terraformDummyRepo2/vendor/cloud.google.com/go/storage/acl.go

// Copyright 2014 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package storage

import (
	"context"
	"net/http"
	"reflect"

	"cloud.google.com/go/internal/trace"
	"google.golang.org/api/googleapi"
	raw "google.golang.org/api/storage/v1"
)

// ACLRole is the level of access to grant.
type ACLRole string

const (
	RoleOwner  ACLRole = "OWNER"
	RoleReader ACLRole = "READER"
	RoleWriter ACLRole = "WRITER"
)

// ACLEntity refers to a user or group.
// They are sometimes referred to as grantees.
//
// It could be in the form of:
// "user-<userId>", "user-<email>", "group-<groupId>", "group-<email>",
// "domain-<domain>" and "project-team-<projectId>".
//
// Or one of the predefined constants: AllUsers, AllAuthenticatedUsers.
type ACLEntity string

const (
	AllUsers              ACLEntity = "allUsers"
	AllAuthenticatedUsers ACLEntity = "allAuthenticatedUsers"
)

// ACLRule represents a grant for a role to an entity (user, group or team) for a
// Google Cloud Storage object or bucket.
type ACLRule struct {
	Entity      ACLEntity
	EntityID    string
	Role        ACLRole
	Domain      string
	Email       string
	ProjectTeam *ProjectTeam
}

// ProjectTeam is the project team associated with the entity, if any.
type ProjectTeam struct {
	ProjectNumber string
	Team          string
}

// ACLHandle provides operations on an access control list for a Google Cloud Storage bucket or object.
type ACLHandle struct {
	c           *Client
	bucket      string
	object      string
	isDefault   bool
	userProject string // for requester-pays buckets
}

// Delete permanently deletes the ACL entry for the given entity.
func (a *ACLHandle) Delete(ctx context.Context, entity ACLEntity) (err error) {
	ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Delete")
	defer func() { trace.EndSpan(ctx, err) }()

	if a.object != "" {
		return a.objectDelete(ctx, entity)
	}
	if a.isDefault {
		return a.bucketDefaultDelete(ctx, entity)
	}
	return a.bucketDelete(ctx, entity)
}

// Set sets the role for the given entity.
func (a *ACLHandle) Set(ctx context.Context, entity ACLEntity, role ACLRole) (err error) {
	ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Set")
	defer func() { trace.EndSpan(ctx, err) }()

	if a.object != "" {
		return a.objectSet(ctx, entity, role, false)
	}
	if a.isDefault {
		return a.objectSet(ctx, entity, role, true)
	}
	return a.bucketSet(ctx, entity, role)
}

// List retrieves ACL entries.
func (a *ACLHandle) List(ctx context.Context) (rules []ACLRule, err error) {
	ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.List")
	defer func() { trace.EndSpan(ctx, err) }()

	if a.object != "" {
		return a.objectList(ctx)
	}
	if a.isDefault {
		return a.bucketDefaultList(ctx)
	}
	return a.bucketList(ctx)
}

func (a *ACLHandle) bucketDefaultList(ctx context.Context) ([]ACLRule, error) {
	var acls *raw.ObjectAccessControls
	var err error
	err = runWithRetry(ctx, func() error {
		req := a.c.raw.DefaultObjectAccessControls.List(a.bucket)
		a.configureCall(ctx, req)
		acls, err = req.Do()
		return err
	})
	if err != nil {
		return nil, err
	}
	return toObjectACLRules(acls.Items), nil
}

func (a *ACLHandle) bucketDefaultDelete(ctx context.Context, entity ACLEntity) error {
	return runWithRetry(ctx, func() error {
		req := a.c.raw.DefaultObjectAccessControls.Delete(a.bucket, string(entity))
		a.configureCall(ctx, req)
		return req.Do()
	})
}

func (a *ACLHandle) bucketList(ctx context.Context) ([]ACLRule, error) {
	var acls *raw.BucketAccessControls
	var err error
	err = runWithRetry(ctx, func() error {
		req := a.c.raw.BucketAccessControls.List(a.bucket)
		a.configureCall(ctx, req)
		acls, err = req.Do()
		return err
	})
	if err != nil {
		return nil, err
	}
	return toBucketACLRules(acls.Items), nil
}

