如何检查S3中存储的每个对象的ACL [英] How to check ACL of the each object in stored in S3

问题描述

如何通过适用于.Net的AWS开发工具包检查存储在Amazon Web Services S3存储桶中的每个对象的访问控制列表(ACL)?

How to check Access Control List (ACL) of the each object in stored in S3 bucket of Amazon Web Services via AWS SDK for .Net?

不仅适用于.Net SDK，它还适用于所有AWS开发工具包，例如Node和Java SDK.

It is not only for .Net SDK, it is applicable for all AWS SDK like Node and Java SDK too.

在下面的代码片段中，我找不到每个对象的访问级别属性.如果访问级别权限是已知的，我可以在访问对象以进行读/写/下载操作之前尽早通知用户.

In the below code snippet, I could not find the Access level property of each object. If the access level permission is known already, I can inform user early before accessing objects for read/write/download operations.

    static void Main(string[] args)
    {
        string bucketName = "mytestbucket1234"; //Testing purpose only, not a real bucket
        using (IAmazonS3 s3client = new AmazonS3Client())
        {
            ListObjectsV2Request request = new ListObjectsV2Request() { BucketName = bucketName };
            var bucketItem = s3client.ListObjectsV2(request);
            foreach (var x in bucketItem.S3Objects)
            {
                //need to access Access Level List Permission here, property is not available 
                Console.WriteLine(x.Key);
                Console.WriteLine(x.ETag); 
            }
        }
    }

推荐答案

当前无法实现.您有两种选择:-

That isn't currently possible. You have two options:-

1. 使用ListObjectsV2检索所有对象(最多1000个)，然后使用BucketName和Key的组合调用GetACL:-

1. Retrieve all the objects (up to a 1000) using ListObjectsV2 and then call GetACL with the combination of BucketName and Key:-

private static void ListACLs(BasicAWSCredentials credentials, RegionEndpoint regionEndpoint, string bucketName)
{
    using (var client = new AmazonS3Client(credentials, regionEndpoint))
    {
        var s3Objects = client.ListObjectsV2(new ListObjectsV2Request
        {
            BucketName = bucketName
        }).S3Objects;

        foreach (var s3Object in s3Objects)
        {
            var getAclRequest = new GetACLRequest
            {
                BucketName = bucketName,
                Key = s3Object.Key
            };

            var grants = client.GetACL(getAclRequest).AccessControlList.Grants;

            foreach (var s3Grant in grants)
            {
                Console.WriteLine(s3Grant.Permission);
            }
        }
    }
}

或者如果您已经知道BucketName和Key的组合，则可以跳过ListObjectsV2调用，而只需执行GetACL调用:-

Or if you already know the combination of BucketName and Key then you can skip the ListObjectsV2 call and just do a GetACL call:-

private static void ListACLs(BasicAWSCredentials credentials, RegionEndpoint regionEndpoint, string bucketName, string key)
{
    using (var client = new AmazonS3Client(credentials, regionEndpoint))
    {
        var getAclRequest = new GetACLRequest
        {
            BucketName = bucketName,
            Key = key
        };

        var grants = client.GetACL(getAclRequest).AccessControlList.Grants;

        foreach (var s3Grant in grants)
        {
            Console.WriteLine(s3Grant.Permission);
        }
    }
}

我个人认为，如果要在检索之前测试每个对象的ACL，则需要查看模型.默认情况下，当您将对象上载到S3时，它是私有的.同样，当您尝试在没有正确凭据的情况下检索私有对象时，S3将返回HTTP状态403和访问被拒绝"消息.如果您确实需要该功能，我会进行调查.

Personally, I think if you are testing each objects ACL before retrieval then your model needs looking at. By default when you upload an object to S3 it is private. Also, when you try to retrieve a private object without the correct credentials S3 will return HTTP Status 403 and a Access Denied message. I would investigate using that mechanism if you really need that feature.

希望有帮助！

这篇关于如何检查S3中存储的每个对象的ACL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！