etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

S3AccessControlList, SHost, SAcl updates and fixes

This commit is contained in:
JohnZ 2012-05-02 22:28:00 +01:00
parent 3eb97d7d02
commit b89841ee4a
11 changed files with 282 additions and 1923 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
awsapi-setup/db/mysql/cloudbridge_db.sql
View File

@ -1,28 +1,12 @@
<<<<<<< HEAD
SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='ANSI';
DROP DATABASE IF EXISTS cloudbridge;
CREATE DATABASE cloudbridge;
GRANT ALL ON cloudbridge.* to `cloud`@`localhost`;
GRANT ALL ON cloudbridge.* to `cloud`@`%`;
GRANT process ON *.* TO `cloud`@`localhost`;
GRANT process ON *.* TO `cloud`@`%`;
COMMIT;
=======
SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='ANSI';
DROP DATABASE IF EXISTS cloudbridge;
CREATE DATABASE cloudbridge;
GRANT ALL ON cloudbridge.* to `cloud`@`localhost` identified by 'cloud';
GRANT ALL ON cloudbridge.* to `cloud`@`%` identified by 'cloud';
GRANT ALL ON cloudbridge.* to `cloud`@`localhost`;
GRANT ALL ON cloudbridge.* to `cloud`@`%`;
GRANT process ON *.* TO `cloud`@`localhost`;
GRANT process ON *.* TO `cloud`@`%`;
COMMIT;
>>>>>>> 6472e7b... Now really adding the renamed files!

4
awsapi-setup/setup/cloud-bridge-register
View File

@ -20,11 +20,7 @@ def get_signature(key, url, query):
hmac.new(key, '\n'.join(['GET', netloc, path, query]), sha).digest()))
def get_url(url, api_key, secret_key, action, query):
<<<<<<< HEAD
amzn_string = 'AWSAccessKeyId=' + api_key + '&Action=' + action + '&SignatureMethod=HmacSHA1'
=======
amzn_string = 'AWSAccessKeyId=' + api_key + '&CloudAction=' + action + '&SignatureMethod=HmacSHA1'
>>>>>>> 6472e7b... Now really adding the renamed files!
amzn_string += '&SignatureVersion=2&Timestamp='+ datetime.now().isoformat()[:19] +'Z&Version=2010-11-15'
query = amzn_string + '&' + query
url = url + '?' + query + '&Signature=' + get_signature(secret_key, url, query)

7
awsapi/conf/cloud-bridge.properties
View File

@ -1,15 +1,8 @@
host=http://localhost:8080/bridge
<<<<<<< HEAD
storage.root=c:\\temp\\s3repo
storage.multipartDir=__multipart__uploads__
bucket.dns=true
serviceEndpoint=s3.amazonaws.com
=======
storage.root=/Users/john1/S3-Mount
storage.multipartDir=__multipart__uploads__
bucket.dns=false
serviceEndpoint=localhost:8080
>>>>>>> 6472e7b... Now really adding the renamed files!

3
awsapi/conf/ec2-service.properties
View File

@ -4,12 +4,9 @@ cloudstackVersion=2.2.0
WSDLVersion=2010-11-15
keystore=xes.keystore
keystorePass=apache
<<<<<<< HEAD
=======
dbHost=localhost
dbName=cloudbridge
dbUser=cloud
dbPassword=cloud
>>>>>>> 6472e7b... Now really adding the renamed files!

