@Before public void setup() throws IllegalAccessException, NoSuchFieldException { Assume.assumeTrue(System.getProperty("skip.long") == null); TestUtils.disableSslCertChecking(); amazonS3Client = AmazonS3ClientBuilder.standard() .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration( LocalstackTestRunner.getEndpointS3(), LocalstackTestRunner.getDefaultRegion())) .withChunkedEncodingDisabled(true) .withPathStyleAccessEnabled(true).build(); amazonS3Client.createBucket(bucketName); S3Config config = new S3Config(); Field field = StorageServiceImpl.class.getDeclaredField("s3TransferManager"); field.setAccessible(true); field.set(underTest, config.s3TransferManager(amazonS3Client)); field = StorageServiceImpl.class.getDeclaredField("environment"); field.setAccessible(true); field.set(underTest, environment); }
public S3Writer(Replicator replicator) { this.replicator = replicator; this.client = AmazonS3ClientBuilder.standard().withRegion(replicator.getConfig().s3.region).build(); this.copier = Executors.newFixedThreadPool(replicator.getConfig().redshift.maxConnections); int queueSize = TABLE_QUEUE_SIZE / replicator.getConfig().tables.size(); queueSum = queueSize * replicator.getConfig().tables.size(); for (Config.Table table : replicator.getConfig().tables) { copyQueues.put(table.name, new LinkedBlockingQueue<>(queueSize)); // We only allow 1 copy worker at a time to be copying to a given table, so we maintain this mapping. tableCopyLocks.put(table.name, new ReentrantLock()); uploadFormat(table); } for (int i = 0; i != replicator.getConfig().redshift.maxConnections; i++) { this.copier.submit(new CopyWorker(this, copyQueues, tableCopyLocks)); } this.uploader = new ThreadPoolExecutor(1, 100, 30L, TimeUnit.SECONDS, new ArrayBlockingQueue<>(20)); }
/** * Attempt to fetch a secret from S3. * * @param s3path where to fetch it from * @return the content of the file found on S3 * @throws IOException on problems streaming the content of the file * @throws AmazonS3Exception on problems communicating with amazon */ private String getS3Value(final SecretPath s3path) throws IOException, AmazonS3Exception { LOG.info("Fetching secret from s3://" + s3path.bucket + "/" + s3path.key); if (s3Client == null) { if (awsCredentialsProvider != null) { s3Client = AmazonS3ClientBuilder.standard().withCredentials(awsCredentialsProvider) .build(); } else { s3Client = AmazonS3ClientBuilder.standard().build(); } } final S3Object s3object = s3Client.getObject(new GetObjectRequest(s3path.bucket, s3path.key)); final BufferedReader reader = new BufferedReader(new InputStreamReader(s3object.getObjectContent())); final StringBuilder b = new StringBuilder(); String line; while((line = reader.readLine()) != null) { b.append(line); } LOG.info("Found secret"); reader.close(); return b.toString(); }
@BeforeClass public static void setupS3() { final ProfileCredentialsProvider credentialsProvider = new ProfileCredentialsProvider(System.getenv("AWS_PROFILE")); s3Client = AmazonS3ClientBuilder.standard().withCredentials(credentialsProvider).build(); bucket = System.getenv("AWS_S3_BUCKET"); if (! s3Client.doesBucketExist(bucket)) { if (System.getenv("AWS_S3_CREATE_BUCKET") == null || !Boolean.parseBoolean(System.getenv("AWS_S3_CREATE_BUCKET"))) { throw new IllegalStateException("Bucket does not exist and not allowed to create."); } s3Client.createBucket(bucket); } S3SecretHandler.setS3CredentialsProvider(credentialsProvider); secretHandler = new S3SecretHandler(); }
LinkGeneratorLambdaHandler(String region, String jwtEncryptKeyArn, String pageStorageBucket, String authVerifyEndpointURL, AWSCredentialsProvider awsCredential, String introPageTemplateName) throws IOException, TemplateException { AWSKMS kmsClient = AWSKMSClientBuilder.standard() .withCredentials(awsCredential) .withRegion(region) .build(); AmazonS3 s3client = AmazonS3ClientBuilder .standard() .withCredentials(awsCredential) .withRegion(region) .build(); kmsEncrypt = new KMSEncrypt(kmsClient, jwtEncryptKeyArn); this.pageStorageBucket = pageStorageBucket; this.authVerifyEndpointURL = authVerifyEndpointURL; this.pageUploader = new PageUploader(s3client, pageStorageBucket); this.introPageTemplate = new IntroPageTemplate(introPageTemplateName); }
