Merge pull request #1914 from irenepsmith/add-acl-examples

brmur · web-flow · commit aa63f0bfde58 · 2021-07-01T17:38:24.000+01:00
Adding two S3 examples that work with ACL.
diff --git a/dotnetv3/S3/ManageACLsExample/ManageACLsExample.sln b/dotnetv3/S3/ManageACLsExample/ManageACLsExample.sln
@@ -0,0 +1,34 @@
+﻿
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.26124.0
+MinimumVisualStudioVersion = 15.0.26124.0
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ManageACLsExample", "ManageACLsExample\ManageACLsExample.csproj", "{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|Any CPU = Release|Any CPU
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Debug|x64.Build.0 = Debug|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Debug|x86.Build.0 = Debug|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Release|x64.ActiveCfg = Release|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Release|x64.Build.0 = Release|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Release|x86.ActiveCfg = Release|Any CPU
+		{D7F8ADB4-BF61-4A1E-8B71-310B9D1E7F3A}.Release|x86.Build.0 = Release|Any CPU
+	EndGlobalSection
+EndGlobal
diff --git a/dotnetv3/S3/ManageACLsExample/ManageACLsExample/ManageACLs.cs b/dotnetv3/S3/ManageACLsExample/ManageACLsExample/ManageACLs.cs
@@ -0,0 +1,182 @@
+﻿// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier:  Apache-2.0
+
+namespace ManageACLsExample
+{
+    using System;
+    using System.Collections.Generic;
+    using System.Threading.Tasks;
+    using Amazon;
+    using Amazon.S3;
+    using Amazon.S3.Model;
+
+    /// <summary>
+    /// This example shows how to manage Amazon Simple Storage Service
+    /// (Amazon S3) Access Control Lists (ACLs) to control Amazon S3 bucket
+    /// access. The example was created with the AWS SDK for .NET version 3.7
+    /// and .NET Core 5.0.
+    /// </summary>
+    public class ManageACLs
+    {
+        public static async Task Main()
+        {
+            string bucketName = "doc-example-bucket1";
+            string newBucketName = "doc-example-bucket2";
+            string keyName = "sample-object.txt";
+            string emailAddress = "someone@example.com";
+
+            // If the AWS region where your bucket is located is different from
+            // the region defined for the default user, pass the S3 bucket's
+            // name to the client constructor. It should look like this:
+            // RegionEndpoint bucketRegion = RegionEndpoint.USWest2;
+            IAmazonS3 client = new AmazonS3Client();
+
+            await TestBucketObjectACLsAsync(client, bucketName, newBucketName, keyName, emailAddress);
+        }
+
+        /// <summary>
+        /// Creates a new S3 bucket with a canned ACL, then retrieves the ACL
+        /// infrmation and then adds a new ACL to one of the objects in the
+        /// S3 bucket.
+        /// </summary>
+        /// <param name="client">The initialized S3 client object used to call
+        /// methods to create a bucket, get an ACL, and add a different ACL to
+        /// one of the objects.</param>
+        /// <param name="bucketName">A string representing the original S3
+        /// bucket name.</param>
+        /// <param name="newBucketName">A string representing the name of the
+        /// new bucket that will be created.</param>
+        /// <param name="keyName">A string representing the key name of an S3
+        /// object for which we will change the ACL.</param>
+        /// <param name="emailAddress">A string representing the email address
+        /// belonging to the person to whom access to the S3 bucket will be
+        /// granted.</param>
+        public static async Task TestBucketObjectACLsAsync(IAmazonS3 client, string bucketName, string newBucketName, string keyName, string emailAddress)
+        {
+            try
+            {
+                // Create a new S3 bucket and specify canned ACL.
+                var success = await CreateBucketWithCannedACLAsync(client, newBucketName);
+
+                // Get the ACL on a bucket.
+                await GetBucketACLAsync(client, bucketName);
+
+                // Add (replace) the ACL on an object in a bucket.
+                await AddACLToExistingObjectAsync(client, bucketName, keyName, emailAddress);
+            }
+            catch (AmazonS3Exception amazonS3Exception)
+            {
+                Console.WriteLine($"Exception: {amazonS3Exception.Message}");
+            }
+        }
+
+        /// <summary>
+        /// Creates a new S3 bucket with a canned ACL attached.
+        /// </summary>
+        /// <param name="client">The initialized client object used to call
+        /// PutBucketAsync.</param>
+        /// <param name="newBucketName">A string representing the name of the
+        /// new S3 bucket.</param>
+        /// <returns>Returns a boolean value indicating success or failure.</returns>
+        public static async Task<bool> CreateBucketWithCannedACLAsync(IAmazonS3 client, string newBucketName)
+        {
+            var request = new PutBucketRequest()
+            {
+                BucketName = newBucketName,
+                BucketRegion = S3Region.EUW1,
+
+                // Add a canned ACL.