85
awsapi/conf/hibernate.cfg.xml
View File

@ -1,48 +1,37 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE hibernate-configuration PUBLIC "-//Hibernate/Hibernate Configuration DTD//EN" "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
<hibernate-configuration>
<session-factory>
<property name="hibernate.connection.driver_class">com.mysql.jdbc.Driver</property>
<<<<<<< HEAD
=======
<property name="hibernate.connection.url">jdbc:mysql://localhost/cloudbridge</property>
<property name="hibernate.connection.username">cloud</property>
<property name="hibernate.connection.password">cloud</property>
>>>>>>> 6472e7b... Now really adding the renamed files!
<property name="hibernate.connection.pool_size">20</property>
<property name="hibernate.connection.autocommit">false</property>
<!-- transactiion isolation level : 1 - read uncommitted, 2 - read committed, 4 - repeatable read, 8 - Serializable -->
<property name="hibernate.connection.isolation">2</property>
<property name="hibernate.hbm2ddl.auto">update</property>
<property name="hibernate.order_updates">true</property>
<property name="dialect">org.hibernate.dialect.MySQLDialect</property>
<property name="show_sql">true</property>
<!-- to debug hibernate generated SQL, open following configuration property -->
<<<<<<< HEAD
<!--
<property name="show_sql">true</property>
<property name="hibernate.format_sql">true</property>
-->
=======
<!--
<property name="show_sql">true</property>
<property name="hibernate.format_sql">true</property>
-->
>>>>>>> 6472e7b... Now really adding the renamed files!
<!-- Mapping files -->
<mapping resource="com/cloud/bridge/model/UserCredentials.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SHost.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/MHost.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/MHostMount.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SBucket.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SObject.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SObjectItem.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SMeta.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SAcl.hbm.xml"/>
</session-factory>
</hibernate-configuration>
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE hibernate-configuration PUBLIC "-//Hibernate/Hibernate Configuration DTD//EN" "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
<hibernate-configuration>
<session-factory>
<property name="hibernate.connection.driver_class">com.mysql.jdbc.Driver</property>
<property name="hibernate.connection.url">jdbc:mysql://localhost/cloudbridge</property>
<property name="hibernate.connection.username">cloud</property>
<property name="hibernate.connection.password">cloud</property>
<property name="hibernate.connection.pool_size">20</property>
<property name="hibernate.connection.autocommit">false</property>
<!-- transactiion isolation level : 1 - read uncommitted, 2 - read committed, 4 - repeatable read, 8 - Serializable -->
<property name="hibernate.connection.isolation">2</property>
<property name="hibernate.hbm2ddl.auto">update</property>
<property name="hibernate.order_updates">true</property>
<property name="dialect">org.hibernate.dialect.MySQLDialect</property>
<property name="show_sql">true</property>
<!-- to debug hibernate generated SQL, open following configuration property -->
<!--
<property name="show_sql">true</property>
<property name="hibernate.format_sql">true</property>
-->
<!-- Mapping files -->
<mapping resource="com/cloud/bridge/model/UserCredentials.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SHost.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/MHost.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/MHostMount.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SBucket.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SObject.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SObjectItem.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SMeta.hbm.xml"/>
<mapping resource="com/cloud/bridge/model/SAcl.hbm.xml"/>
</session-factory>
</hibernate-configuration>

3
awsapi/release-notes.txt
View File

@ -1,4 +1,3 @@
<<<<<<< HEAD
1.0.2.RC6
=========
@ -11,8 +10,6 @@
* Fixed ec2-register/registerTemplate calls
=======
>>>>>>> 6472e7b... Now really adding the renamed files!
1.0.2.RC4
=========