/** * S3 储存客户端 * * @return 客户端 */ @Bean @ConditionalOnProperty(value = "bigbug.storage.s3.enable", havingValue = "true") AmazonS3Client amazonS3Client() { ClientConfiguration clientConfig = new ClientConfiguration(); clientConfig.setProtocol(Protocol.HTTP); BasicAWSCredentials basicAWSCredentials = new BasicAWSCredentials( storageProperties.getStorage().getS3().getAccessKey(), storageProperties.getStorage().getS3().getSecretKey()); return (AmazonS3Client) AmazonS3ClientBuilder.standard() .withClientConfiguration(clientConfig) .withEndpointConfiguration( new AwsClientBuilder.EndpointConfiguration( storageProperties.getStorage().getS3().getEndpoint(), Regions.DEFAULT_REGION.getName())) .withCredentials(new AWSStaticCredentialsProvider(basicAWSCredentials)) .build(); }
public TextToSpeechConverter(final AlexaInput input) { // the locale is coming with the speechlet request and indicates to source language to translate from this.locale = input.getLocale(); // get translator this.translator = TranslatorFactory.getTranslator(this.locale); // the language is taken from the user input (slot value) and indicates to language to translate to this.language = input.getSlotValue("language"); final ResourceUtteranceReader reader = new ResourceUtteranceReader("/out", "/voices.yml"); // the yaml reader reads values from YAML file to get a Polly voiceId for a language this.yamlReader = new YamlReader(reader, locale); // Polly client to request speech of a translated text this.awsPolly = AmazonPollyClientBuilder.standard().build(); // S3 client to store MP3 with speech of a translated text this.awsS3 = AmazonS3ClientBuilder.standard().build(); // session state handler to read/write skill state information to Alexa session this.sessionStateHandler = input.getSessionStateHandler(); // dynamo state handler to read/write skill state information to DynamoDB this.dynamoStateHandler = new AWSDynamoStateHandler(input.getSessionStateHandler().getSession(), SkillConfig.getDynamoTableName()); // retrieve voiceId from YAML file that maps to the language given by the user voiceId = language != null ? yamlReader.getRandomUtterance(language.toLowerCase().replace(" ", "_")).orElse("") : ""; // language-specific prefix phrases that accidently made it into the text slot and should be removed prefixesToRemove = yamlReader.getUtterances("PREFIXES_TO_REMOVE"); }
public static AmazonS3 getS3Client(final String region, final String roleArn) { final Regions awsRegion = StringUtils.isNullOrEmpty(region) ? Regions.US_EAST_1 : Regions.fromName(region); if (StringUtils.isNullOrEmpty(roleArn)) { return AmazonS3ClientBuilder.standard().withRegion(awsRegion).build(); } else { final AssumeRoleRequest assumeRole = new AssumeRoleRequest().withRoleArn(roleArn).withRoleSessionName("io-klerch-mp3-converter"); final AWSSecurityTokenService sts = AWSSecurityTokenServiceClientBuilder.standard().withRegion(awsRegion).build(); final Credentials credentials = sts.assumeRole(assumeRole).getCredentials(); final BasicSessionCredentials sessionCredentials = new BasicSessionCredentials( credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken()); return AmazonS3ClientBuilder.standard().withRegion(awsRegion).withCredentials(new AWSStaticCredentialsProvider(sessionCredentials)).build(); } }
public static AmazonS3Client getS3Client(AuthCredentialsServiceState credentials, String regionId) { ClientConfiguration configuration = new ClientConfiguration(); configuration.withRetryPolicy(new RetryPolicy(new CustomRetryCondition(), DEFAULT_BACKOFF_STRATEGY, DEFAULT_MAX_ERROR_RETRY, false)); AWSStaticCredentialsProvider awsStaticCredentialsProvider = new AWSStaticCredentialsProvider( new BasicAWSCredentials(credentials.privateKeyId, EncryptionUtils.decrypt(credentials.privateKey))); AmazonS3ClientBuilder amazonS3ClientBuilder = AmazonS3ClientBuilder .standard() .withClientConfiguration(configuration) .withCredentials(awsStaticCredentialsProvider) .withRegion(regionId); if (isAwsClientMock()) { throw new IllegalArgumentException("AWS Mock does not support S3 client"); } return (AmazonS3Client) amazonS3ClientBuilder.build(); }
