feat: Add support for putting ACL on each file uploaded

oxyno-zeta · Jun 19, 2023 · 56d609f · 56d609f
1 parent e0eec94
commit 56d609f
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 0 deletions.
diff --git a/conf/config-example.yaml b/conf/config-example.yaml
@@ -391,6 +391,9 @@ targets:
     #       storageClass: STANDARD # GLACIER, ...
     #       # Will allow override objects if enabled
     #       allowOverride: false
+    #       # Canned ACL put on each file uploaded.
+    #       # https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl
+    #       # cannedACL: ""
     #       # Webhooks
     #       webhooks: []
     #   # Action for DELETE requests on target

diff --git a/docs/configuration/example.md b/docs/configuration/example.md
@@ -401,6 +401,9 @@ targets:
     #       storageClass: STANDARD # GLACIER, ...
     #       # Will allow override objects if enabled
     #       allowOverride: false
+    #       # Canned ACL put on each file uploaded.
+    #       # https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl
+    #       # cannedACL: ""
     #       # Webhooks
     #       webhooks: []
     #   # Action for DELETE requests on target

diff --git a/docs/configuration/structure.md b/docs/configuration/structure.md
@@ -261,6 +261,7 @@ See more information [here](../feature-guide/key-rewrite.md).
 | systemMetadata | [PutActionConfigSystemMetadataConfiguration](#putactionconfigsystemmetadataconfiguration) | No       | `nil`   | This allow to put system metadata values to uploaded objects. Value can be templated. Empty values will be flushed. See [here](../feature-guide/templates.md#put-metadata)                                                                                                                                                                            |
 | storageClass   | String                                                                                    | No       | `""`    | Storage class that will be used for uploaded objects. See storage class here: [https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html). Value can be templated. Empty values will be flushed. See [here](../feature-guide/templates.md#put-storage-class) |
 | allowOverride  | Boolean                                                                                   | No       | `false` | Will allow override objects if enabled                                                                                                                                                                                                                                                                                                                |
+| cannedACL      | String                                                                                    | No       | `nil`   | Canned ACL put on each file uploaded. See official values here [https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl).                                                                                                              |
 | webhooks       | [[WebhookConfiguration](#webhookconfiguration)]                                           | No       | `nil`   | Webhooks configuration list to call when a PUT request is performed                                                                                                                                                                                                                                                                                   |
 
 ## PutActionConfigSystemMetadataConfiguration

diff --git a/pkg/s3-proxy/config/config.go b/pkg/s3-proxy/config/config.go
@@ -394,6 +394,7 @@ type PutActionConfig struct {
 type PutActionConfigConfig struct {
 	Metadata       map[string]string                    `mapstructure:"metadata"`
 	SystemMetadata *PutActionConfigSystemMetadataConfig `mapstructure:"systemMetadata"`
+	CannedACL      *string                              `mapstructure:"cannedACL"`
 	StorageClass   string                               `mapstructure:"storageClass"`
 	Webhooks       []*WebhookConfig                     `mapstructure:"webhooks"       validate:"dive"`
 	AllowOverride  bool                                 `mapstructure:"allowOverride"`

diff --git a/pkg/s3-proxy/s3client/s3Context.go b/pkg/s3-proxy/s3client/s3Context.go
@@ -345,6 +345,15 @@ func (s3ctx *s3Context) PutObject(ctx context.Context, input *PutInput) (*Result
 		Expires:       input.Expires,
 	}
 
+	// Manage ACL
+	if s3ctx.target.Actions != nil &&
+		s3ctx.target.Actions.PUT != nil &&
+		s3ctx.target.Actions.PUT.Config != nil &&
+		s3ctx.target.Actions.PUT.Config.CannedACL != nil &&
+		*s3ctx.target.Actions.PUT.Config.CannedACL != "" {
+		// Inject ACL
+		inp.ACL = s3ctx.target.Actions.PUT.Config.CannedACL
+	}
 	// Manage cache control case
 	if input.CacheControl != "" {
 		inp.CacheControl = aws.String(input.CacheControl)

diff --git a/pkg/s3-proxy/server/server_integration_test.go b/pkg/s3-proxy/server/server_integration_test.go
@@ -3643,6 +3643,7 @@ func TestPublicRouter(t *testing.T) {
 					Key:    &tt.expectedS3ObjectKey,
 				})
 				assert.NoError(t, err)
+				// TODO Migrate to SDK V2 to test ACL
 				assert.Equal(t, tt.expectedS3ObjectMetadata, r.Metadata, "S3 object metadata")
 				assert.Equal(t, tt.expectedS3ObjectStorageClass, r.StorageClass, "S3 object storage class")
 				assert.Equal(t, tt.expectedS3ObjectCacheControl, r.CacheControl, "S3 object cache control")