478
awsapi/src/com/cloud/bridge/model/SAcl.java
View File

@ -1,239 +1,239 @@
/*
* Copyright (C) 2011 Citrix Systems, Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.cloud.bridge.model;
import java.io.Serializable;
import java.util.Date;
import com.cloud.bridge.service.exception.UnsupportedException;
import com.cloud.bridge.util.OrderedPair;
import com.cloud.bridge.util.Triple;
/**
* @author John Zucker, Kelven Yang
* A model of stored ACLs to remember the ACL permissions per canonicalUserID per grantee
* Hold the AWS S3 grantee and permission constants.
*
* This class implements two forms of getCannedAccessControls mappings, as static methods,
*
* (a) an OrderedPair which provides a maplet across
* < permission, grantee >
* when given an aclRequestString and a target (i.e. bucket or object),
*
* (b) a Triplet
* < permission1, permission2, symbol >
* when given an aclRequestString, a target (i.e. bucket or object) and the ID of the owner.
*/
public class SAcl implements Serializable {
private static final long serialVersionUID = 7900837117165018850L;
public static final int GRANTEE_USER = 0;
public static final int GRANTEE_ALLUSERS = 1;
public static final int GRANTEE_AUTHENTICATED = 2;
public static final int PERMISSION_PASS = -1; // No ACL test required
public static final int PERMISSION_NONE = 0;
public static final int PERMISSION_READ = 1;
public static final int PERMISSION_WRITE = 2;
public static final int PERMISSION_READ_ACL = 4;
public static final int PERMISSION_WRITE_ACL = 8;
public static final int PERMISSION_FULL = (PERMISSION_READ | PERMISSION_WRITE | PERMISSION_READ_ACL | PERMISSION_WRITE_ACL);
private Long id;
private String target;
private long targetId;
private int granteeType;
private String granteeCanonicalId;
private int permission;
private int grantOrder;
private Date createTime;
private Date lastModifiedTime;
public SAcl() {
}
public Long getId() {
return id;
}
private void setId(Long id) {
this.id = id;
}
public String getTarget() {
return target;
}
public void setTarget(String target) {
this.target = target;
}
public long getTargetId() {
return targetId;
}
public void setTargetId(long targetId) {
this.targetId = targetId;
}
public int getGranteeType() {
return granteeType;
}
public void setGranteeType(int granteeType) {
this.granteeType = granteeType;
}
public String getGranteeCanonicalId() {
return granteeCanonicalId;
}
public void setGranteeCanonicalId(String granteeCanonicalId) {
this.granteeCanonicalId = granteeCanonicalId;
}
public int getPermission() {
return permission;
}
public void setPermission(int permission) {
this.permission = permission;
}
public int getGrantOrder() {
return grantOrder;
}
public void setGrantOrder(int grantOrder) {
this.grantOrder = grantOrder;
}
public Date getCreateTime() {
return createTime;
}
public void setCreateTime(Date createTime) {
this.createTime = createTime;
}
public Date getLastModifiedTime() {
return lastModifiedTime;
}
public void setLastModifiedTime(Date lastModifiedTime) {
this.lastModifiedTime = lastModifiedTime;
}
/** Return an OrderedPair
* < permission, grantee >
* comprising
* a permission - which is one of SAcl.PERMISSION_PASS, SAcl.PERMISSION_NONE, SAcl.PERMISSION_READ,
* SAcl.PERMISSION_WRITE, SAcl.PERMISSION_READ_ACL, SAcl.PERMISSION_WRITE_ACL, SAcl.PERMISSION_FULL
* a grantee - which is one of GRANTEE_ALLUSERS, GRANTEE_AUTHENTICATED, GRANTEE_USER
*
* Access controls that are specified via the "x-amz-acl:" headers in REST requests for buckets.
* The ACL request string is treated as a request for a known cannedAccessPolicy
* @param aclRequestString - The requested ACL from the set of AWS S3 canned ACLs
* @param target - Either "SBucket" or otherwise assumed to be for a single object item
*/
public static OrderedPair <Integer,Integer> getCannedAccessControls ( String aclRequestString, String target )
throws UnsupportedException
{
if ( aclRequestString.equalsIgnoreCase( "public-read" ))
// All users granted READ access.
return new OrderedPair <Integer,Integer> (PERMISSION_READ,GRANTEE_ALLUSERS);
else if (aclRequestString.equalsIgnoreCase( "public-read-write" ))
// All users granted READ and WRITE access
