Sha256: f1881163478f39305ecafa317fac79144047823a694a356cfac1f6461280836e

Contents?: true

Size: 1.66 KB

Versions: 1

Compression:

Stored size: 1.66 KB

Contents

module Heirloom
  module ACL
    class S3

      def initialize(args)
        @config = args[:config]
        @region = args[:region]
        @logger = args[:logger]
        @accounts = @config.authorized_aws_accounts
      end

      def allow_read_acccess_from_accounts(args)
        bucket = args[:bucket]
        key_name = args[:key_name]
        key_folder = args[:key_folder]

        key = "#{key_folder}/#{key_name}.tar.gz"

        current_acls = s3.get_bucket_acl bucket

        name = current_acls['Owner']['Name']
        id = current_acls['Owner']['ID']

        grants = build_bucket_grants :id => id,
                                     :name => name,
                                     :accounts => @accounts

        @accounts.each do |a|
          @logger.info "Authorizing #{a} to s3://#{bucket}/#{key}"
        end
        s3.put_object_acl bucket, key, grants
      end

      private

      def build_bucket_grants(args)
        id = args[:id]
        name = args[:name]

        a = Array.new

        # Add each account email as read access
        @accounts.each do |g|
          a << {
                 'Grantee' => { 'EmailAddress' => g } ,
                 'Permission' => 'READ'
               }
        end

        # Grand owner full access
        a << { 'Grantee' => { 'DisplayName' => name, 'ID' => id },
               'Permission' => 'FULL_CONTROL'
             }

        {
          'Owner' => {
            'DisplayName' => name,
            'ID' => id
          },
          'AccessControlList' => a
        }
      end

      def s3
        @s3 ||= AWS::S3.new :config => @config,
                            :region => @region
      end

    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version Path
heirloom-0.1.3 lib/heirloom/acl/s3.rb