Merge pull request #72 from kevin-brendle-lark/bucket-acl-option

allow specifying bucket ACL policy on upload
tpunder · Feb 25, 2022 · a85a934 · a85a934
2 parents 3601325 + d7c9eb9
commit a85a934
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/src/main/scala/fm/sbt/S3ResolverPlugin.scala b/src/main/scala/fm/sbt/S3ResolverPlugin.scala
@@ -16,8 +16,8 @@
 package fm.sbt
 
 import java.net.{URL, URLStreamHandler, URLStreamHandlerFactory}
-
 import com.amazonaws.auth.AWSCredentialsProvider
+import com.amazonaws.services.s3.model.CannedAccessControlList
 import org.apache.ivy.util.url.{URLHandlerDispatcher, URLHandlerRegistry}
 import sbt.Keys._
 import sbt._
@@ -43,6 +43,8 @@ object S3ResolverPlugin extends AutoPlugin {
     lazy val showS3Credentials: InputKey[Unit] = {
       InputKey[Unit]("showS3Credentials", "Just outputs credentials that are loaded by the s3credentials provider")
     }
+
+    lazy val s3ResolverBucketACLMap: SettingKey[Map[String, CannedAccessControlList]] = settingKey[Map[String, CannedAccessControlList]]("This allows us to specify a canned ACL for s3 buckets")
   }
 
   import autoImport._
@@ -121,6 +123,7 @@ object S3ResolverPlugin extends AutoPlugin {
       val extracted: Extracted = Project.extract(state)
 
       S3URLHandler.registerBucketCredentialsProvider(extracted.getOpt(s3CredentialsProvider).getOrElse(S3URLHandler.defaultCredentialsProviderChain))
+      S3URLHandler.registerBucketACLMap(extracted.getOpt(s3ResolverBucketACLMap).getOrElse(Map()))
 
       state
     }

diff --git a/src/main/scala/fm/sbt/S3URLHandler.scala b/src/main/scala/fm/sbt/S3URLHandler.scala
@@ -45,10 +45,16 @@ object S3URLHandler {
 
   private var bucketCredentialsProvider: String => AWSCredentialsProvider = makePropertiesFileCredentialsProvider
 
+  private var bucketACLMap: Map[String, CannedAccessControlList] = Map()
+
   def registerBucketCredentialsProvider(provider: String => AWSCredentialsProvider): Unit = {
     bucketCredentialsProvider = provider
   }
 
+  def registerBucketACLMap(aclMap: Map[String, CannedAccessControlList]): Unit = {
+    bucketACLMap = aclMap
+  }
+
   def getBucketCredentialsProvider: String => AWSCredentialsProvider = bucketCredentialsProvider
 
   private class S3URLInfo(available: Boolean, contentLength: Long, lastModified: Long) extends URLHandler.URLInfo(available, contentLength, lastModified)
@@ -404,7 +410,22 @@ final class S3URLHandler extends URLHandler {
     def putImpl(serverSideEncryption: Boolean): PutObjectResult = {
       val meta: ObjectMetadata = new ObjectMetadata()
       if (serverSideEncryption) meta.setSSEAlgorithm(ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION)
-      client.putObject(new PutObjectRequest(bucket, key, src).withMetadata(meta))
+
+      val customizers = Seq[PutObjectRequest => PutObjectRequest](
+        // add metadata
+        x => {x.withMetadata(meta)},
+        // add bucket ACL
+        x => {
+          bucketACLMap.get(bucket) match {
+            case Some(y) => x.withCannedAcl(y)
+            case None => x
+          }
+        }
+      )
+
+      val req = customizers.foldLeft(new PutObjectRequest(bucket, key, src))((putObjectRequest, customizer) => customizer(putObjectRequest))
+
+      client.putObject(req)
     }
 
     // Do we know for sure that this bucket requires SSE?