, object string) error {
ctx := context.Background()
acl := client.Bucket(bucket).Object(object).ACL()
if err := acl.Delete(ctx, storage.AllAuthenticatedUsers); err != nil {
return err
}
return nil
}
func signedURL(client *storage.Client, bucket, object string) error {
// Download a p12 service account private key from the Google Developers Console.
// And convert it to PEM by running the command below:
// $ openssl pkcs12 -in key.p12 -passin pass:notasecret -out my-private-key.pem -nodes
pkey, err := ioutil.ReadFile("my-private-key.pem")
if err != nil {
return err
}
url, err := storage.SignedURL(bucket, object, &storage.SignedURLOptions{
GoogleAccessID: "xxx@developer.gserviceaccount.com",
PrivateKey: pkey,
Method: "GET",
Expires: time.Now().Add(48 * time.Hour),
})
if err != nil {
return err
}
fmt.Println(url)
return nil
}