Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit d1d79c1

Browse filesBrowse files
dpebotdpebot
authored
Merge pull request GoogleCloudPlatform#489 from GoogleCloudPlatform/storage-acl-samples
2 parents 3ecf42e + 814f71d commit d1d79c1
Copy full SHA for d1d79c1

File tree

Expand file treeCollapse file tree

2 files changed

+409
-0
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+409
-0
lines changed

‎storage/cloud-client/acl.py

Copy file name to clipboard
+274Lines changed: 274 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,274 @@
1+
#!/usr/bin/env python
2+
3+
# Copyright 2016 Google, Inc.
4+
#
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
17+
"""This application demonstrates how to manage access control lists (acls) in
18+
Google Cloud Storage.
19+
20+
For more information, see the README.md under /storage and the documentation
21+
at https://cloud.google.com/storage/docs/encryption.
22+
"""
23+
24+
import argparse
25+
26+
from gcloud import storage
27+
28+
29+
def print_bucket_acl(bucket_name):
30+
"""Prints out a bucket's access control list."""
31+
storage_client = storage.Client()
32+
bucket = storage_client.bucket(bucket_name)
33+
34+
for entry in bucket.acl:
35+
print('{}: {}'.format(entry['role'], entry['entity']))
36+
37+
38+
def print_bucket_acl_for_user(bucket_name, user_email):
39+
"""Prints out a bucket's access control list for a given user."""
40+
storage_client = storage.Client()
41+
bucket = storage_client.bucket(bucket_name)
42+
43+
# Reload fetches the current ACL from Cloud Storage.
44+
bucket.acl.reload()
45+
46+
# You can also use `group`, `domain`, `all_authenticated` and `all` to
47+
# get the roles for different types of entities.
48+
roles = bucket.acl.user(user_email).get_roles()
49+
50+
print(roles)
51+
52+
53+
def add_bucket_owner(bucket_name, user_email):
54+
"""Adds a user as an owner on the given bucket."""
55+
storage_client = storage.Client()
56+
bucket = storage_client.bucket(bucket_name)
57+
58+
# Reload fetches the current ACL from Cloud Storage.
59+
bucket.acl.reload()
60+
61+
# You can also use `group()`, `domain()`, `all_authenticated()` and `all()`
62+
# to grant access to different types of entities.
63+
# You can also use `grant_read()` or `grant_write()` to grant different
64+
# roles.
65+
bucket.acl.user(user_email).grant_owner()
66+
bucket.acl.save()
67+
68+
print('Added user {} as an owner on bucket {}.'.format(
69+
user_email, bucket_name))
70+
71+
72+
def remove_bucket_owner(bucket_name, user_email):
73+
"""Removes a user from the access control list of the given bucket."""
74+
storage_client = storage.Client()
75+
bucket = storage_client.bucket(bucket_name)
76+
77+
# Reload fetches the current ACL from Cloud Storage.
78+
bucket.acl.reload()
79+
80+
# You can also use `group`, `domain`, `all_authenticated` and `all` to
81+
# remove access for different types of entities.
82+
bucket.acl.user(user_email).revoke_read()
83+
bucket.acl.user(user_email).revoke_write()
84+
bucket.acl.user(user_email).revoke_owner()
85+
bucket.acl.save()
86+
87+
print('Removed user {} from bucket {}.'.format(
88+
user_email, bucket_name))
89+
90+
91+
def add_bucket_default_owner(bucket_name, user_email):
92+
"""Adds a user as an owner in the given bucket's default object access
93+
control list."""
94+
storage_client = storage.Client()
95+
bucket = storage_client.bucket(bucket_name)
96+
97+
# Reload fetches the current ACL from Cloud Storage.
98+
bucket.acl.reload()
99+
100+
# You can also use `group`, `domain`, `all_authenticated` and `all` to
101+
# grant access to different types of entities. You can also use
102+
# `grant_read` or `grant_write` to grant different roles.
103+