func (a *ACLHandle) bucketSet(ctx context.Context, entity ACLEntity, role ACLRole) error {
	acl := &raw.BucketAccessControl{
		Bucket: a.bucket,
		Entity: string(entity),
		Role:   string(role),
	}
	err := runWithRetry(ctx, func() error {
		req := a.c.raw.BucketAccessControls.Update(a.bucket, string(entity), acl)
		a.configureCall(ctx, req)
		_, err := req.Do()
		return err
	})
	if err != nil {
		return err
	}
	return nil
}

func (a *ACLHandle) bucketDelete(ctx context.Context, entity ACLEntity) error {
	return runWithRetry(ctx, func() error {
		req := a.c.raw.BucketAccessControls.Delete(a.bucket, string(entity))
		a.configureCall(ctx, req)
		return req.Do()
	})
}

func (a *ACLHandle) objectList(ctx context.Context) ([]ACLRule, error) {
	var acls *raw.ObjectAccessControls
	var err error
	err = runWithRetry(ctx, func() error {
		req := a.c.raw.ObjectAccessControls.List(a.bucket, a.object)
		a.configureCall(ctx, req)
		acls, err = req.Do()
		return err
	})
	if err != nil {
		return nil, err
	}
	return toObjectACLRules(acls.Items), nil
}

func (a *ACLHandle) objectSet(ctx context.Context, entity ACLEntity, role ACLRole, isBucketDefault bool) error {
	type setRequest interface {
		Do(opts ...googleapi.CallOption) (*raw.ObjectAccessControl, error)
		Header() http.Header
	}

	acl := &raw.ObjectAccessControl{
		Bucket: a.bucket,
		Entity: string(entity),
		Role:   string(role),
	}
	var req setRequest
	if isBucketDefault {
		req = a.c.raw.DefaultObjectAccessControls.Update(a.bucket, string(entity), acl)
	} else {
		req = a.c.raw.ObjectAccessControls.Update(a.bucket, a.object, string(entity), acl)
	}
	a.configureCall(ctx, req)
	return runWithRetry(ctx, func() error {
		_, err := req.Do()
		return err
	})
}

func (a *ACLHandle) objectDelete(ctx context.Context, entity ACLEntity) error {
	return runWithRetry(ctx, func() error {
		req := a.c.raw.ObjectAccessControls.Delete(a.bucket, a.object, string(entity))
		a.configureCall(ctx, req)
		return req.Do()
	})
}

func (a *ACLHandle) configureCall(ctx context.Context, call interface{ Header() http.Header }) {
	vc := reflect.ValueOf(call)
	vc.MethodByName("Context").Call([]reflect.Value{reflect.ValueOf(ctx)})
	if a.userProject != "" {
		vc.MethodByName("UserProject").Call([]reflect.Value{reflect.ValueOf(a.userProject)})
	}
	setClientHeader(call.Header())
}

func toObjectACLRules(items []*raw.ObjectAccessControl) []ACLRule {
	var rs []ACLRule
	for _, item := range items {
		rs = append(rs, toObjectACLRule(item))
	}
	return rs
}

func toBucketACLRules(items []*raw.BucketAccessControl) []ACLRule {
	var rs []ACLRule
	for _, item := range items {
		rs = append(rs, toBucketACLRule(item))
	}
	return rs
}

func toObjectACLRule(a *raw.ObjectAccessControl) ACLRule {
	return ACLRule{
		Entity:      ACLEntity(a.Entity),
		EntityID:    a.EntityId,
		Role:        ACLRole(a.Role),
		Domain:      a.Domain,
		Email:       a.Email,
		ProjectTeam: toObjectProjectTeam(a.ProjectTeam),
	}
}

func toBucketACLRule(a *raw.BucketAccessControl) ACLRule {
	return ACLRule{
		Entity:      ACLEntity(a.Entity),
		EntityID:    a.EntityId,
		Role:        ACLRole(a.Role),
		Domain:      a.Domain,
		Email:       a.Email,
		ProjectTeam: toBucketProjectTeam(a.ProjectTeam),
	}
}

func toRawObjectACL(rules []ACLRule) []*raw.ObjectAccessControl {
	if len(rules) == 0 {
		return nil
	}
	r := make([]*raw.ObjectAccessControl, 0, len(rules))
	for _, rule := range rules {
		r = append(r, rule.toRawObjectAccessControl("")) // bucket name unnecessary
	}
	return r
}

func toRawBucketACL(rules []ACLRule) []*raw.BucketAccessControl {
	if len(rules) == 0 {
		return nil
	}
	r := make([]*raw.BucketAccessControl, 0, len(rules))
	for _, rule := range rules {
		r = append(r, rule.toRawBucketAccessControl("")) // bucket name unnecessary
	}
	return r
}