return new OrderedPair <Integer,Integer> ((PERMISSION_READ | PERMISSION_WRITE),GRANTEE_ALLUSERS);
else if (aclRequestString.equalsIgnoreCase( "authenticated-read" ))
// Authenticated users have READ access
return new OrderedPair <Integer,Integer> (PERMISSION_READ,GRANTEE_AUTHENTICATED);
else if (aclRequestString.equalsIgnoreCase( "private" ))
// Only Owner gets FULL_CONTROL
return new OrderedPair <Integer,Integer> (PERMISSION_FULL,GRANTEE_USER);
else if (aclRequestString.equalsIgnoreCase( "bucket-owner-read" ))
{
// Object Owner gets FULL_CONTROL, Bucket Owner gets READ
if ( target.equalsIgnoreCase( "SBucket" ))
return new OrderedPair <Integer,Integer> (PERMISSION_READ, GRANTEE_USER);
else
return new OrderedPair <Integer,Integer> (PERMISSION_FULL, GRANTEE_USER);
}
else if (aclRequestString.equalsIgnoreCase( "bucket-owner-full-control" ))
{
// Object Owner gets FULL_CONTROL, Bucket Owner gets FULL_CONTROL
// This is equivalent to private when used with PUT Bucket
return new OrderedPair <Integer,Integer> (PERMISSION_FULL,GRANTEE_USER);
}
else throw new UnsupportedException( "Unknown Canned Access Policy: " + aclRequestString + " is not supported" );
}
/** Return a Triple
* < permission1, permission2, symbol >
* comprising
* two permissions - which is one of SAcl.PERMISSION_PASS, SAcl.PERMISSION_NONE, SAcl.PERMISSION_READ,
* SAcl.PERMISSION_WRITE, SAcl.PERMISSION_READ_ACL, SAcl.PERMISSION_WRITE_ACL, SAcl.PERMISSION_FULL
* permission1 applies to objects, permission2 applies to buckets.
* a symbol to indicate whether the principal is anonymous (i.e. string "A") or authenticated user (i.e.
* string "*") - otherwise null indicates a single ACL for all users.
*
* Access controls that are specified via the "x-amz-acl:" headers in REST requests for buckets.
* The ACL request string is treated as a request for a known cannedAccessPolicy
* @param aclRequestString - The requested ACL from the set of AWS S3 canned ACLs
* @param target - Either "SBucket" or otherwise assumed to be for a single object item
* @param ownerID - An ID for the owner, if used in place of symbols "A" or "*"
*/
public static Triple <Integer,Integer,String> getCannedAccessControls ( String aclRequestString, String target, String ownerID )
throws UnsupportedException
{
if ( aclRequestString.equalsIgnoreCase( "public-read" ))
// Owner gets FULL_CONTROL and the anonymous principal (the 'A' symbol here) is granted READ access.
return new Triple <Integer, Integer, String> (PERMISSION_FULL, PERMISSION_READ,"A");
else if (aclRequestString.equalsIgnoreCase( "public-read-write" ))
// Owner gets FULL_CONTROL and the anonymous principal (the 'A' symbol here) is granted READ and WRITE access
return new Triple <Integer, Integer, String> (PERMISSION_FULL, (PERMISSION_READ | PERMISSION_WRITE),"A");
else if (aclRequestString.equalsIgnoreCase( "authenticated-read" ))
// Owner gets FULL_CONTROL and ANY principal authenticated as a registered S3 user (the '*' symbol here) is granted READ access
return new Triple <Integer, Integer, String> (PERMISSION_FULL, PERMISSION_READ,"*");
else if (aclRequestString.equalsIgnoreCase( "private" ))
// This is termed the "private" or default ACL, "Owner gets FULL_CONTROL"
return new Triple <Integer, Integer, String> (PERMISSION_FULL, PERMISSION_FULL,null);
else if (aclRequestString.equalsIgnoreCase( "bucket-owner-read" ))
{
// Object Owner gets FULL_CONTROL, Bucket Owner gets READ
// This is equivalent to private when used with PUT Bucket
if ( target.equalsIgnoreCase( "SBucket" ))
return new Triple <Integer, Integer, String> (PERMISSION_FULL,PERMISSION_FULL ,null);
else
return new Triple <Integer, Integer, String> (PERMISSION_FULL,PERMISSION_READ,ownerID);
}
else if (aclRequestString.equalsIgnoreCase( "bucket-owner-full-control" ))
{
// Object Owner gets FULL_CONTROL, Bucket Owner gets FULL_CONTROL
// This is equivalent to private when used with PUT Bucket
if ( target.equalsIgnoreCase( "SBucket" ))
return new Triple <Integer, Integer, String> (PERMISSION_FULL, PERMISSION_FULL, null);
else
return new Triple <Integer, Integer, String> (PERMISSION_FULL,PERMISSION_FULL, ownerID);
}
else throw new UnsupportedException( "Unknown Canned Access Policy: " + aclRequestString + " is not supported" );
