Permalink
Browse files

Do not set ACL

Previously, the ACL of each artifact and directory was set explicitly
without the ability to override it.  This caused problems in certain
environments and wasn't wanted any longer in the 5.x line.  This
change removes that explicit configuration in lieu of using bucket
policies.

[Completes #6][Completes #8]
  • Loading branch information...
1 parent c40454d commit 2ece0db9b0f381a8800441e9c64b8fcb72d0415e @nebhale nebhale committed Feb 17, 2014
View
2 README.md
@@ -43,7 +43,7 @@ Once the build extension is configured distribution management repositories can
...
</project>
-Finally the `~/.m2/settings.xml` must be updated to include access and secret keys for the account. The access key should be used to populate the `username` element, and the secret key should be used to populate the `passphrase` element.
+Finally the `~/.m2/settings.xml` must be updated to include access and secret keys for the account. The access key should be used to populate the `username` element, and the secret key should be used to populate the `password` element.
<settings>
...
View
2 src/main/java/org/springframework/build/aws/maven/SimpleStorageServiceWagon.java
@@ -183,7 +183,7 @@ protected void putResource(File source, String destination, TransferProgress tra
in = new TransferProgressFileInputStream(source, transferProgress);
- this.amazonS3.putObject(new PutObjectRequest(this.bucketName, key, in, objectMetadata).withCannedAcl(CannedAccessControlList.PublicRead));
@ddossot
ddossot Feb 19, 2014

Uncool :( We were relying on this. Why not making this configurable, using CannedAccessControlList.PublicRead as the default value for backwards compatibility?

+ this.amazonS3.putObject(new PutObjectRequest(this.bucketName, key, in, objectMetadata));
} catch (AmazonServiceException e) {
throw new TransferFailedException(String.format("Cannot write file to '%s'", destination), e);
} catch (FileNotFoundException e) {
View
1 ...st/java/org/springframework/build/aws/maven/SimpleStorageServiceWagonIntegrationTest.java
@@ -244,7 +244,6 @@ public void putResource() throws TransferFailedException, ResourceDoesNotExistEx
assertEquals(BUCKET_NAME, fileRequest.getBucketName());
assertEquals(BASE_DIRECTORY + FILE_NAME, fileRequest.getKey());
assertNotNull(fileRequest.getInputStream());
- assertEquals(CannedAccessControlList.PublicRead, fileRequest.getCannedAcl());
ObjectMetadata objectMetadata = fileRequest.getMetadata();
assertNotNull(objectMetadata);

2 comments on commit 2ece0db

@nebhale
Spring member

In the 5.x line, I've made the decision to intentionally break backwards compatibility. Along the 4.x line, the current behavior will continue to exist. At the beginning I was against managing permissions using policies, but after playing around with it for the better part of a year, I'm quite a fan of it. I think that separating the publication of artifacts from managing their permissions is a good idea.

Amazon has a really good utility for creating the bucket policies with whatever granularity you'd like, but an equivalent to the current behavior would look like:

{
    "Version": "2008-10-17",
    "Id": "Policy1382551327971",
    "Statement": [
        {
            "Sid": "Stmt1382551313942",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<BUCKET>/*"
        }
    ]
}
@ddossot

Thanks much for your reply.

Please sign in to comment.