public AmazonS3 newS3Client(S3SinkConnectorConfig config) { ClientConfiguration clientConfiguration = newClientConfiguration(config); AmazonS3ClientBuilder builder = AmazonS3ClientBuilder.standard() .withAccelerateModeEnabled( config.getBoolean(WAN_MODE_CONFIG) ) .withPathStyleAccessEnabled(true) .withCredentials(config.getCredentialsProvider()) .withClientConfiguration(clientConfiguration); String region = config.getString(REGION_CONFIG); if (StringUtils.isBlank(url)) { builder = "us-east-1".equals(region) ? builder.withRegion(Regions.US_EAST_1) : builder.withRegion(region); } else { builder = builder.withEndpointConfiguration( new AwsClientBuilder.EndpointConfiguration(url, region) ); } return builder.build(); }
@Override public AmazonS3 newS3Client(S3SinkConnectorConfig config) { final AWSCredentialsProvider provider = new AWSCredentialsProvider() { private final AnonymousAWSCredentials credentials = new AnonymousAWSCredentials(); @Override public AWSCredentials getCredentials() { return credentials; } @Override public void refresh() { } }; AmazonS3ClientBuilder builder = AmazonS3ClientBuilder.standard() .withAccelerateModeEnabled(config.getBoolean(S3SinkConnectorConfig.WAN_MODE_CONFIG)) .withPathStyleAccessEnabled(true) .withCredentials(provider); builder = url == null ? builder.withRegion(config.getString(S3SinkConnectorConfig.REGION_CONFIG)) : builder.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(url, "")); return builder.build(); }
public static void getWebsiteConfig(String bucket_name) { final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { BucketWebsiteConfiguration config = s3.getBucketWebsiteConfiguration(bucket_name); if (config == null) { System.out.println("No website configuration found!"); } else { System.out.format("Index document: %s\n", config.getIndexDocumentSuffix()); System.out.format("Error document: %s\n", config.getErrorDocument()); } } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.out.println("Failed to get website configuration!"); System.exit(1); } }
/** * Uses AES/GCM with AESWrap key wrapping to encrypt the key. Uses v2 metadata schema. Note that authenticated * encryption requires the bouncy castle provider to be on the classpath. Also, for authenticated encryption the size * of the data can be no longer than 64 GB. */ public void authenticatedEncryption_CustomerManagedKey() throws NoSuchAlgorithmException { SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption)) .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))) .build(); AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents"); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY)); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY)); }
/** * For ranged GET we do not use authenticated encryption since we aren't reading the entire message and can't produce the * MAC. Instead we use AES/CTR, an unauthenticated encryption algorithm. If {@link CryptoMode#StrictAuthenticatedEncryption} * is enabled, ranged GETs will not be allowed since they do not use authenticated encryption.. */ public void authenticatedEncryption_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException { SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption)) .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))) .build(); AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents"); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY)); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY)); }
/** * Same as {@link #authenticatedEncryption_CustomerManagedKey()} except uses an asymmetric key pair and * RSA/ECB/OAEPWithSHA-256AndMGF1Padding as the key wrapping algorithm. */ public void authenticatedEncryption_CustomerManagedAsymmetricKey() throws NoSuchAlgorithmException { KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption)) .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(keyPair))) .build(); AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents"); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY)); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY)); }