}
}
/*
* Copyright (C) 2011 Citrix Systems, Inc. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.cloud.bridge.model;
import java.io.Serializable;
import java.util.Date;
import com.cloud.bridge.service.exception.UnsupportedException;
import com.cloud.bridge.util.OrderedPair;
import com.cloud.bridge.util.Triple;
/**
* @author John Zucker, Kelven Yang
* A model of stored ACLs to remember the ACL permissions per canonicalUserID per grantee
* Hold the AWS S3 grantee and permission constants.
*
* This class implements two forms of getCannedAccessControls mappings, as static methods,
*
* (a) an OrderedPair which provides a maplet across
* < permission, grantee >
* when given an aclRequestString and a target (i.e. bucket or object),
*
* (b) a Triplet
* < permission1, permission2, symbol >
* when given an aclRequestString, a target (i.e. bucket or object) and the ID of the owner.
*/
public class SAcl implements Serializable {
private static final long serialVersionUID = 7900837117165018850L;
public static final int GRANTEE_USER = 0;
public static final int GRANTEE_ALLUSERS = 1;
public static final int GRANTEE_AUTHENTICATED = 2;
public static final int PERMISSION_PASS = -1; // No ACL test required
public static final int PERMISSION_NONE = 0;
public static final int PERMISSION_READ = 1;
public static final int PERMISSION_WRITE = 2;
public static final int PERMISSION_READ_ACL = 4;
public static final int PERMISSION_WRITE_ACL = 8;
public static final int PERMISSION_FULL = (PERMISSION_READ | PERMISSION_WRITE | PERMISSION_READ_ACL | PERMISSION_WRITE_ACL);
private Long id;
private String target;
private long targetId;
private int granteeType;
private String granteeCanonicalId;
private int permission;
private int grantOrder;
private Date createTime;
private Date lastModifiedTime;
public SAcl() {
}
public Long getId() {
return id;
}
private void setId(Long id) {
this.id = id;
}
public String getTarget() {
return target;
}
public void setTarget(String target) {
this.target = target;
}
public long getTargetId() {
return targetId;
}
public void setTargetId(long targetId) {
this.targetId = targetId;
}
public int getGranteeType() {
return granteeType;
}
public void setGranteeType(int granteeType) {
this.granteeType = granteeType;
}
public String getGranteeCanonicalId() {
return granteeCanonicalId;
}
public void setGranteeCanonicalId(String granteeCanonicalId) {
this.granteeCanonicalId = granteeCanonicalId;
}
public int getPermission() {
return permission;
}
public void setPermission(int permission) {
this.permission = permission;
}
public int getGrantOrder() {
return grantOrder;
}
public void setGrantOrder(int grantOrder) {
this.grantOrder = grantOrder;
}
public Date getCreateTime() {
return createTime;
}
public void setCreateTime(Date createTime) {
this.createTime = createTime;
}
public Date getLastModifiedTime() {
return lastModifiedTime;
}
public void setLastModifiedTime(Date lastModifiedTime) {
this.lastModifiedTime = lastModifiedTime;
}
/** Return an OrderedPair
* < permission, grantee >
* comprising
* a permission - which is one of SAcl.PERMISSION_PASS, SAcl.PERMISSION_NONE, SAcl.PERMISSION_READ,
* SAcl.PERMISSION_WRITE, SAcl.PERMISSION_READ_ACL, SAcl.PERMISSION_WRITE_ACL, SAcl.PERMISSION_FULL
* a grantee - which is one of GRANTEE_ALLUSERS, GRANTEE_AUTHENTICATED, GRANTEE_USER
*
* Access controls that are specified via the "x-amz-acl:" headers in REST requests for buckets.
* The ACL request string is treated as a request for a known cannedAccessPolicy
* @param aclRequestString - The requested ACL from the set of AWS S3 canned ACLs
* @param target - Either "SBucket" or otherwise assumed to be for a single object item
*/
public static OrderedPair <Integer,Integer> getCannedAccessControls ( String aclRequestString, String target )
throws UnsupportedException
{
if ( aclRequestString.equalsIgnoreCase( "public-read" ))
// All users granted READ access.
return new OrderedPair <Integer,Integer> (PERMISSION_READ,GRANTEE_ALLUSERS);
else if (aclRequestString.equalsIgnoreCase( "public-read-write" ))
// All users granted READ and WRITE access
return new OrderedPair <Integer,Integer> ((PERMISSION_READ | PERMISSION_WRITE),GRANTEE_ALLUSERS);
