Revert "Add route-scoped ACL configuration"

This reverts commit 73f2d9d. We need to think a little about how to do this right, so revert the offending commit for now. Closes #283
bep · Aug 24, 2022 · f63c5b7 · f63c5b7
1 parent 73f2d9d
commit f63c5b7
Show file tree

Hide file tree

Showing 7 changed files with 84 additions and 114 deletions.
diff --git a/README.md b/README.md
@@ -107,8 +107,6 @@ routes:
       headers:
          Cache-Control: "max-age=630720000, no-transform, public"
       gzip: false
-      #  configure route-scoped ACL
-      acl: public-read
     - route: "^.+\\.(html|xml|json)$"
       gzip: true
 ```

diff --git a/lib/deployer.go b/lib/deployer.go
@@ -348,18 +348,7 @@ func (d *Deployer) loadConfig() error {
 		return err
 	}
 
-	acl := "private"
-	if d.cfg.ACL != "" {
-		acl = d.cfg.ACL
-	} else if d.cfg.PublicReadACL {
-		acl = "public-read"
-	}
-
 	for _, r := range conf.Routes {
-		if r.ACL == "" {
-			r.ACL = acl
-		}
-
 		r.routerRE, err = regexp.Compile(r.Route)
 
 		if err != nil {

diff --git a/lib/deployer_test.go b/lib/deployer_test.go
@@ -27,13 +27,12 @@ func TestDeploy(t *testing.T) {
 	source := testSourcePath()
 	configFile := filepath.Join(source, ".s3deploy.yml")
 
-	storeACL := "public-read"
 	cfg := &Config{
 		BucketName: "example.com",
 		RegionName: "eu-west-1",
 		ConfigFile: configFile,
 		MaxDelete:  300,
-		ACL:        storeACL,
+		ACL:        "public-read",
 		Silent:     true,
 		SourcePath: source,
 		baseStore:  store,
@@ -49,10 +48,6 @@ func TestDeploy(t *testing.T) {
 	c.Assert(headers["Content-Encoding"], qt.Equals, "gzip")
 	c.Assert(headers["Content-Type"], qt.Equals, "text/css; charset=utf-8")
 	c.Assert(headers["Cache-Control"], qt.Equals, "max-age=630720000, no-transform, public")
-
-	c.Assert(mainCss.(*osFile).ACL(), qt.Equals, "private") // route-configured
-	indexHtml := m["index.html"]
-	c.Assert(indexHtml.(*osFile).ACL(), qt.Equals, storeACL)
 }
 
 func TestDeployWithBucketPath(t *testing.T) {
@@ -286,91 +281,6 @@ func TestDeployMaxDelete(t *testing.T) {
 	c.Assert(stats.Summary(), qt.Equals, "Deleted 42 of 200, uploaded 4, skipped 0 (100% changed)")
 }
 
-func TestDeployNoACLProvided(t *testing.T) {
-	c := qt.New(t)
-	store, m := newTestStore(0, "")
-	source := testSourcePath()
-	configFile := filepath.Join(source, ".s3deploy.yml")
-
-	cfg := &Config{
-		BucketName: "example.com",
-		RegionName: "eu-west-1",
-		ConfigFile: configFile,
-		MaxDelete:  300,
-		ACL:        "",
-		Silent:     true,
-		SourcePath: source,
-		baseStore:  store,
-	}
-
-	stats, err := Deploy(cfg)
-	c.Assert(err, qt.IsNil)
-	c.Assert(stats.Summary(), qt.Equals, "Deleted 1 of 1, uploaded 3, skipped 1 (80% changed)")
-	assertKeys(t, m, ".s3deploy.yml", "main.css", "index.html", "ab.txt")
-
-	mainCss := m["main.css"]
-	indexHtml := m["index.html"]
-	c.Assert(mainCss.(*osFile).ACL(), qt.Equals, "private")   // route-configured
-	c.Assert(indexHtml.(*osFile).ACL(), qt.Equals, "private") // default private
-}
-
-func TestDeployOtherCannedACLProvided(t *testing.T) {
-	c := qt.New(t)
-	store, m := newTestStore(0, "")
-	source := testSourcePath()
-	configFile := filepath.Join(source, ".s3deploy.yml")
-
-	cfg := &Config{
-		BucketName: "example.com",
-		RegionName: "eu-west-1",
-		ConfigFile: configFile,
-		MaxDelete:  300,
-		ACL:        "bucket-owner-full-control",
-		Silent:     true,
-		SourcePath: source,
-		baseStore:  store,
-	}
-
-	stats, err := Deploy(cfg)
-	c.Assert(err, qt.IsNil)
-	c.Assert(stats.Summary(), qt.Equals, "Deleted 1 of 1, uploaded 3, skipped 1 (80% changed)")
-	assertKeys(t, m, ".s3deploy.yml", "main.css", "index.html", "ab.txt")
-
-	mainCss := m["main.css"]
-	indexHtml := m["index.html"]
-	c.Assert(mainCss.(*osFile).ACL(), qt.Equals, "private") // route-configured
-	c.Assert(indexHtml.(*osFile).ACL(), qt.Equals, "bucket-owner-full-control")
-}
-
-func TestDeployDeprecatedPublicReadACLFlagProvided(t *testing.T) {
-	c := qt.New(t)
-	store, m := newTestStore(0, "")
-	source := testSourcePath()
-	configFile := filepath.Join(source, ".s3deploy.yml")
-
-	cfg := &Config{
-		BucketName:    "example.com",
-		RegionName:    "eu-west-1",
-		ConfigFile:    configFile,
-		MaxDelete:     300,
-		ACL:           "",
-		PublicReadACL: true,
-		Silent:        true,
-		SourcePath:    source,
-		baseStore:     store,
-	}
-
-	stats, err := Deploy(cfg)
-	c.Assert(err, qt.IsNil)
-	c.Assert(stats.Summary(), qt.Equals, "Deleted 1 of 1, uploaded 3, skipped 1 (80% changed)")
-	assertKeys(t, m, ".s3deploy.yml", "main.css", "index.html", "ab.txt")
-
-	mainCss := m["main.css"]
-	indexHtml := m["index.html"]
-	c.Assert(mainCss.(*osFile).ACL(), qt.Equals, "private") // route-configured
-	c.Assert(indexHtml.(*osFile).ACL(), qt.Equals, "public-read")
-}
-
 func testSourcePath() string {
 	wd, _ := os.Getwd()
 	return filepath.Join(wd, "testdata") + "/"

diff --git a/lib/files.go b/lib/files.go
@@ -50,7 +50,6 @@ type localFile interface {
 	Content() io.ReadSeeker
 
 	Headers() map[string]string
-	ACL() string
 }
 
 type osFile struct {
@@ -126,10 +125,6 @@ func (f *osFile) Headers() map[string]string {
 	return headers
 }
 
-func (f *osFile) ACL() string {
-	return f.route.ACL
-}
-
 func (f *osFile) initContentType(peek []byte) error {
 	if f.route != nil {
 		if contentType, found := f.route.Headers["Content-Type"]; found {
@@ -245,7 +240,6 @@ type route struct {
 	Headers map[string]string `yaml:"headers"`
 	Gzip    bool              `yaml:"gzip"`
 	Ignore  bool              `yaml:"ignore"`
-	ACL     string            `yaml:"acl"`
 
 	routerRE *regexp.Regexp // compiled version of Route
 }

diff --git a/lib/s3.go b/lib/s3.go
@@ -24,6 +24,7 @@ type s3Store struct {
 	bucketPath string
 	r          routes
 	svc        *s3.S3
+	acl        string
 	cfc        *cloudFrontClient
 }
 
@@ -59,7 +60,14 @@ func newRemoteStore(cfg Config, logger printer) (*s3Store, error) {
 		}
 	}
 
-	s = &s3Store{svc: s3.New(sess), cfc: cfc, bucket: cfg.BucketName, r: cfg.conf.Routes, bucketPath: cfg.BucketPath}
+	acl := "private"
+	if cfg.ACL != "" {
+		acl = cfg.ACL
+	} else if cfg.PublicReadACL {
+		acl = "public-read"
+	}
+
+	s = &s3Store{svc: s3.New(sess), cfc: cfc, acl: acl, bucket: cfg.BucketName, r: cfg.conf.Routes, bucketPath: cfg.BucketPath}
 
 	return s, nil
 }
@@ -85,7 +93,6 @@ func (s *s3Store) FileMap(opts ...opOption) (map[string]file, error) {
 
 func (s *s3Store) Put(ctx context.Context, f localFile, opts ...opOption) error {
 	headers := f.Headers()
-	acl := f.ACL()
 
 	withHeaders := func(r *request.Request) {
 		for k, v := range headers {
@@ -97,7 +104,7 @@ func (s *s3Store) Put(ctx context.Context, f localFile, opts ...opOption) error
 		Bucket:        aws.String(s.bucket),
 		Key:           aws.String(f.Key()),
 		Body:          f.Content(),
-		ACL:           aws.String(acl),
+		ACL:           aws.String(s.acl),
 		ContentLength: aws.Int64(f.Size()),
 	}, withHeaders)
 

diff --git a/lib/s3_test.go b/lib/s3_test.go
@@ -0,0 +1,73 @@
+package lib
+
+import (
+	"io/ioutil"
+	"testing"
+
+	qt "github.com/frankban/quicktest"
+)
+
+func TestNewRemoteStoreNoAclProvided(t *testing.T) {
+	c := qt.New(t)
+
+	cfg := Config{
+		BucketName: "example.com",
+		RegionName: "us-east-1",
+		ACL:        "",
+		Silent:     true,
+	}
+
+	s, err := newRemoteStore(cfg, newPrinter(ioutil.Discard))
+	c.Assert(err, qt.IsNil)
+
+	c.Assert("private", qt.Equals, s.acl)
+}
+
+func TestNewRemoteStoreAclProvided(t *testing.T) {
+	c := qt.New(t)
+
+	cfg := Config{
+		BucketName: "example.com",
+		RegionName: "us-east-1",
+		ACL:        "public-read",
+		Silent:     true,
+	}
+
+	s, err := newRemoteStore(cfg, newPrinter(ioutil.Discard))
+	c.Assert(err, qt.IsNil)
+
+	c.Assert("public-read", qt.Equals, s.acl)
+}
+
+func TestNewRemoteStoreOtherCannedAclProvided(t *testing.T) {
+	c := qt.New(t)
+
+	cfg := Config{
+		BucketName: "example.com",
+		RegionName: "us-east-1",
+		ACL:        "bucket-owner-full-control",
+		Silent:     true,
+	}
+
+	s, err := newRemoteStore(cfg, newPrinter(ioutil.Discard))
+	c.Assert(err, qt.IsNil)
+
+	c.Assert("bucket-owner-full-control", qt.Equals, s.acl)
+}
+
+func TestNewRemoteStoreDeprecatedPublicReadACLFlaglProvided(t *testing.T) {
+	c := qt.New(t)
+
+	cfg := Config{
+		BucketName:    "example.com",
+		RegionName:    "us-east-1",
+		PublicReadACL: true,
+		ACL:           "",
+		Silent:        true,
+	}
+
+	s, err := newRemoteStore(cfg, newPrinter(ioutil.Discard))
+	c.Assert(err, qt.IsNil)
+
+	c.Assert("public-read", qt.Equals, s.acl)
+}
diff --git a/lib/testdata/.s3deploy.yml b/lib/testdata/.s3deploy.yml
@@ -4,7 +4,6 @@ routes:
       headers:
          Cache-Control: "max-age=630720000, no-transform, public"
       gzip: true
-      acl: private
     - route: "^.+\\.(png|jpg)$"
       headers:
          Cache-Control: "max-age=630720000, no-transform, public"