/** * Uses AES/GCM with AESWrap key wrapping to encrypt the key. Uses v2 metadata schema. The only difference between this and * {@link #authenticatedEncryption_CustomerManagedKey()} is that attempting to retrieve an object non * encrypted with AES/GCM will thrown an exception instead of falling back to encryption only or plaintext GET. */ public void strictAuthenticatedEncryption_CustomerManagedKey() throws NoSuchAlgorithmException { SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.StrictAuthenticatedEncryption)) .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))) .build(); AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents"); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY)); try { s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY); } catch (SecurityException e) { // Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM"); } }
/** * Uses AES/CBC algorithm, no key wrapping. */ public void encryptionOnly_CustomerManagedKey() throws NoSuchAlgorithmException { SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)) .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))) .build(); AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents"); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY)); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY)); }
/** * Uses an asymmetric key pair instead of a symmetric key. Note this does not change the algorithm used to encrypt * the content, that will still be a symmetric key algorithm (AES/CBC in this case) using the derived CEK. It does impact * the algorithm used to encrypt the CEK, in this case we use RSA/ECB/OAEPWithSHA-256AndMGF1Padding. */ public void encryptionOnly_CustomerManagedAsymetricKey() throws NoSuchAlgorithmException { KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)) .withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(keyPair))) .build(); AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents"); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY)); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY)); }
/** * This uses the V2 metadata schema with a key wrap algorithm of 'kms' and a CEK algorithm of AES/CBC/PKCS5Padding. */ public void encryptionOnly_KmsManagedKey() throws NoSuchAlgorithmException { AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)) // Can either be Key ID or alias (prefixed with 'alias/') .withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key")) .build(); AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents"); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY)); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY)); }
/** * This uses the V2 metadata schema with a key wrap algorithm of 'kms' and a CEK algorithm of AES/GCM/NoPadding. */ public void authenticatedEncryption_KmsManagedKey() throws NoSuchAlgorithmException { AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption)) // Can either be Key ID or alias (prefixed with 'alias/') .withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key")) .build(); AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents"); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY)); System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY)); }
/** * Same as authenticatedEncryption_KmsManagedKey except throws an exception when trying to get objects not encrypted with * AES/GCM. */ public void strictAuthenticatedEncryption_KmsManagedKey() throws NoSuchAlgorithmException { AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder .standard() .withRegion(Regions.US_WEST_2) .withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption)) // Can either be Key ID or alias (prefixed with 'alias/') .withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key")) .build(); AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.defaultClient(); s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents"); s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents"); try { s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY); } catch (SecurityException e) { // Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM"); } }
