rs3gw 0.2.1

High-Performance AI/HPC Object Storage Gateway powered by scirs2-io
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

//! ACL XML response types
//!
//! Grant, Grantee, AccessControlList, and AccessControlPolicy structures
//! for S3 ACL API responses.

use quick_xml::se::to_string as to_xml_string;
use serde::Serialize;

use super::Owner;
use crate::storage::{AclConfig, AclGrant};

/// Grant element for ACL
#[derive(Debug, Serialize)]
#[serde(rename = "Grant")]
pub struct Grant {
    #[serde(rename = "Grantee")]
    pub grantee: Grantee,
    #[serde(rename = "Permission")]
    pub permission: String,
}

/// Grantee element for ACL
///
/// Supports CanonicalUser (ID + DisplayName), Group (URI), and
/// AmazonCustomerByEmail (EmailAddress) grantee types.
#[derive(Debug, Serialize)]
#[serde(rename = "Grantee")]
pub struct Grantee {
    #[serde(rename = "@xmlns:xsi")]
    pub xmlns_xsi: String,
    #[serde(rename = "@xsi:type")]
    pub xsi_type: String,
    #[serde(rename = "ID", skip_serializing_if = "Option::is_none")]
    pub id: Option<String>,
    #[serde(rename = "DisplayName", skip_serializing_if = "Option::is_none")]
    pub display_name: Option<String>,
    #[serde(rename = "URI", skip_serializing_if = "Option::is_none")]
    pub uri: Option<String>,
    #[serde(rename = "EmailAddress", skip_serializing_if = "Option::is_none")]
    pub email_address: Option<String>,
}

/// AccessControlList element
#[derive(Debug, Serialize)]
#[serde(rename = "AccessControlList")]
pub struct AccessControlList {
    #[serde(rename = "Grant")]
    pub grants: Vec<Grant>,
}

/// AccessControlPolicy response for GetBucketAcl
#[derive(Debug, Serialize)]
#[serde(rename = "AccessControlPolicy")]
pub struct AccessControlPolicy {
    #[serde(rename = "@xmlns")]
    pub xmlns: String,
    #[serde(rename = "Owner")]
    pub owner: Owner,
    #[serde(rename = "AccessControlList")]
    pub access_control_list: AccessControlList,
}

impl AccessControlPolicy {
    pub fn new_full_control() -> Self {
        Self {
            xmlns: "http://s3.amazonaws.com/doc/2006-03-01/".to_string(),
            owner: Owner::default(),
            access_control_list: AccessControlList {
                grants: vec![Grant {
                    grantee: Grantee {
                        xmlns_xsi: "http://www.w3.org/2001/XMLSchema-instance".to_string(),
                        xsi_type: "CanonicalUser".to_string(),
                        id: Some("rs3gw".to_string()),
                        display_name: Some("rs3gw".to_string()),
                        uri: None,
                        email_address: None,
                    },
                    permission: "FULL_CONTROL".to_string(),
                }],
            },
        }
    }

    /// Build an `AccessControlPolicy` from an `AclConfig` stored in the engine.
    pub fn from_acl_config(cfg: &AclConfig) -> Self {
        Self {
            xmlns: "http://s3.amazonaws.com/doc/2006-03-01/".to_string(),
            owner: Owner {
                id: cfg.owner_id.clone(),
                display_name: cfg.owner_display_name.clone(),
            },
            access_control_list: AccessControlList {
                grants: cfg
                    .grants
                    .iter()
                    .map(|g| Grant {
                        grantee: Grantee::from_acl_grant(g),
                        permission: g.permission.clone(),
                    })
                    .collect(),
            },
        }
    }

    pub fn to_xml(&self) -> String {
        format!(
            r#"<?xml version="1.0" encoding="UTF-8"?>{}"#,
            to_xml_string(self).unwrap_or_default()
        )
    }
}

impl Grantee {
    /// Construct a `Grantee` from an `AclGrant`, emitting only the fields
    /// relevant to the grantee type (no empty `<ID/>` for Group grantees, etc.).
    pub fn from_acl_grant(g: &AclGrant) -> Self {
        match g.grantee_type.as_str() {
            "Group" => Self {
                xmlns_xsi: "http://www.w3.org/2001/XMLSchema-instance".to_string(),
                xsi_type: "Group".to_string(),
                id: None,
                display_name: None,
                uri: g.grantee_uri.clone(),
                email_address: None,
            },
            "AmazonCustomerByEmail" => Self {
                xmlns_xsi: "http://www.w3.org/2001/XMLSchema-instance".to_string(),
                xsi_type: "AmazonCustomerByEmail".to_string(),
                id: None,
                display_name: None,
                uri: None,
                email_address: g.grantee_email.clone(),
            },
            // Default: CanonicalUser
            _ => Self {
                xmlns_xsi: "http://www.w3.org/2001/XMLSchema-instance".to_string(),
                xsi_type: "CanonicalUser".to_string(),
                id: g.grantee_id.clone(),
                display_name: g.grantee_display_name.clone(),
                uri: None,
                email_address: None,
            },
        }
    }
}