cloud_storage_rs/resources/default_object_access_control.rs
1use crate::error::GoogleResponse;
2use crate::resources::common::ListResponse;
3pub use crate::resources::common::{Entity, ProjectTeam, Role};
4
5/// The DefaultObjectAccessControls resources represent the Access Control Lists (ACLs) applied to a
6/// new object within Google Cloud Storage when no ACL was provided for that object. ACLs let you
7/// specify who has access to your data and to what extent.
8#[derive(Debug, PartialEq, serde::Serialize, serde::Deserialize)]
9#[serde(rename_all = "camelCase")]
10pub struct DefaultObjectAccessControl {
11 /// The kind of item this is. For object access control entries, this is always
12 /// storage#objectAccessControl.
13 pub kind: String,
14 /// The entity holding the permission, in one of the following forms:
15 ///
16 /// * `user-userId`
17 /// * `user-email`
18 /// * `group-groupId`
19 /// * `group-email`
20 /// * `domain-domain`
21 /// * `project-team-projectId`
22 /// * `allUsers`
23 /// * `allAuthenticatedUsers`
24 ///
25 /// Examples:
26 ///
27 /// * The user liz@example.com would be user-liz@example.com.
28 /// * The group example@googlegroups.com would be group-example@googlegroups.com.
29 /// * To refer to all members of the G Suite for Business domain example.com, the entity would
30 /// be domain-example.com.
31 pub entity: Entity,
32 /// The access permission for the entity.
33 pub role: Role,
34 /// The email address associated with the entity, if any.
35 pub email: Option<String>,
36 /// The ID for the entity, if any.
37 pub entity_id: Option<String>,
38 /// The domain associated with the entity, if any.
39 pub domain: Option<String>,
40 /// The project team associated with the entity, if any.
41 pub project_team: Option<ProjectTeam>,
42 /// HTTP 1.1 Entity tag for the access-control entry.
43 pub etag: String,
44 /// The bucket this resource belongs to.
45 #[serde(default)]
46 pub bucket: String, // this field is not returned by Google, but we populate it manually for the
47 // convenience of the end user.
48}
49
50/// Model that can be used to create a new DefaultObjectAccessControl object.
51#[derive(Debug, PartialEq, serde::Serialize, serde::Deserialize)]
52#[serde(rename_all = "camelCase")]
53pub struct NewDefaultObjectAccessControl {
54 /// The entity holding the permission, in one of the following forms:
55 ///
56 /// * `user-userId`
57 /// * `user-email`
58 /// * `group-groupId`
59 /// * `group-email`
60 /// * `domain-domain`
61 /// * `project-team-projectId`
62 /// * `allUsers`
63 /// * `allAuthenticatedUsers`
64 ///
65 /// Examples:
66 ///
67 /// * The user liz@example.com would be user-liz@example.com.
68 /// * The group example@googlegroups.com would be group-example@googlegroups.com.
69 /// * To refer to all members of the G Suite for Business domain example.com, the entity would
70 /// be domain-example.com.
71 pub entity: Entity,
72 /// The access permission for the entity.
73 pub role: Role,
74}
75
76impl DefaultObjectAccessControl {
77 /// Create a new `DefaultObjectAccessControl` entry on the specified bucket.
78 /// ### Important
79 /// Important: This method fails with a `400 Bad Request` response for buckets with uniform
80 /// bucket-level access enabled. Use `Bucket::get_iam_policy` and `Bucket::set_iam_policy` to
81 /// control access instead.
82 /// ### Example
83 /// ```no_run
84 /// # fn main() -> Result<(), Box<dyn std::error::Error>> {
85 /// use cloud_storage::default_object_access_control::{
86 /// DefaultObjectAccessControl, NewDefaultObjectAccessControl, Role, Entity,
87 /// };
88 ///
89 /// let new_acl = NewDefaultObjectAccessControl {
90 /// entity: Entity::AllAuthenticatedUsers,
91 /// role: Role::Reader,
92 /// };
93 /// let default_acl = DefaultObjectAccessControl::create("mybucket", &new_acl)?;
94 /// # default_acl.delete()?;
95 /// # Ok(())
96 /// # }
97 /// ```
98 pub fn create(
99 bucket: &str,
100 new_acl: &NewDefaultObjectAccessControl,
101 ) -> Result<Self, crate::Error> {
102 let url = format!("{}/b/{}/defaultObjectAcl", crate::BASE_URL, bucket);
103 let client = reqwest::blocking::Client::new();
104 let result: GoogleResponse<Self> = client
105 .post(&url)
106 .headers(crate::get_headers()?)