+                CannedACL = S3CannedACL.LogDeliveryWrite,
+            };
+
+            var response = await client.PutBucketAsync(request);
+            return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
+        }
+
+        /// <summary>
+        /// Retrieves the ACL associated with the S3 bucket name in the
+        /// bucketName parameter.
+        /// </summary>
+        /// <param name="client">The initialized client object used to call
+        /// PutBucketAsync.</param>
+        /// <param name="bucketName">The S3 bucket for which we want to get the
+        /// ACL list.</param>
+        /// <returns>Returns an S3AccessCntrolList returned from the call to
+        /// GetACLAsync.</returns>
+        public static async Task<S3AccessControlList> GetBucketACLAsync(IAmazonS3 client, string bucketName)
+        {
+            GetACLResponse response = await client.GetACLAsync(new GetACLRequest
+            {
+                BucketName = bucketName,
+            });
+
+            return response.AccessControlList;
+        }
+
+        /// <summary>
+        /// Adds a new ACL to an existing object in the S3 bucket.
+        /// </summary>
+        /// <param name="client">The initialized client object used to call
+        /// PutBucketAsync.</param>
+        /// <param name="bucketName">A string representing the name of the S3
+        /// bucket where the object we want to which we want to apply a new ACL.</param>
+        /// <param name="keyName">A string representing the name of the object
+        /// to which we want to apply the new ACL.</param>
+        /// <param name="emailAddress">The email address of the person to whom
+        /// we will be applying to whom access will be granted.</param>
+        public static async Task AddACLToExistingObjectAsync(IAmazonS3 client, string bucketName, string keyName, string emailAddress)
+        {
+            // Retrieve the ACL for an object.
+            GetACLResponse aclResponse = await client.GetACLAsync(new GetACLRequest
+            {
+                BucketName = bucketName,
+                Key = keyName,
+            });
+
+            S3AccessControlList acl = aclResponse.AccessControlList;
+
+            // Retrieve the owner.
+            Owner owner = acl.Owner;
+
+            // Clear existing grants.
+            acl.Grants.Clear();
+
+            // Add a grant to reset the owner's full permission
+            // (the previous clear statement removed all permissions).
+            var fullControlGrant = new S3Grant
+            {
+                Grantee = new S3Grantee { CanonicalUser = acl.Owner.Id },
+            };
+            acl.AddGrant(fullControlGrant.Grantee, S3Permission.FULL_CONTROL);
+
+            // Specify email to identify grantee for granting permissions.
+            var grantUsingEmail = new S3Grant
+            {
+                Grantee = new S3Grantee { EmailAddress = emailAddress },
+                Permission = S3Permission.WRITE_ACP,
+            };
+
+            // Specify log delivery group as grantee.
+            var grantLogDeliveryGroup = new S3Grant
+            {
+                Grantee = new S3Grantee { URI = "http://acs.amazonaws.com/groups/s3/LogDelivery" },
+                Permission = S3Permission.WRITE,
+            };
+
+            // Create a new ACL.
+            var newAcl = new S3AccessControlList
+            {
+                Grants = new List<S3Grant> { grantUsingEmail, grantLogDeliveryGroup },
+                Owner = owner,
+            };
+
+            // Set the new ACL. We're throwing away the response here.
+            _ = await client.PutACLAsync(new PutACLRequest
+            {
+                BucketName = bucketName,
+                Key = keyName,
+                AccessControlList = newAcl,
+            });
+        }
+    }
+}
diff --git a/dotnetv3/S3/ManageACLsExample/ManageACLsExample/ManageACLsExample.csproj b/dotnetv3/S3/ManageACLsExample/ManageACLsExample/ManageACLsExample.csproj
@@ -0,0 +1,17 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net5.0</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="AWSSDK.Core" Version="3.7.0.37" />
+    <PackageReference Include="AWSSDK.S3" Version="3.7.1.7" />
+    <PackageReference Include="StyleCop.Analyzers" Version="1.1.118">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+  </ItemGroup>
+
+</Project>
diff --git a/dotnetv3/S3/ManageObjectACLExample/ManageObjectACLExample.sln b/dotnetv3/S3/ManageObjectACLExample/ManageObjectACLExample.sln
@@ -0,0 +1,34 @@
+﻿
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.26124.0
+MinimumVisualStudioVersion = 15.0.26124.0
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ManageObjectACLExample", "ManageObjectACLExample\ManageObjectACLExample.csproj", "{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|Any CPU = Release|Any CPU
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Debug|x64.Build.0 = Debug|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Debug|x86.Build.0 = Debug|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Release|Any CPU.Build.0 = Release|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Release|x64.ActiveCfg = Release|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Release|x64.Build.0 = Release|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Release|x86.ActiveCfg = Release|Any CPU
+		{82EF5A4C-2964-45E9-BDB6-E755C1F3B9EB}.Release|x86.Build.0 = Release|Any CPU
+	EndGlobalSection
+EndGlobal
diff --git a/dotnetv3/S3/ManageObjectACLExample/ManageObjectACLExample/ManageObjectACL.cs b/dotnetv3/S3/ManageObjectACLExample/ManageObjectACLExample/ManageObjectACL.cs
@@ -0,0 +1,93 @@
+﻿// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX - License - Identifier: Apache - 2.0
+
+namespace ManageObjectACLExample
+{
+    using System;
+    using System.Collections.Generic;
+    using System.Threading.Tasks;
+    using Amazon.S3;
+    using Amazon.S3.Model;
+
+    /// <summary>
+    /// This example shows how to work with the Access Control List (ACL) of an
+    /// object in an Amazon Simple Storage Service (Amazon S3) bucket. The
+    /// example was created with the AWS SDK for .NET version 3.7 and .NET
+    /// Core 5.0.
