1. 首頁
  2. 問答
  3. 使用.NET API從aws s3對象ACL中刪除「Everyone」

使用.NET API從aws s3對象ACL中刪除「Everyone」

2017-07-06 57 views
1

我正在循環訪問存儲桶中的所有對象ACL,以從所有對象中刪除「Everyone」權限。這裏的想法是保留所有當前的權限。使用.NET API從aws s3對象ACL中刪除「Everyone」

我的問題是PutACL調用不起作用。在下面的例子中,創建了一個新的AccessControlList,省略了「everyone」條目。 PutACL調用成功返回,但對象的ACL未更改。

也許有更簡單的方法來識別和刪除特定的贈款。

AmazonS3Client s3 = new AmazonS3Client(); 
GetACLRequest aclRequest = new GetACLRequest() { BucketName = "my-bucket", Key = "/dir/protect_me.txt" }; 
var aclResponse = s3.GetACL(aclRequest); 

bool foundEveryonePriv = false; //if found at least one. 

S3AccessControlList newAcl = new S3AccessControlList(); 
foreach (var grant in aclResponse.AccessControlList.Grants) 
{ 
    bool grantToEveryone = string.Compare(grant.Grantee.URI, "http://acs.amazonaws.com/groups/global/AllUsers") == 0; 
    Logger.log.InfoFormat("{0},{1},{2},{3}", aclRequest.BucketName, o.Key, grant.Permission, (everyoneHasThisPriv ? "EVERYONE" : string.Empty)); 

    if (grantToEveryone) 
    { 
     foundEveryonePriv = true; 
     newAcl.AddGrant(grant.Grantee, grant.Permission); 
    } 
} 

//modify the items if necessary and requested. 
if (foundEveryonePriv) 
{ 
    newAcl.Owner = aclResponse.AccessControlList.Owner; 
    var response = s3.PutACL(new PutACLRequest() { AccessControlList = newAcl, BucketName = aclRequest.BucketName, Key = o.Key }); 
}

來源

2017-07-06 Michael

回答

0

嘗試從GET中修改現有ACL以刪除公共授權。然後將修改後的ACL發送回PUT請求。以下是我所做的工作,並且保留原始贈款並從給定對象中刪除公共贈款的工作情況良好。

private void RemovePublicAcl(AmazonS3Client client, string bucket, string key) 
    { 
     var aclRequest = new GetACLRequest { BucketName = bucket, Key = key }; 
     var aclResponse = client.GetACL(aclRequest); 
     var acl = aclResponse.AccessControlList; 

     const string PUBLIC_GRANTEE = "http://acs.amazonaws.com/groups/global/AllUsers"; 

     if (acl.Grants.Any(x => 
      !string.IsNullOrWhiteSpace(x.Grantee.URI) && 
      x.Grantee.URI.Equals(PUBLIC_GRANTEE))) 
     { 
      var publicGrant = new S3Grantee(); 
      publicGrant.URI = PUBLIC_GRANTEE; 
      acl.Grants.RemoveAll(x => 
       !string.IsNullOrWhiteSpace(x.Grantee.URI) && 
       x.Grantee.URI.Equals(PUBLIC_GRANTEE)); 

      var aclUpdate = new PutACLRequest(); 
      aclUpdate.BucketName = bucket; 
      aclUpdate.Key = key; 
      aclUpdate.AccessControlList = acl; 

      var response = client.PutACL(aclUpdate); 
     }

來源

2017-09-06 15:20:28

相關問題

 相關問題