bucket.default_object_acl.user(user_email).grant_owner()
104+
bucket.default_object_acl.save()
105+
106+
print('Added user {} as an owner in the default acl on bucket {}.'.format(
107+
user_email, bucket_name))
108+
109+
110+
def remove_bucket_default_owner(bucket_name, user_email):
111+
"""Removes a user from the access control list of the given bucket's
112+
default object access control list."""
113+
storage_client = storage.Client()
114+
bucket = storage_client.bucket(bucket_name)
115+
116+
# Reload fetches the current ACL from Cloud Storage.
117+
bucket.acl.reload()
118+
119+
# You can also use `group`, `domain`, `all_authenticated` and `all` to
120+
# remove access for different types of entities.
121+
bucket.default_object_acl.user(user_email).revoke_read()
122+
bucket.default_object_acl.user(user_email).revoke_write()
123+
bucket.default_object_acl.user(user_email).revoke_owner()
124+
bucket.default_object_acl.save()
125+
126+
print('Removed user {} from the default acl of bucket {}.'.format(
127+
user_email, bucket_name))
128+
129+
130+
def print_blob_acl(bucket_name, blob_name):
131+
"""Prints out a blob's access control list."""
132+
storage_client = storage.Client()
133+
bucket = storage_client.bucket(bucket_name)
134+
blob = bucket.blob(blob_name)
135+
136+
for entry in blob.acl:
137+
print('{}: {}'.format(entry['role'], entry['entity']))
138+
139+
140+
def print_blob_acl_for_user(bucket_name, blob_name, user_email):
141+
"""Prints out a blob's access control list for a given user."""
142+
storage_client = storage.Client()
143+
bucket = storage_client.bucket(bucket_name)
144+
blob = bucket.blob(blob_name)
145+
146+
# Reload fetches the current ACL from Cloud Storage.
147+
blob.acl.reload()
148+
149+
# You can also use `group`, `domain`, `all_authenticated` and `all` to
150+
# get the roles for different types of entities.
151+
roles = blob.acl.user(user_email).get_roles()
152+
153+
print(roles)
154+
155+
156+
def add_blob_owner(bucket_name, blob_name, user_email):
157+
"""Adds a user as an owner on the given blob."""
158+
storage_client = storage.Client()
159+
bucket = storage_client.bucket(bucket_name)
160+
blob = bucket.blob(blob_name)
161+
162+
# Reload fetches the current ACL from Cloud Storage.
163+
blob.acl.reload()
164+
165+
# You can also use `group`, `domain`, `all_authenticated` and `all` to
166+
# grant access to different types of entities. You can also use
167+
# `grant_read` or `grant_write` to grant different roles.
168+
blob.acl.user(user_email).grant_owner()
169+
blob.acl.save()
170+
171+
print('Added user {} as an owner on blob {} in bucket {}.'.format(
172+
user_email, blob_name, bucket_name))
173+
174+
175+
def remove_blob_owner(bucket_name, blob_name, user_email):
176+
"""Removes a user from the access control list of the given blob in the
177+
given bucket."""
178+
storage_client = storage.Client()
179+
bucket = storage_client.bucket(bucket_name)
180+
blob = bucket.blob(blob_name)
181+
182+
# You can also use `group`, `domain`, `all_authenticated` and `all` to
183+
# remove access for different types of entities.
184+
blob.acl.user(user_email).revoke_read()
185+
blob.acl.user(user_email).revoke_write()
186+
blob.acl.user(user_email).revoke_owner()
187+
blob.acl.save()
188+
189+
print('Removed user {} from blob {} in bucket {}.'.format(
190+
user_email, blob_name, bucket_name))
191+
192+
193+
if __name__ == '__main__':
194+
parser = argparse.ArgumentParser(
195+
description=__doc__,
196+
formatter_class=argparse.RawDescriptionHelpFormatter)
197+
subparsers = parser.add_subparsers(dest='command')
198+
199+
print_bucket_acl_parser = subparsers.add_parser(
200+
'print-bucket-acl', help=print_bucket_acl.__doc__)