public static void main(String[] args) { final String USAGE = "\n" + "To run this example, supply the name of a bucket to list!\n" + "\n" + "Ex: ListObjects <bucket-name>\n"; if (args.length < 1) { System.out.println(USAGE); System.exit(1); } String bucket_name = args[0]; System.out.format("Objects in S3 bucket %s:\n", bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); ObjectListing ol = s3.listObjects(bucket_name); List<S3ObjectSummary> objects = ol.getObjectSummaries(); for (S3ObjectSummary os: objects) { System.out.println("* " + os.getKey()); } }
public static void getBucketAcl(String bucket_name) { System.out.println("Retrieving ACL for bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { AccessControlList acl = s3.getBucketAcl(bucket_name); List<Grant> grants = acl.getGrantsAsList(); for (Grant grant : grants) { System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(), grant.getPermission().toString()); } } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
public static void getObjectAcl(String bucket_name, String object_key) { System.out.println("Retrieving ACL for object: " + object_key); System.out.println(" in bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { AccessControlList acl = s3.getObjectAcl(bucket_name, object_key); List<Grant> grants = acl.getGrantsAsList(); for (Grant grant : grants) { System.out.format(" %s: %s\n", grant.getGrantee().getIdentifier(), grant.getPermission().toString()); } } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
public static void setBucketAcl(String bucket_name, String email, String access) { System.out.format("Setting %s access for %s\n", access, email); System.out.println("on bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { // get the current ACL AccessControlList acl = s3.getBucketAcl(bucket_name); // set access for the grantee EmailAddressGrantee grantee = new EmailAddressGrantee(email); Permission permission = Permission.valueOf(access); acl.grantPermission(grantee, permission); s3.setBucketAcl(bucket_name, acl); } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
public static void setObjectAcl(String bucket_name, String object_key, String email, String access) { System.out.format("Setting %s access for %s\n", access, email); System.out.println("for object: " + object_key); System.out.println(" in bucket: " + bucket_name); final AmazonS3 s3 = AmazonS3ClientBuilder.defaultClient(); try { // get the current ACL AccessControlList acl = s3.getObjectAcl(bucket_name, object_key); // set access for the grantee EmailAddressGrantee grantee = new EmailAddressGrantee(email); Permission permission = Permission.valueOf(access); acl.grantPermission(grantee, permission); s3.setObjectAcl(bucket_name, object_key, acl); } catch (AmazonServiceException e) { System.err.println(e.getErrorMessage()); System.exit(1); } }
/** * Creates an {@link S3Connector} instance with embedded {@link AmazonS3 Amazon Web Services S3 SDK Client} from * {@link S3ServiceInfo}. * @param serviceInfo S3ServiceInfo provided by {@link org.springframework.cloud.cloudfoundry.CloudFoundryServiceInfoCreator} * implementation included within the application. * @param serviceConnectorConfig * @return */ @Override public S3Connector create(S3ServiceInfo serviceInfo, ServiceConnectorConfig serviceConnectorConfig) { AWSCredentials credentials = new BasicAWSCredentials(serviceInfo.getAccessKey(), serviceInfo.getSecretKey()); AWSCredentialsProvider credentialsProvider = new AWSStaticCredentialsProvider(credentials); AwsClientBuilder.EndpointConfiguration endpointConfig = new AwsClientBuilder.EndpointConfiguration( serviceInfo.getEndpoint(), Region.getRegion(Regions.DEFAULT_REGION).getName()); AmazonS3 amazonS3 = AmazonS3ClientBuilder .standard() .withEndpointConfiguration(endpointConfig) .withCredentials(credentialsProvider) .enablePathStyleAccess() .build(); if (serviceInfo.getBucket() != null) { log.debug("Creating connector addressing ECS bucket: " + serviceInfo.getBucket()); return new S3Connector(amazonS3, serviceInfo.getEndpoint(), serviceInfo.getBucket()); } else { log.debug("Creating connector addressing ECS namespace."); return new S3Connector(amazonS3, serviceInfo.getEndpoint()); } }
