Version: v1.2.6 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 12, 2020 License: Apache-2.0 Imports: 27 Imported by: 0




View Source
const (
	All                            action = "s3:*"
	AbortMultipartUpload           action = "s3:AbortMultipartUpload"
	CreateBucket                   action = "s3:CreateBucket"
	DeleteBucketPolicy             action = "s3:DeleteBucketPolicy"
	DeleteBucket                   action = "s3:DeleteBucket"
	DeleteBucketWebsite            action = "s3:DeleteBucketWebsite"
	DeleteObject                   action = "s3:DeleteObject"
	DeleteObjectVersion            action = "s3:DeleteObjectVersion"
	DeleteReplicationConfiguration action = "s3:DeleteReplicationConfiguration"
	GetAccelerateConfiguration     action = "s3:GetAccelerateConfiguration"
	GetBucketAcl                   action = "s3:GetBucketAcl"
	GetBucketCORS                  action = "s3:GetBucketCORS"
	GetBucketLocation              action = "s3:GetBucketLocation"
	GetBucketLogging               action = "s3:GetBucketLogging"
	GetBucketNotification          action = "s3:GetBucketNotification"
	GetBucketPolicy                action = "s3:GetBucketPolicy"
	GetBucketRequestPayment        action = "s3:GetBucketRequestPayment"
	GetBucketTagging               action = "s3:GetBucketTagging"
	GetBucketVersioning            action = "s3:GetBucketVersioning"
	GetBucketWebsite               action = "s3:GetBucketWebsite"
	GetLifecycleConfiguration      action = "s3:GetLifecycleConfiguration"
	GetObjectAcl                   action = "s3:GetObjectAcl"
	GetObject                      action = "s3:GetObject"
	GetObjectTorrent               action = "s3:GetObjectTorrent"
	GetObjectVersionAcl            action = "s3:GetObjectVersionAcl"
	GetObjectVersion               action = "s3:GetObjectVersion"
	GetObjectVersionTorrent        action = "s3:GetObjectVersionTorrent"
	GetReplicationConfiguration    action = "s3:GetReplicationConfiguration"
	ListAllMyBuckets               action = "s3:ListAllMyBuckets"
	ListBucketMultiPartUploads     action = "s3:ListBucketMultiPartUploads"
	ListBucket                     action = "s3:ListBucket"
	ListBucketVersions             action = "s3:ListBucketVersions"
	ListMultipartUploadParts       action = "s3:ListMultipartUploadParts"
	PutAccelerateConfiguration     action = "s3:PutAccelerateConfiguration"
	PutBucketAcl                   action = "s3:PutBucketAcl"
	PutBucketCORS                  action = "s3:PutBucketCORS"
	PutBucketLogging               action = "s3:PutBucketLogging"
	PutBucketNotification          action = "s3:PutBucketNotification"
	PutBucketPolicy                action = "s3:PutBucketPolicy"
	PutBucketRequestPayment        action = "s3:PutBucketRequestPayment"
	PutBucketTagging               action = "s3:PutBucketTagging"
	PutBucketVersioning            action = "s3:PutBucketVersioning"
	PutBucketWebsite               action = "s3:PutBucketWebsite"
	PutLifecycleConfiguration      action = "s3:PutLifecycleConfiguration"
	PutObjectAcl                   action = "s3:PutObjectAcl"
	PutObject                      action = "s3:PutObject"
	PutObjectVersionAcl            action = "s3:PutObjectVersionAcl"
	PutReplicationConfiguration    action = "s3:PutReplicationConfiguration"
	RestoreObject                  action = "s3:RestoreObject"


AllowedActions is a lenient default list of actions


func NewBucketController

func NewBucketController(cfg *rest.Config, p *Provisioner) (*provisioner.Provisioner, error)


type BucketPolicy

type BucketPolicy struct {
	// Id (optional) identifies the bucket policy
	Id string `json:"Id"`
	// Version is the version of the BucketPolicy data structure
	// should always be '2012-10-17'
	Version   string            `json:"Version"`
	Statement []PolicyStatement `json:"Statement"`

BucketPolicy represents set of policy statements for a single bucket.

func NewBucketPolicy

func NewBucketPolicy(ps ...PolicyStatement) *BucketPolicy

NewBucketPolicy obviously returns a new BucketPolicy. PolicyStatements may be passed in at creation or added after the fact. BucketPolicies should be passed to PutBucketPolicy().

func (*BucketPolicy) DropPolicyStatements

func (bp *BucketPolicy) DropPolicyStatements(sid ...string) *BucketPolicy

func (*BucketPolicy) EjectPrincipals

func (bp *BucketPolicy) EjectPrincipals(users ...string) *BucketPolicy

func (*BucketPolicy) ModifyBucketPolicy

func (bp *BucketPolicy) ModifyBucketPolicy(ps ...PolicyStatement) *BucketPolicy

ModifyBucketPolicy new and old statement SIDs and overwrites on a match. This allows users to Get, modify, and Replace existing statements as well as add new ones.