else if (aclRequestString.equalsIgnoreCase( "authenticated-read" ))
// Authenticated users have READ access
return new OrderedPair <Integer,Integer> (PERMISSION_READ,GRANTEE_AUTHENTICATED);
else if (aclRequestString.equalsIgnoreCase( "private" ))
// Only Owner gets FULL_CONTROL
return new OrderedPair <Integer,Integer> (PERMISSION_FULL,GRANTEE_USER);
else if (aclRequestString.equalsIgnoreCase( "bucket-owner-read" ))
{
// Object Owner gets FULL_CONTROL, Bucket Owner gets READ
if ( target.equalsIgnoreCase( "SBucket" ))
return new OrderedPair <Integer,Integer> (PERMISSION_READ, GRANTEE_USER);
else
return new OrderedPair <Integer,Integer> (PERMISSION_FULL, GRANTEE_USER);
}
else if (aclRequestString.equalsIgnoreCase( "bucket-owner-full-control" ))
{
// Object Owner gets FULL_CONTROL, Bucket Owner gets FULL_CONTROL
// This is equivalent to private when used with PUT Bucket
return new OrderedPair <Integer,Integer> (PERMISSION_FULL,GRANTEE_USER);
}
else throw new UnsupportedException( "Unknown Canned Access Policy: " + aclRequestString + " is not supported" );
}
/** Return a Triple
* < permission1, permission2, symbol >
* comprising
* two permissions - which is one of SAcl.PERMISSION_PASS, SAcl.PERMISSION_NONE, SAcl.PERMISSION_READ,
* SAcl.PERMISSION_WRITE, SAcl.PERMISSION_READ_ACL, SAcl.PERMISSION_WRITE_ACL, SAcl.PERMISSION_FULL
* permission1 applies to objects, permission2 applies to buckets.
* a symbol to indicate whether the principal is anonymous (i.e. string "A") or authenticated user (i.e.
* string "*") - otherwise null indicates a single ACL for all users.
*
* Access controls that are specified via the "x-amz-acl:" headers in REST requests for buckets.
* The ACL request string is treated as a request for a known cannedAccessPolicy
* @param aclRequestString - The requested ACL from the set of AWS S3 canned ACLs
* @param target - Either "SBucket" or otherwise assumed to be for a single object item
* @param ownerID - An ID for the owner, if used in place of symbols "A" or "*"
*/
public static Triple <Integer,Integer,String> getCannedAccessControls ( String aclRequestString, String target, String ownerID )
throws UnsupportedException
{
if ( aclRequestString.equalsIgnoreCase( "public-read" ))
// Owner gets FULL_CONTROL and the anonymous principal (the 'A' symbol here) is granted READ access.
return new Triple <Integer, Integer, String> (PERMISSION_FULL, PERMISSION_READ,"A");
else if (aclRequestString.equalsIgnoreCase( "public-read-write" ))
// Owner gets FULL_CONTROL and the anonymous principal (the 'A' symbol here) is granted READ and WRITE access
return new Triple <Integer, Integer, String> (PERMISSION_FULL, (PERMISSION_READ | PERMISSION_WRITE),"A");
else if (aclRequestString.equalsIgnoreCase( "authenticated-read" ))
// Owner gets FULL_CONTROL and ANY principal authenticated as a registered S3 user (the '*' symbol here) is granted READ access
return new Triple <Integer, Integer, String> (PERMISSION_FULL, PERMISSION_READ,"*");
else if (aclRequestString.equalsIgnoreCase( "private" ))
// This is termed the "private" or default ACL, "Owner gets FULL_CONTROL"
return new Triple <Integer, Integer, String> (PERMISSION_FULL, PERMISSION_FULL,null);
else if (aclRequestString.equalsIgnoreCase( "bucket-owner-read" ))
{
// Object Owner gets FULL_CONTROL, Bucket Owner gets READ
// This is equivalent to private when used with PUT Bucket
if ( target.equalsIgnoreCase( "SBucket" ))
return new Triple <Integer, Integer, String> (PERMISSION_FULL,PERMISSION_FULL ,null);
else
return new Triple <Integer, Integer, String> (PERMISSION_FULL,PERMISSION_READ,ownerID);
}
else if (aclRequestString.equalsIgnoreCase( "bucket-owner-full-control" ))
{
// Object Owner gets FULL_CONTROL, Bucket Owner gets FULL_CONTROL
// This is equivalent to private when used with PUT Bucket
if ( target.equalsIgnoreCase( "SBucket" ))
return new Triple <Integer, Integer, String> (PERMISSION_FULL, PERMISSION_FULL, null);
else
return new Triple <Integer, Integer, String> (PERMISSION_FULL,PERMISSION_FULL, ownerID);
}
else throw new UnsupportedException( "Unknown Canned Access Policy: " + aclRequestString + " is not supported" );
}
}

