forked from awsdocs/aws-doc-sdk-examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
s3_crud_ops.go
134 lines (109 loc) · 2.88 KB
/
s3_crud_ops.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package main
import (
"errors"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/s3"
)
// Functions to perform CRUD (create, read, update, delete) operations in S3
// CreateBucket creates a bucket
func CreateBucket(sess *session.Session, bucket string) error {
// Create S3 service client
svc := s3.New(sess)
// Create the S3 Bucket
_, err := svc.CreateBucket(&s3.CreateBucketInput{
Bucket: aws.String(bucket),
})
if err != nil {
return err
}
// Wait until bucket is created before finishing
err = svc.WaitUntilBucketExists(&s3.HeadBucketInput{
Bucket: aws.String(bucket),
})
if err != nil {
return err
}
return nil
}
// GetBucket determines whether we have this bucket
func GetBucket(sess *session.Session, bucket string) error {
// Create S3 service client
svc := s3.New(sess)
// Do we have this Bucket?
_, err := svc.HeadBucket(&s3.HeadBucketInput{
Bucket: aws.String(bucket),
})
if err != nil {
return err
}
return nil
}
// HasACL determines whether the bucket has read-only ACL
func HasACL(sess *session.Session, bucket string) error {
// Create S3 service client
svc := s3.New(sess)
acl, err := svc.GetBucketAcl(&s3.GetBucketAclInput{
Bucket: aws.String(bucket),
})
if err != nil {
return err
}
// Determine whether the group allusers has read permission
for _, g := range acl.Grants {
if *g.Grantee.Type == "Group" && *g.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers" && *g.Permission == "READ" {
return nil
}
}
return errors.New("All users do not have read access")
}
// UpdateBucket changes the bucket to give all users read permission
func UpdateBucket(sess *session.Session, bucket string) error {
// Create S3 service client
svc := s3.New(sess)
// Give all users read permission
_, err := svc.PutBucketAcl(&s3.PutBucketAclInput{
ACL: aws.String("public-read"),
Bucket: aws.String(bucket),
})
if err != nil {
return err
}
// Do all users have read permission?
err = HasACL(sess, bucket)
if err != nil {
return err
}
return nil
}
// DeleteBucket deletes a bucket
func DeleteBucket(sess *session.Session, bucket string) error {
// Create S3 service client
svc := s3.New(sess)
// Delete the S3 Bucket
_, err := svc.DeleteBucket(&s3.DeleteBucketInput{
Bucket: aws.String(bucket),
})
if err != nil {
return err
}
// Wait until bucket is gone before finishing
err = svc.WaitUntilBucketNotExists(&s3.HeadBucketInput{
Bucket: aws.String(bucket),
})
if err != nil {
return err
}
// Make sure it's really gone
_, err = svc.HeadBucket(&s3.HeadBucketInput{
Bucket: aws.String(bucket),
})
// We expect this to fail if bucket does not exist
if err != nil {
return nil
}
return errors.New("Could not delete bucket")
}
func main() {}