107 .json(new_acl)
108 .send()?
109 .json()?;
110 match result {
111 GoogleResponse::Success(mut s) => {
112 s.bucket = bucket.to_string();
113 Ok(s)
114 },
115 GoogleResponse::Error(e) => Err(e.into()),
116 }
117 }
118
119 /// Retrieves default object ACL entries on the specified bucket.
120 /// ### Important
121 /// Important: This method fails with a `400 Bad Request` response for buckets with uniform
122 /// bucket-level access enabled. Use `Bucket::get_iam_policy` and `Bucket::set_iam_policy` to
123 /// control access instead.
124 /// ### Example
125 /// ```no_run
126 /// # fn main() -> Result<(), Box<dyn std::error::Error>> {
127 /// use cloud_storage::default_object_access_control::DefaultObjectAccessControl;
128 ///
129 /// let default_acls = DefaultObjectAccessControl::list("mybucket")?;
130 /// # Ok(())
131 /// # }
132 /// ```
133 pub fn list(bucket: &str) -> Result<Vec<Self>, crate::Error> {
134 let url = format!("{}/b/{}/defaultObjectAcl", crate::BASE_URL, bucket);
135 let client = reqwest::blocking::Client::new();
136 let result: GoogleResponse<ListResponse<Self>> = client
137 .get(&url)
138 .headers(crate::get_headers()?)
139 .send()?
140 .json()?;
141 match result {
142 GoogleResponse::Success(s) => {
143 Ok(s.items
144 .into_iter()
145 .map(|item| DefaultObjectAccessControl {
146 bucket: bucket.to_string(),
147 ..item
148 })
149 .collect())
150 },
151 GoogleResponse::Error(e) => Err(e.into()),
152 }
153 }
154
155 /// Read a single `DefaultObjectAccessControl`.
156 /// The `bucket` argument is the name of the bucket whose `DefaultObjectAccessControl` is to be
157 /// read, and the `entity` argument is the entity holding the permission. Options are
158 /// Can be "user-`userId`", "user-`email_address`", "group-`group_id`", "group-`email_address`",
159 /// "allUsers", or "allAuthenticatedUsers".
160 /// ### Important
161 /// Important: This method fails with a `400 Bad Request` response for buckets with uniform
162 /// bucket-level access enabled. Use `Bucket::get_iam_policy` and `Bucket::set_iam_policy` to
163 /// control access instead.
164 /// ### Example
165 /// ```no_run
166 /// # fn main() -> Result<(), Box<dyn std::error::Error>> {
167 /// use cloud_storage::default_object_access_control::{DefaultObjectAccessControl, Entity};
168 ///
169 /// let default_acl = DefaultObjectAccessControl::read("mybucket", &Entity::AllUsers)?;
170 /// # Ok(())
171 /// # }
172 /// ```
173 pub fn read(bucket: &str, entity: &Entity) -> Result<Self, crate::Error> {
174 let url = dbg!(format!(
175 "{}/b/{}/defaultObjectAcl/{}",
176 crate::BASE_URL,
177 bucket,
178 entity
179 ));
180 let client = reqwest::blocking::Client::new();
181 let result: GoogleResponse<Self> = client
182 .get(&url)
183 .headers(crate::get_headers()?)
184 .send()?
185 .json()?;
186 match result {
187 GoogleResponse::Success(mut s) => {
188 s.bucket = bucket.to_string();
189 Ok(s)
190 },
191 GoogleResponse::Error(e) => Err(e.into()),
192 }
193 }
194
195 /// Update the current `DefaultObjectAccessControl`.
196 /// ### Important
197 /// Important: This method fails with a `400 Bad Request` response for buckets with uniform
198 /// bucket-level access enabled. Use `Bucket::get_iam_policy` and `Bucket::set_iam_policy` to
199 /// control access instead.
