目标: 将用户A的bucket-A桶里的file拷贝到用户B的bucket-B的桶中
准备:安装s3cmd命令
步骤:
# 查看用户列表:
radosgw-admin user list
# 查看用户的信息:
radosgw-admin user info --uid={userID}
# 这个命令是让用户A拥有对bucket-B的写权限
s3cmd -c s3conf-B setacl s3://bucket-B --acl-grant=write:userA-id
# 开始copy
s3cmd -c s3conf-A cp s3://bucket-A/file s3://bucket-B --debug
如果想通过Api实现,可在s3cmd 后面加–debug命令,会看到每个命令的请求地址。
修改bucket或object权限的go 示例:
package main
import (
"fmt"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
aws3 "github.com/aws/aws-sdk-go/service/s3"
)
type s3Client struct {
url string
ak string
sk string
bucket string
key string
c *aws3.S3
}
func (s *s3Client)client() {
creds := credentials.NewStaticCredentials(s.ak, s.sk, "")
region := "us-east-1"
config := &aws.Config{
Region: ®ion,
Endpoint: &s.url,
S3ForcePathStyle: aws.Bool(true),
Credentials: creds,
DisableSSL: aws.Bool(true),
}
sess := session.Must(session.NewSession())
svc := aws3.New(sess, config)
s.c = svc
}
func (s *s3Client)setBucketAcl(permission, uid string) *aws3.PutBucketAclOutput{
v := "id=" + uid
input := &aws3.PutBucketAclInput{
Bucket: aws.String(s.bucket),
}
switch permission{
case "read":
input.GrantRead = aws.String(v)
case "write":
input.GrantWrite = aws.String(v)
case "full_control":
input.GrantWrite = aws.String(v)
default:
panic("unknown ACL permission")
}
out, err := s.c.PutBucketAcl(input)
if err != nil {
panic(err)
}
return out
}
func (s *s3Client)setObjectAcl(permission, uid string) *aws3.PutObjectAclOutput{
v := "id=" + uid
input := &aws3.PutObjectAclInput{
Bucket: aws.String(s.bucket),
GrantFullControl: aws.String(v),
Key: aws.String(s.key),
}
switch permission{
case "read":
input.GrantRead = aws.String(v)
case "write":
input.GrantWrite = aws.String(v)
case "full_control":
input.GrantWrite = aws.String(v)
default:
panic("unknown ACL permission")
}
out, err := s.c.PutObjectAcl(input)
if err != nil {
panic(err)
}
return out
}
func (s *s3Client)getObjectAcl() *aws3.GetObjectAclOutput{
input := &aws3.GetObjectAclInput{
Bucket: aws.String(s.bucket),
Key: aws.String(s.key),
}
out, err := s.c.GetObjectAcl(input)
if err != nil {
panic(err)
}
return out
}
func (s *s3Client)getBucketAcl() *aws3.GetBucketAclOutput{
input := &aws3.GetBucketAclInput{
Bucket: aws.String(s.bucket),
}
out, err := s.c.GetBucketAcl(input)
if err != nil {
panic(err)
}
return out
}
func main() {
s := s3Client{
url: "192.168.50.30:7480",
ak: "439a470d0d02ce3a382b987a6d09791c", // 用户B的ak
sk: "6bfadeff85ad6e9beff83ca2934a939b", // 用户B的sk
bucket: "test-3",
key: "test.txt",
}
s.client()
userID := "89debc1de572a90f7e11a8c0a9da6602" // 用户A的id
s.setBucketAcl("write", userID)
out := s.getBucketAcl()
fmt.Println(out.String())
}
下面是跨桶copy文件(同一个存储服务下)
// sourceObjectUri 和 desObjectUri 格式为: “bucket/object” ,开头不能包含“/”
func (s *s3Client) CopyObject(url, sourceObjectUri, destObjectUri, ak, sk, uid string) error {
destInfo := strings.Split(destObjectUri, "/")
acp := "id=" + uid
bucket := destInfo[0]
input := &aws3.CopyObjectInput{
GrantFullControl: aws.String(acp),
Bucket: aws.String(bucket),
Key: aws.String(destObjectUri[len(bucket)+1:]),
CopySource: aws.String(sourceObjectUri),
}
_, err := s.c.CopyObject(input)
return err
}