Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Do not set ACL

Previously, the ACL of each artifact and directory was set explicitly
without the ability to override it.  This caused problems in certain
environments and wasn't wanted any longer in the 5.x line.  This
change removes that explicit configuration in lieu of using bucket
policies.

[Completes #6][Completes #8]
  • Loading branch information...
commit 2ece0db9b0f381a8800441e9c64b8fcb72d0415e 1 parent c40454d
Ben Hale nebhale authored
2  README.md
View
@@ -43,7 +43,7 @@ Once the build extension is configured distribution management repositories can
...
</project>
-Finally the `~/.m2/settings.xml` must be updated to include access and secret keys for the account. The access key should be used to populate the `username` element, and the secret key should be used to populate the `passphrase` element.
+Finally the `~/.m2/settings.xml` must be updated to include access and secret keys for the account. The access key should be used to populate the `username` element, and the secret key should be used to populate the `password` element.
<settings>
...
2  src/main/java/org/springframework/build/aws/maven/SimpleStorageServiceWagon.java
View
@@ -183,7 +183,7 @@ protected void putResource(File source, String destination, TransferProgress tra
in = new TransferProgressFileInputStream(source, transferProgress);
- this.amazonS3.putObject(new PutObjectRequest(this.bucketName, key, in, objectMetadata).withCannedAcl(CannedAccessControlList.PublicRead));
David Dossot
ddossot added a note

Uncool :( We were relying on this. Why not making this configurable, using CannedAccessControlList.PublicRead as the default value for backwards compatibility?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ this.amazonS3.putObject(new PutObjectRequest(this.bucketName, key, in, objectMetadata));
} catch (AmazonServiceException e) {
throw new TransferFailedException(String.format("Cannot write file to '%s'", destination), e);
} catch (FileNotFoundException e) {
1  src/test/java/org/springframework/build/aws/maven/SimpleStorageServiceWagonIntegrationTest.java
View
@@ -244,7 +244,6 @@ public void putResource() throws TransferFailedException, ResourceDoesNotExistEx
assertEquals(BUCKET_NAME, fileRequest.getBucketName());
assertEquals(BASE_DIRECTORY + FILE_NAME, fileRequest.getKey());
assertNotNull(fileRequest.getInputStream());
- assertEquals(CannedAccessControlList.PublicRead, fileRequest.getCannedAcl());
ObjectMetadata objectMetadata = fileRequest.getMetadata();
assertNotNull(objectMetadata);

2 comments on commit 2ece0db

David Dossot

Uncool :( We were relying on this. Why not making this configurable, using CannedAccessControlList.PublicRead as the default value for backwards compatibility?

Ben Hale
Collaborator

In the 5.x line, I've made the decision to intentionally break backwards compatibility. Along the 4.x line, the current behavior will continue to exist. At the beginning I was against managing permissions using policies, but after playing around with it for the better part of a year, I'm quite a fan of it. I think that separating the publication of artifacts from managing their permissions is a good idea.

Amazon has a really good utility for creating the bucket policies with whatever granularity you'd like, but an equivalent to the current behavior would look like:

{
    "Version": "2008-10-17",
    "Id": "Policy1382551327971",
    "Statement": [
        {
            "Sid": "Stmt1382551313942",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<BUCKET>/*"
        }
    ]
}
David Dossot

Thanks much for your reply.

Please sign in to comment.
Something went wrong with that request. Please try again.