200 /// ### Example
201 /// ```no_run
202 /// # fn main() -> Result<(), Box<dyn std::error::Error>> {
203 /// use cloud_storage::default_object_access_control::{DefaultObjectAccessControl, Entity};
204 ///
205 /// let mut default_acl = DefaultObjectAccessControl::read("my_bucket", &Entity::AllUsers)?;
206 /// default_acl.entity = Entity::AllAuthenticatedUsers;
207 /// default_acl.update()?;
208 /// # Ok(())
209 /// # }
210 /// ```
211 pub fn update(&self) -> Result<Self, crate::Error> {
212 let url = format!(
213 "{}/b/{}/defaultObjectAcl/{}",
214 crate::BASE_URL,
215 self.bucket,
216 self.entity
217 );
218 let client = reqwest::blocking::Client::new();
219 let result: GoogleResponse<Self> = client
220 .put(&url)
221 .headers(crate::get_headers()?)
222 .json(self)
223 .send()?
224 .json()?;
225 match result {
226 GoogleResponse::Success(mut s) => {
227 s.bucket = self.bucket.to_string();
228 Ok(s)
229 },
230 GoogleResponse::Error(e) => Err(e.into()),
231 }
232 }
233
234 /// Delete this 'DefaultObjectAccessControl`.
235 /// ### Important
236 /// Important: This method fails with a `400 Bad Request` response for buckets with uniform
237 /// bucket-level access enabled. Use `Bucket::get_iam_policy` and `Bucket::set_iam_policy` to
238 /// control access instead.
239 /// ### Example
240 /// ```no_run
241 /// # fn main() -> Result<(), Box<dyn std::error::Error>> {
242 /// use cloud_storage::default_object_access_control::{DefaultObjectAccessControl, Entity};
243 ///
244 /// let mut default_acl = DefaultObjectAccessControl::read("my_bucket", &Entity::AllUsers)?;
245 /// default_acl.delete()?;
246 /// # Ok(())
247 /// # }
248 /// ```
249 pub fn delete(self) -> Result<(), crate::Error> {
250 let url = format!(
251 "{}/b/{}/defaultObjectAcl/{}",
252 crate::BASE_URL,
253 self.bucket,
254 self.entity
255 );
256 let client = reqwest::blocking::Client::new();
257 let response = client.delete(&url).headers(crate::get_headers()?).send()?;
258 if response.status().is_success() {
259 Ok(())
260 } else {
261 Err(crate::Error::Google(response.json()?))
262 }
263 }
264}
265
266#[cfg(test)]
267mod tests {
268 use super::*;
269
270 #[test]
271 fn create() -> Result<(), Box<dyn std::error::Error>> {
272 let bucket = crate::read_test_bucket();
273 let new_acl = NewDefaultObjectAccessControl {
274 entity: Entity::AllUsers,
275 role: Role::Reader,
276 };
277 DefaultObjectAccessControl::create(&bucket.name, &new_acl)?;
278 Ok(())
279 }
280
281 #[test]
282 fn read() -> Result<(), Box<dyn std::error::Error>> {
283 let bucket = crate::read_test_bucket();
284 NewDefaultObjectAccessControl {
285 entity: Entity::AllUsers,
286 role: Role::Reader,
287 };
288 DefaultObjectAccessControl::read(&bucket.name, &Entity::AllUsers)?;
289 Ok(())
290 }
291
292 #[test]
293 fn list() -> Result<(), Box<dyn std::error::Error>> {
294 let bucket = crate::read_test_bucket();
295 DefaultObjectAccessControl::list(&bucket.name)?;
296 Ok(())
297 }
298
299 #[test]
300 fn update() -> Result<(), Box<dyn std::error::Error>> {
301 let bucket = crate::read_test_bucket();
302 let new_acl = NewDefaultObjectAccessControl {
303 entity: Entity::AllUsers,
304 role: Role::Reader,
305 };
306 let mut default_acl = DefaultObjectAccessControl::create(&bucket.name, &new_acl)?;
307 default_acl.entity = Entity::AllAuthenticatedUsers;
308 default_acl.update()?;
309 Ok(())
310 }
311
312 #[test]
313 fn delete() -> Result<(), Box<dyn std::error::Error>> {
314 let bucket = crate::read_test_bucket();
315 let default_acl =
316 DefaultObjectAccessControl::read(&bucket.name, &Entity::AllAuthenticatedUsers)?;
317 default_acl.delete()?;
318 Ok(())
319 }
320}