4
awsapi/src/com/cloud/bridge/service/core/s3/S3AccessControlList.java
View File

@ -19,12 +19,8 @@ import java.util.ArrayList;
import java.util.List;
/**
<<<<<<< HEAD
* @author Kelven Yang
=======
* @author Kelven Yang, John Zucker
* An S3AccessControlList is simply a holder of grants depicted as instances of S3Grant.
>>>>>>> 6472e7b... Now really adding the renamed files!
*/
public class S3AccessControlList {
private List<S3Grant> list = new ArrayList<S3Grant>();

1
awsapi/src/com/cloud/bridge/util/ISO8601SimpleDateTimeFormat.java
View File

@ -20,7 +20,6 @@ import java.text.SimpleDateFormat;
import java.text.DateFormat;
import java.text.FieldPosition;
import java.text.NumberFormat;
import java.text.ParsePosition;
import java.util.Date;
import java.util.Calendar;

1520
client/WEB-INF/classes/resources/messages.properties
View File

File diff suppressed because it is too large Load Diff

80
client/WEB-INF/classes/resources/messages_ja.properties
View File

@ -1,13 +1,9 @@
<<<<<<< HEAD
<<<<<<< HEAD
<<<<<<< HEAD
#new labels (begin) **********************************************************************************************
#cloudstack 3.0 (begin) ********************************************************************************************
=======
=======
=======
#new labels (begin) **********************************************************************************************
>>>>>>> cddbc4d... cloudstack 3.0 new UI - localization - move new labels on the top.
message.migrate.instance.to.host=別のホストにインスタンスを移行することを確認してください。
label.migrate.instance.to.host=別のホストにインスタンスを移行する
message.migrate.instance.to.ps=別のプライマリ·ストレージにインスタンスを移行することを確認してください。
@ -460,13 +456,6 @@ label.total.storage=Total Storage
#new labels (end) ************************************************************************************************
<<<<<<< HEAD
=======
label.action.migrate.router=ルータを移行する
label.action.migrate.router.processing=ルータの移行....
message.migrate.router.confirm=あなたがするようにルータを移行したいホストを確認してください。
label.migrate.router.to=にルータを移行する
>>>>>>> cddbc4d... cloudstack 3.0 new UI - localization - move new labels on the top.
#modified labels (begin) *****************************************************************************************
@ -1029,13 +1018,9 @@ label.action.unmanage.cluster=クラスターの非管理対象化
message.action.unmanage.cluster=クラスターを非管理対象にしてもよろしいですか?
label.action.unmanage.cluster.processing=クラスターを非管理対象にしています...
<<<<<<< HEAD
label.allocation.state=割り当て状態
managed.state=管理対象状態
=======
label.allocation.state=アロケーション状態
managed.state=管理された状態
>>>>>>> c05a040... cloudstack 3.0 new UI - add more localization labels.
label.default.use=デフォルト使用
label.host.tags=ホスト タグ
@ -1839,21 +1824,12 @@ message.action.reset.password.warning=現在のパスワードを変更する前
message.action.reset.password.off=インスタンスは現在この機能をサポートしていません。
#Errors
<<<<<<< HEAD
error.login=ユーザー名/パスワードが記録と一致しません。
error.menu.select=項目が選択されていないため操作を実行できません。
error.mgmt.server.inaccessible=管理サーバーにアクセスできません。後で再実行してください。
error.session.expired=セッションの有効期限が切れました。
error.unresolved.internet.name=インターネット名を解決できません。
=======
error.login=ユーザ名/パスワードが記録と一致しません
error.menu.select=アイテムが選択されていないためアクションを実行することができません
error.mgmt.server.inaccessible=Management Serverにアクセスできません。後で、もう一度やり直してください
error.session.expired=セッション有効期限が切れています
error.unresolved.internet.name=名前解決に失敗しました
<<<<<<< HEAD
#Jes
message.add.system.service.offering=新しいシステム·サービスの提供を追加するには、次のデータを記入してください。
message.action.delete.system.service.offering=このシステムサービスの提供を削除することを確認してください。
@ -1936,23 +1912,14 @@ label.reserved.system.netmask=予約システムのネットマスク