type PolicyStatement

type PolicyStatement struct {
	// Sid (optional) is the PolicyStatement's unique  identifier
	Sid string `json:"Sid"`
	// Effect determins whether the Action(s) are 'Allow'ed or 'Deny'ed.
	Effect effect `json:"Effect"`
	// Principle is/are the Ceph user names affected by this PolicyStatement
	// Must be in the format of 'arn:aws:iam:::user/<ceph-user>'
	Principal map[string][]string `json:"Principal"`
	// Action is a list of s3:* actions
	Action []action `json:"Action"`
	// Resource is the ARN identifier for the S3 resource (bucket)
	// Must be in the format of 'arn:aws:s3:::<bucket>'
	Resource []string `json:"Resource"`

PolicyStatment is the Go representation of a PolicyStatement json struct it defines what Actions that a Principle can or cannot perform on a Resource

func NewPolicyStatement

func NewPolicyStatement() *PolicyStatement

NewPolicyStatement generates a new PolicyStatement. PolicyStatment methods are designed to be chain called with dot notation to allow for easy configuration at creation. This is preferable to a long parameter list.

func (*PolicyStatement) Actions

func (ps *PolicyStatement) Actions(actions ...action) *PolicyStatement

Actions is the set of "s3:*" actions for the PolicyStatement is concerned

func (*PolicyStatement) Allows

func (ps *PolicyStatement) Allows() *PolicyStatement

Allows sets the effect of the PolicyStatement to allow PolicyStatement's Actions

func (*PolicyStatement) Denies

func (ps *PolicyStatement) Denies() *PolicyStatement

Denies sets the effect of the PolicyStatement to deny the PolicyStatement's Actions

func (*PolicyStatement) EjectPrincipals

func (ps *PolicyStatement) EjectPrincipals(users ...string)

func (*PolicyStatement) ForPrincipals

func (ps *PolicyStatement) ForPrincipals(users ...string) *PolicyStatement

ForPrincipals adds users to the PolicyStatement

func (*PolicyStatement) ForResources

func (ps *PolicyStatement) ForResources(resources ...string) *PolicyStatement

ForResources adds resources (buckets) to the PolicyStatement with the appropriate ARN prefix

func (*PolicyStatement) ForSubResources added in v1.2.0

func (ps *PolicyStatement) ForSubResources(resources ...string) *PolicyStatement

ForSubResources add contents inside the bucket to the PolicyStatement with the appropriate ARN prefix

func (*PolicyStatement) WithSID

func (ps *PolicyStatement) WithSID(sid string) *PolicyStatement

type Provisioner

type Provisioner struct {
	// contains filtered or unexported fields

func NewProvisioner

func NewProvisioner(context *clusterd.Context, namespace string) *Provisioner

func (Provisioner) Delete

func (p Provisioner) Delete(ob *bktv1alpha1.ObjectBucket) error

Delete is called when the ObjectBucketClaim (OBC) is deleted and the associated storage class' reclaimPolicy is "Delete". Or, if a Provision() error occurs and the bucket controller needs to clean up before retrying.

func (Provisioner) Grant

Grant attaches to an existing rgw bucket and returns a connection info representing the bucket's endpoint and user access credentials.

func (Provisioner) Provision

func (p Provisioner) Provision(options *apibkt.BucketOptions) (*bktv1alpha1.ObjectBucket, error)

Provision creates an s3 bucket and returns a connection info representing the bucket's endpoint and user access credentials.

func (Provisioner) Revoke

func (p Provisioner) Revoke(ob *bktv1alpha1.ObjectBucket) error

Revoke removes a user and creds from an existing bucket. Note: cleanup order below matters.

type S3Agent

type S3Agent struct {
	// contains filtered or unexported fields

S3Agent wraps the s3.S3 structure to allow for wrapper methods

func NewS3Agent

func NewS3Agent(accessKey, secretKey, endpoint string) (*S3Agent, error)

func (S3Agent) CreateBucket

func (s S3Agent) CreateBucket(name string) error

CreateBucket creates a bucket with the given name

func (S3Agent) GetBucketPolicy

func (s S3Agent) GetBucketPolicy(bucket string) (*BucketPolicy, error)

func (S3Agent) PutBucketPolicy

func (s S3Agent) PutBucketPolicy(bucket string, policy BucketPolicy) (*s3.PutBucketPolicyOutput, error)

PutBucketPolicy applies the policy to the bucket

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL