Skip to content

Commit

Permalink
fix(filemanager): use version_id when calling head and tagging
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmalenic
mmalenic committed Oct 4, 2024
1 parent 3388fdc commit c68938a
Show file tree
Hide file tree
Showing 8 changed files with 208 additions and 64 deletions.
2 changes: 1 addition & 1 deletion lib/workload/stateless/stacks/filemanager/deploy/constructs/functions/api.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,6 @@ export class ApiFunction extends fn.Function {
...props,
});

this.addPoliciesForBuckets(props.buckets);
this.addPoliciesForBuckets(props.buckets, fn.Function.getObjectActions());
}
}
23 changes: 21 additions & 2 deletions lib/workload/stateless/stacks/filemanager/deploy/constructs/functions/function.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,17 +165,36 @@ export class Function extends Construct {
/**
* Add policies for 's3:List*' and 's3:Get*' on the buckets to this function's role.
*/
addPoliciesForBuckets(buckets: string[], additionalActions?: string[]) {
addPoliciesForBuckets(buckets: string[], actions: string[]) {
buckets.map((bucket) => {
this.addToPolicy(
new PolicyStatement({
actions: [...['s3:ListBucket', 's3:GetObject'], ...(additionalActions ?? [])],
actions,
resources: [`arn:aws:s3:::${bucket}`, `arn:aws:s3:::${bucket}/*`],
})
);
});
}

/**
* Get policy actions for fetching objects.
*/
static getObjectActions(): string[] {
return ['s3:ListBucket', 's3:GetObject', 's3:GetObjectVersion'];
}

/**
* Get policy actions for using object tags.
*/
static objectTaggingActions(): string[] {
return [
's3:GetObjectTagging',
's3:GetObjectVersionTagging',
's3:PutObjectTagging',
's3:PutObjectVersionTagging',
];
}

/**
* Get the function name.
*/
Expand Down
6 changes: 2 additions & 4 deletions lib/workload/stateless/stacks/filemanager/deploy/constructs/functions/ingest.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,10 +52,8 @@ export class IngestFunction extends fn.Function {
this.function.addEventSource(eventSource);
});
this.addPoliciesForBuckets(props.buckets, [
's3:GetObjectTagging',
's3:GetObjectVersionTagging',
's3:PutObjectTagging',
's3:PutObjectVersionTagging',
...fn.Function.getObjectActions(),
...fn.Function.objectTaggingActions(),
]);
}
}
5 changes: 4 additions & 1 deletion lib/workload/stateless/stacks/filemanager/deploy/constructs/functions/inventory.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ export class InventoryFunction extends fn.Function {
functionName: INVENTORY_FUNCTION_NAME,
});

this.addPoliciesForBuckets(props.buckets);
this.addPoliciesForBuckets(props.buckets, [
...fn.Function.getObjectActions(),
...fn.Function.objectTaggingActions(),
]);
}
}
58 changes: 52 additions & 6 deletions lib/workload/stateless/stacks/filemanager/filemanager/src/clients/aws/s3.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,44 @@ pub struct Client {
inner: s3::Client,
}

/// Override settings related to response headers.
#[derive(Debug)]
pub struct ResponseHeaders {
content_disposition: String,
content_type: Option<String>,
content_encoding: Option<String>,
}

impl ResponseHeaders {
/// Create a new `ResponseHeaders` config.
pub fn new(
content_disposition: String,
content_type: Option<String>,
content_encoding: Option<String>,
) -> Self {
Self {
content_disposition,
content_type,
content_encoding,
}
}

/// Get the content disposition.
pub fn content_disposition(&self) -> &str {
&self.content_disposition
}

/// Get the content type.
pub fn content_type(&self) -> Option<&str> {
self.content_type.as_deref()
}

/// Get the content encoding.
pub fn content_encoding(&self) -> Option<&str> {
self.content_encoding.as_deref()
}
}

#[automock]
impl Client {
/// Create a new S3 client.
Expand All @@ -48,12 +86,14 @@ impl Client {
&self,
key: &str,
bucket: &str,
version_id: &str,
) -> Result<HeadObjectOutput, HeadObjectError> {
self.inner
.head_object()
.checksum_mode(Enabled)
.key(key)
.bucket(bucket)
.version_id(version_id)
.send()
.await
}
Expand All @@ -63,12 +103,14 @@ impl Client {
&self,
key: &str,
bucket: &str,
version_id: &str,
) -> Result<GetObjectOutput, GetObjectError> {
self.inner
.get_object()
.checksum_mode(Enabled)
.key(key)
.bucket(bucket)
.version_id(version_id)
.send()
.await
}
Expand All @@ -78,11 +120,13 @@ impl Client {
&self,
key: &str,
bucket: &str,
version_id: &str,
) -> Result<GetObjectTaggingOutput, GetObjectTaggingError> {
self.inner
.get_object_tagging()
.key(key)
.bucket(bucket)
.version_id(version_id)
.send()
.await
}
Expand All @@ -92,12 +136,14 @@ impl Client {
&self,
key: &str,
bucket: &str,
version_id: &str,
tagging: Tagging,
) -> Result<PutObjectTaggingOutput, PutObjectTaggingError> {
self.inner
.put_object_tagging()
.key(key)
.bucket(bucket)
.version_id(version_id)
.tagging(tagging)
.send()
.await
Expand All @@ -108,18 +154,18 @@ impl Client {
&self,
key: &str,
bucket: &str,
response_content_disposition: &str,
response_content_type: Option<String>,
response_content_encoding: Option<String>,
version_id: &str,
response_headers: ResponseHeaders,
expires_in: Duration,
) -> Result<PresignedRequest, GetObjectError> {
self.inner
.get_object()
.response_content_disposition(response_content_disposition)
.set_response_content_type(response_content_type)
.set_response_content_encoding(response_content_encoding)
.response_content_disposition(response_headers.content_disposition)
.set_response_content_type(response_headers.content_type)
.set_response_content_encoding(response_headers.content_encoding)
.key(key)
.bucket(bucket)
.version_id(version_id)
.presigned(
PresigningConfig::expires_in(
expires_in
Expand Down
Loading

0 comments on commit c68938a

Please sign in to comment.