201+
print_bucket_acl_parser.add_argument('bucket_name')
202+
203+
print_bucket_acl_for_user_parser = subparsers.add_parser(
204+
'print-bucket-acl-for-user', help=print_bucket_acl.__doc__)
205+
print_bucket_acl_for_user_parser.add_argument('bucket_name')
206+
print_bucket_acl_for_user_parser.add_argument('user_email')
207+
208+
add_bucket_owner_parser = subparsers.add_parser(
209+
'add-bucket-owner', help=add_bucket_owner.__doc__)
210+
add_bucket_owner_parser.add_argument('bucket_name')
211+
add_bucket_owner_parser.add_argument('user_email')
212+
213+
remove_bucket_owner_parser = subparsers.add_parser(
214+
'remove-bucket-owner', help=remove_bucket_owner.__doc__)
215+
remove_bucket_owner_parser.add_argument('bucket_name')
216+
remove_bucket_owner_parser.add_argument('user_email')
217+
218+
add_bucket_default_owner_parser = subparsers.add_parser(
219+
'add-bucket-default-owner', help=add_bucket_default_owner.__doc__)
220+
add_bucket_default_owner_parser.add_argument('bucket_name')
221+
add_bucket_default_owner_parser.add_argument('user_email')
222+
223+
remove_bucket_default_owner_parser = subparsers.add_parser(
224+
'remove-bucket-default-owner',
225+
help=remove_bucket_default_owner.__doc__)
226+
remove_bucket_default_owner_parser.add_argument('bucket_name')
227+
remove_bucket_default_owner_parser.add_argument('user_email')
228+
229+
print_blob_acl_parser = subparsers.add_parser(
230+
'print-blob-acl', help=print_blob_acl.__doc__)
231+
print_blob_acl_parser.add_argument('bucket_name')
232+
print_blob_acl_parser.add_argument('blob_name')
233+
234+
print_blob_acl_for_user_parser = subparsers.add_parser(
235+
'print-blob-acl-for-user', help=print_blob_acl_for_user.__doc__)
236+
print_blob_acl_for_user_parser.add_argument('bucket_name')
237+
print_blob_acl_for_user_parser.add_argument('blob_name')
238+
print_blob_acl_for_user_parser.add_argument('user_email')
239+
240+
add_blob_owner_parser = subparsers.add_parser(
241+
'add-blob-owner', help=add_blob_owner.__doc__)
242+
add_blob_owner_parser.add_argument('bucket_name')
243+
add_blob_owner_parser.add_argument('blob_name')
244+
add_blob_owner_parser.add_argument('user_email')
245+
246+
remove_blob_owner_parser = subparsers.add_parser(
247+
'remove-blob-owner', help=remove_blob_owner.__doc__)
248+
remove_blob_owner_parser.add_argument('bucket_name')
249+
remove_blob_owner_parser.add_argument('blob_name')
250+
remove_blob_owner_parser.add_argument('user_email')
251+
252+
args = parser.parse_args()
253+
254+
if args.command == 'print-bucket-acl':
255+
print_bucket_acl(args.bucket_name)
256+
elif args.command == 'print-bucket-acl-for-user':
257+
print_bucket_acl_for_user(args.bucket_name, args.user_email)
258+
elif args.command == 'add-bucket-owner':
259+
add_bucket_owner(args.bucket_name, args.user_email)
260+
elif args.command == 'remove-bucket-owner':
261+
remove_bucket_owner(args.bucket_name, args.user_email)
262+
elif args.command == 'add-bucket-default-owner':
263+
add_bucket_default_owner(args.bucket_name, args.user_email)
264+
elif args.command == 'remove-bucket-default-owner':
265+
remove_bucket_default_owner(args.bucket_name, args.user_email)
266+
elif args.command == 'print-blob-acl':
267+
print_blob_acl(args.bucket_name, args.blob_name)
268+
elif args.command == 'print-blob-acl-for-user':
269+
print_blob_acl_for_user(
270+
args.bucket_name, args.blob_name, args.user_email)
271+
elif args.command == 'add-blob-owner':
272+
add_blob_owner(args.bucket_name, args.blob_name, args.user_email)
273+
elif args.command == 'remove-blob-owner':
274+
remove_blob_owner(args.bucket_name, args.blob_name, args.user_email)

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.