protected final void createStack(final String stackName, final String template, final Parameter...parameters) { CreateStackRequest req = new CreateStackRequest() .withStackName(stackName) .withParameters(parameters) .withCapabilities(Capability.CAPABILITY_IAM); if (Config.has(Config.Key.TEMPLATE_DIR)) { final String dir = Config.get(Config.Key.TEMPLATE_DIR); if (Config.has(Config.Key.BUCKET_NAME)) { final String bucketName = Config.get(Config.Key.BUCKET_NAME); final String bucketRegion = Config.get(Config.Key.BUCKET_REGION); final AmazonS3 s3local = AmazonS3ClientBuilder.standard().withCredentials(this.credentialsProvider).withRegion(bucketRegion).build(); s3local.putObject(bucketName, stackName, new File(dir + template)); req = req.withTemplateURL("https://s3-" + bucketRegion + ".amazonaws.com/" + bucketName + "/" + stackName); } else { final String body = readFile(dir + template, Charset.forName("UTF-8")); req = req.withTemplateBody(body); } } else { req = req.withTemplateURL("https://s3-eu-west-1.amazonaws.com/widdix-aws-cf-templates/" + template); } this.cf.createStack(req); this.waitForStack(stackName, FinalStatus.CREATE_COMPLETE); }
@BeforeClass public static void setUpClass() throws IOException, InterruptedException { File dir = new File(new File("target", UUID.randomUUID().toString()), "fakes3_root").getAbsoluteFile(); Assert.assertTrue(dir.mkdirs()); fakeS3Root = dir.getAbsolutePath(); port = TestUtil.getFreePort(); fakeS3 = new FakeS3(fakeS3Root, port); Assume.assumeTrue("Please install fakes3 in your system", fakeS3.fakes3Installed()); //Start the fakes3 server executorService = Executors.newSingleThreadExecutor(); executorService.submit(fakeS3); BasicAWSCredentials credentials = new BasicAWSCredentials("foo", "bar"); s3client = AmazonS3ClientBuilder .standard() .withCredentials(new AWSStaticCredentialsProvider(credentials)) .withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration("http://localhost:" + port, null)) .withPathStyleAccessEnabled(true) .withChunkedEncodingDisabled(true) // FakeS3 does not correctly calculate checksums with chunked encoding enabled. .build(); TestUtil.createBucket(s3client, BUCKET_NAME); TestUtil.createBucket(s3client, SECOND_BUCKET_NAME); }
public S3Uploader(String accessKeyId, String secretKeyId, String bucketName, String region) { System.out.println("Initializing S3 Uploader..."); Preconditions.checkNotNull(accessKeyId, "S3 access key id can not be null"); Preconditions.checkNotNull(secretKeyId, "S3 secret key id can not be null"); Preconditions.checkNotNull(bucketName, "S3 bucket name can not be null"); Preconditions.checkNotNull(region, "S3 region can not be null"); System.out.println("S3 Access Key: " + accessKeyId); System.out.println("S3 Secret Key ID: " + secretKeyId); System.out.println("S3 Bucket Name: " + bucketName); System.out.println("S3 Region: " + region); BasicAWSCredentials awsCreds = new BasicAWSCredentials(accessKeyId, secretKeyId); this.s3client = AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(awsCreds)) .withRegion(region) .build(); this.bucketName = bucketName; }
@Test public void testAwsV2Signature() throws Exception { client = AmazonS3ClientBuilder.standard() .withClientConfiguration(V2_SIGNER_CONFIG) .withCredentials(new AWSStaticCredentialsProvider(awsCreds)) .withEndpointConfiguration(s3EndpointConfig) .build(); ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(BYTE_SOURCE.size()); client.putObject(containerName, "foo", BYTE_SOURCE.openStream(), metadata); S3Object object = client.getObject(containerName, "foo"); assertThat(object.getObjectMetadata().getContentLength()).isEqualTo( BYTE_SOURCE.size()); try (InputStream actual = object.getObjectContent(); InputStream expected = BYTE_SOURCE.openStream()) { assertThat(actual).hasContentEqualTo(expected); } }
@Test public void testAwsV4SignatureNonChunked() throws Exception { client = AmazonS3ClientBuilder.standard() .withChunkedEncodingDisabled(true) .withCredentials(new AWSStaticCredentialsProvider(awsCreds)) .withEndpointConfiguration(s3EndpointConfig) .build(); ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(BYTE_SOURCE.size()); client.putObject(containerName, "foo", BYTE_SOURCE.openStream(), metadata); S3Object object = client.getObject(containerName, "foo"); assertThat(object.getObjectMetadata().getContentLength()).isEqualTo( BYTE_SOURCE.size()); try (InputStream actual = object.getObjectContent(); InputStream expected = BYTE_SOURCE.openStream()) { assertThat(actual).hasContentEqualTo(expected); } }