+    /// </summary>
+    public class ManageObjectACL
+    {
+        public static async Task Main()
+        {
+            string bucketName = "doc-example-bucket";
+            string keyName = "example-bucket.txt";
+            string emailAddress = "someone@example.com";
+
+            // If the AWS Region of the default user is different from the AWS
+            // Region where the Amazon S3 bucket is located, pass the AWS Region
+            // to the S3 client constructor. Like this:
+            // RegionEndpoint bucketRegion = RegionEndpoint.USWest2;
+            IAmazonS3 client = new AmazonS3Client();
+            await TestObjectACLTestAsync(client, bucketName, keyName, emailAddress);
+        }
+
+        /// <summary>
+        /// This method first retrieves and then clears the ACL for an object.
+        /// </summary>
+        /// <param name="client">The initialized S3 client object which will be
+        /// used to get and change the ACL for the S3 object.</param>
+        /// <param name="bucketName">A string representing the name of the S3
+        /// bucket where the object whose ACL will be modified is stored.</param>
+        /// <param name="keyName">The key name of the S3 object whose ACL will
+        /// be modified.</param>
+        /// <param name="emailAddress">The email address to use in defining the
+        /// grant for the new ACL.</param>
+        public static async Task TestObjectACLTestAsync(IAmazonS3 client, string bucketName, string keyName, string emailAddress)
+        {
+            try
+            {
+                // Retrieve the ACL for the object.
+                GetACLResponse aclResponse = await client.GetACLAsync(new GetACLRequest
+                {
+                    BucketName = bucketName,
+                    Key = keyName,
+                });
+
+                S3AccessControlList acl = aclResponse.AccessControlList;
+
+                // Retrieve the owner (we use this to re-add permissions after we clear the ACL).
+                Owner owner = acl.Owner;
+
+                // Clear existing grants.
+                acl.Grants.Clear();
+
+                // Add a grant to reset the owner's full permission (the previous clear statement removed all permissions).
+                S3Grant fullControlGrant = new ()
+                {
+                    Grantee = new S3Grantee { CanonicalUser = owner.Id },
+                    Permission = S3Permission.FULL_CONTROL,
+                };
+
+                // Describe the grant for the permission using an email address.
+                S3Grant grantUsingEmail = new ()
+                {
+                    Grantee = new S3Grantee { EmailAddress = emailAddress },
+                    Permission = S3Permission.WRITE_ACP,
+                };
+                acl.Grants.AddRange(new List<S3Grant> { fullControlGrant, grantUsingEmail });
+
+                // Set a new ACL.
+                PutACLResponse response = await client.PutACLAsync(new PutACLRequest
+                {
+                    BucketName = bucketName,
+                    Key = keyName,
+                    AccessControlList = acl,
+                });
+            }
+            catch (AmazonS3Exception amazonS3Exception)
+            {
+                Console.WriteLine($"Error: {amazonS3Exception.Message}");
+            }
+        }
+    }
+}
diff --git a/dotnetv3/S3/ManageObjectACLExample/ManageObjectACLExample/ManageObjectACLExample.csproj b/dotnetv3/S3/ManageObjectACLExample/ManageObjectACLExample/ManageObjectACLExample.csproj
@@ -0,0 +1,17 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net5.0</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="AWSSDK.Core" Version="3.7.0.37" />
+    <PackageReference Include="AWSSDK.S3" Version="3.7.1.7" />
+    <PackageReference Include="StyleCop.Analyzers" Version="1.1.118">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+  </ItemGroup>
+
+</Project>