label.start.reserved.system.IP=予約システムのIPを起動します。
label.end.reserved.system.IP=最後の予約システムのIP
label.clusters=クラスタ
<<<<<<< HEAD
cluster.name=クラスタ名
host.MAC=ホストのMAC
agent.username=エージェントのユーザー名
agent.password=エージェントのパスワード
confirm.action.force.reconnect=このホストを再接続を強制することを確認してください。
resource.state=リソースの状態
<<<<<<< HEAD
>>>>>>> 3536a2e... cloudstack 3.0 new UI - system page - localize host section.
=======
LUN.number=LUN #
confirm.remove.IP.range=あなたがこのIPアドレス範囲の削除を希望することを確認してください。
<<<<<<< HEAD
>>>>>>> 50fadb4... cloudstack 3.0 new UI - system page - localize primary storage section.
=======
=======
label.cluster.name=クラスタ名
label.host.MAC=ホストのMAC
label.agent.username=エージェントのユーザー名
@ -1961,8 +1928,6 @@ message.confirm.action.force.reconnect=このホストを再接続を強制す
label.resource.state=リソースの状態
label.LUN.number=LUN #
message.confirm.remove.IP.range=あなたがこのIPアドレス範囲の削除を希望することを確認してください。
<<<<<<< HEAD
>>>>>>> c3c5b65... cloudstack 3.0 new UI - add more localization labels.
tooltip.zone.name=ゾーンの名前を入力します。
tooltip.dns.1=ゾーン内のVMで使用するためにDNSサーバーの名前を指定します。ゾーンのパブリックIPアドレスは、このサーバへのルートを持っている必要があります。
tooltip.dns.2=ゾーン内のVMで使用するための二次DNSサーバー名を指定します。ゾーンのパブリックIPアドレスは、このサーバへのルートを持っている必要があります
@ -1985,41 +1950,4 @@ adding.host=ホストを追加する
creating.primary.storage=プライマリ·ストレージを作成する
creating.secondary.storage=セカンダリ·ストレージを作成する
Zone.creation.complete=完全なゾーンの作成
=======
message.tooltip.zone.name=ゾーンの名前を入力します。
message.tooltip.dns.1=ゾーン内のVMで使用するためにDNSサーバーの名前を指定します。ゾーンのパブリックIPアドレスは、このサーバへのルートを持っている必要があります。
message.tooltip.dns.2=ゾーン内のVMで使用するための二次DNSサーバー名を指定します。ゾーンのパブリックIPアドレスは、このサーバへのルートを持っている必要があります
message.tooltip.internal.dns.1=ゾーン内のCloudStack内部システムのVMによって使用されるDNSサーバーの名前を指定します。ポッド用のプライベートIPアドレスはこのサーバへのルートを持っている必要があります。
message.tooltip.internal.dns.2=ゾーン内のCloudStack内部システムのVMによって使用されるDNSサーバーの名前を指定します。ポッド用のプライベートIPアドレスはこのサーバへのルートを持っている必要があります。
message.tooltip.network.domain=ゲストVMによってアクセスされるネットワーク用のカスタムドメイン名を作成するDNSサフィックスです。
message.tooltip.pod.name=このポッドの名前を入力します。
message.tooltip.reserved.system.gateway=ポッド内のホストに対するゲートウェイ。
message.tooltip.reserved.system.netmask=ポッドサブネットを定義するネットワーク接頭辞。 CIDR表記を使用しています。
message.creating.zone=ゾーンを作成する
message.creating.physical.networks=物理的なネットワークを作成する
message.configuring.physical.networks=物理的なネットワークを構成する
message.adding.Netscaler.device=NetScalerのデバイスを追加する
message.creating.pod=ポッドを作成する
message.configuring.public.traffic=公共交通を構成する
message.configuring.storage.traffic=ストレージ·トラフィックの設定
message.configuring.guest.traffic=ゲストのトラフィックを設定する
message.creating.cluster=クラスタの作成
message.adding.host=ホストを追加する
message.creating.primary.storage=プライマリ·ストレージを作成する
message.creating.secondary.storage=セカンダリ·ストレージを作成する
message.Zone.creation.complete=完全なゾーンの作成
>>>>>>> 9f86abc... cloudstack 3.0 new UI - add more localization labels.
message.enabling.zone=Enabling zone
error.something.went.wrong.please.correct.the.following=Something went wrong; please correct the following
error.could.not.enable.zone=Could not enable zone
message.zone.creation.complete.would.you.like.to.enable.this.zone=Zone creation complete. Would you like to enable this zone?
message.please.add.at.lease.one.traffic.range=Please add at lease one traffic range.
message.you.must.have.at.least.one.physical.network=You must have at least one physical network
message.please.select.a.different.public.and.management.network.before.removing=Please select a different public and management network before removing
>>>>>>> 68f12d9... cloudstack 3.0 new UI - localize messages during zone creation.
=======
>>>>>>> cddbc4d... cloudstack 3.0 new UI - localization - move new labels on the top.