@Test public void testAwsV4SignaturePayloadUnsigned() throws Exception { client = AmazonS3ClientBuilder.standard() .withChunkedEncodingDisabled(true) .withPayloadSigningEnabled(false) .withCredentials(new AWSStaticCredentialsProvider(awsCreds)) .withEndpointConfiguration(s3EndpointConfig) .build(); ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(BYTE_SOURCE.size()); client.putObject(containerName, "foo", BYTE_SOURCE.openStream(), metadata); S3Object object = client.getObject(containerName, "foo"); assertThat(object.getObjectMetadata().getContentLength()).isEqualTo( BYTE_SOURCE.size()); try (InputStream actual = object.getObjectContent(); InputStream expected = BYTE_SOURCE.openStream()) { assertThat(actual).hasContentEqualTo(expected); } }
@Test public void testAwsV4SignatureBadIdentity() throws Exception { client = AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider( new BasicAWSCredentials( "bad-access-key", awsCreds.getAWSSecretKey()))) .withEndpointConfiguration(s3EndpointConfig) .build(); ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(BYTE_SOURCE.size()); try { client.putObject(containerName, "foo", BYTE_SOURCE.openStream(), metadata); Fail.failBecauseExceptionWasNotThrown(AmazonS3Exception.class); } catch (AmazonS3Exception e) { assertThat(e.getErrorCode()).isEqualTo("InvalidAccessKeyId"); } }
@Test public void testAwsV4SignatureBadCredential() throws Exception { client = AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider( new BasicAWSCredentials( awsCreds.getAWSAccessKeyId(), "bad-secret-key"))) .withEndpointConfiguration(s3EndpointConfig) .build(); ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(BYTE_SOURCE.size()); try { client.putObject(containerName, "foo", BYTE_SOURCE.openStream(), metadata); Fail.failBecauseExceptionWasNotThrown(AmazonS3Exception.class); } catch (AmazonS3Exception e) { assertThat(e.getErrorCode()).isEqualTo("SignatureDoesNotMatch"); } }
@Test public void testAwsV2UrlSigning() throws Exception { client = AmazonS3ClientBuilder.standard() .withClientConfiguration(V2_SIGNER_CONFIG) .withCredentials(new AWSStaticCredentialsProvider(awsCreds)) .withEndpointConfiguration(s3EndpointConfig) .build(); String blobName = "foo"; ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(BYTE_SOURCE.size()); client.putObject(containerName, blobName, BYTE_SOURCE.openStream(), metadata); Date expiration = new Date(System.currentTimeMillis() + TimeUnit.HOURS.toMillis(1)); URL url = client.generatePresignedUrl(containerName, blobName, expiration, HttpMethod.GET); try (InputStream actual = url.openStream(); InputStream expected = BYTE_SOURCE.openStream()) { assertThat(actual).hasContentEqualTo(expected); } }
@Test public void testAwsV4SignatureChunkedAnonymous() throws Exception { client = AmazonS3ClientBuilder.standard() .withChunkedEncodingDisabled(false) .withEndpointConfiguration(s3EndpointConfig) .build(); ObjectMetadata metadata = new ObjectMetadata(); metadata.setContentLength(BYTE_SOURCE.size()); client.putObject(containerName, "foo", BYTE_SOURCE.openStream(), metadata); S3Object object = client.getObject(containerName, "foo"); assertThat(object.getObjectMetadata().getContentLength()).isEqualTo( BYTE_SOURCE.size()); try (InputStream actual = object.getObjectContent(); InputStream expected = BYTE_SOURCE.openStream()) { assertThat(actual).hasContentEqualTo(expected); } }
/** * Creates the S3 client {@link Bean}. * * Uses the default client, but if a region is unspecified, uses {@code us-east-1}. * * @return The S3 client. */ @Bean public AmazonS3 s3client() { try { return AmazonS3ClientBuilder.defaultClient(); } catch (SdkClientException exception) { API_LOG.info("Default S3 client failed to build, trying again with region us-east-1", exception); return planB(); } }
@Test public void testDefaultClient() { mockStatic(AmazonS3ClientBuilder.class); when(AmazonS3ClientBuilder.defaultClient()).thenReturn(Mockito.mock(AmazonS3.class)); Assert.assertNotNull(underTest.s3client()); verify(underTest, times(0)).planB(); }