func (r ACLRule) toRawBucketAccessControl(bucket string) *raw.BucketAccessControl {
	return &raw.BucketAccessControl{
		Bucket: bucket,
		Entity: string(r.Entity),
		Role:   string(r.Role),
		// The other fields are not settable.
	}
}

func (r ACLRule) toRawObjectAccessControl(bucket string) *raw.ObjectAccessControl {
	return &raw.ObjectAccessControl{
		Bucket: bucket,
		Entity: string(r.Entity),
		Role:   string(r.Role),
		// The other fields are not settable.
	}
}

func toBucketProjectTeam(p *raw.BucketAccessControlProjectTeam) *ProjectTeam {
	if p == nil {
		return nil
	}
	return &ProjectTeam{
		ProjectNumber: p.ProjectNumber,
		Team:          p.Team,
	}
}

func toObjectProjectTeam(p *raw.ObjectAccessControlProjectTeam) *ProjectTeam {
	if p == nil {
		return nil
	}
	return &ProjectTeam{
		ProjectNumber: p.ProjectNumber,
		Team:          p.Team,
	}
}
add vendor 2022-04-03 04:07:16 +00:00			`// Copyright 2014 Google LLC`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package storage`

			`import (`
			`"context"`
			`"net/http"`
			`"reflect"`

			`"cloud.google.com/go/internal/trace"`
			`"google.golang.org/api/googleapi"`
			`raw "google.golang.org/api/storage/v1"`
			`)`

			`// ACLRole is the level of access to grant.`
			`type ACLRole string`

			`const (`
			`RoleOwner ACLRole = "OWNER"`
			`RoleReader ACLRole = "READER"`
			`RoleWriter ACLRole = "WRITER"`
			`)`

			`// ACLEntity refers to a user or group.`
			`// They are sometimes referred to as grantees.`
			`//`
			`// It could be in the form of:`
			`// "user-<userId>", "user-<email>", "group-<groupId>", "group-<email>",`
			`// "domain-<domain>" and "project-team-<projectId>".`
			`//`
			`// Or one of the predefined constants: AllUsers, AllAuthenticatedUsers.`
			`type ACLEntity string`

			`const (`
			`AllUsers ACLEntity = "allUsers"`
			`AllAuthenticatedUsers ACLEntity = "allAuthenticatedUsers"`
			`)`

			`// ACLRule represents a grant for a role to an entity (user, group or team) for a`
			`// Google Cloud Storage object or bucket.`
			`type ACLRule struct {`
			`Entity ACLEntity`
			`EntityID string`
			`Role ACLRole`
			`Domain string`
			`Email string`
			`ProjectTeam *ProjectTeam`
			`}`

			`// ProjectTeam is the project team associated with the entity, if any.`
			`type ProjectTeam struct {`
			`ProjectNumber string`
			`Team string`
			`}`

			`// ACLHandle provides operations on an access control list for a Google Cloud Storage bucket or object.`
			`type ACLHandle struct {`
			`c *Client`
			`bucket string`
			`object string`
			`isDefault bool`
			`userProject string // for requester-pays buckets`
			`}`

			`// Delete permanently deletes the ACL entry for the given entity.`
			`func (a *ACLHandle) Delete(ctx context.Context, entity ACLEntity) (err error) {`
			`ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Delete")`
			`defer func() { trace.EndSpan(ctx, err) }()`

			`if a.object != "" {`
			`return a.objectDelete(ctx, entity)`
			`}`
			`if a.isDefault {`
			`return a.bucketDefaultDelete(ctx, entity)`
			`}`
			`return a.bucketDelete(ctx, entity)`
			`}`

			`// Set sets the role for the given entity.`
			`func (a *ACLHandle) Set(ctx context.Context, entity ACLEntity, role ACLRole) (err error) {`
			`ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.Set")`
			`defer func() { trace.EndSpan(ctx, err) }()`

			`if a.object != "" {`
			`return a.objectSet(ctx, entity, role, false)`
			`}`
			`if a.isDefault {`
			`return a.objectSet(ctx, entity, role, true)`
			`}`
			`return a.bucketSet(ctx, entity, role)`
			`}`

			`// List retrieves ACL entries.`
			`func (a *ACLHandle) List(ctx context.Context) (rules []ACLRule, err error) {`
			`ctx = trace.StartSpan(ctx, "cloud.google.com/go/storage.ACL.List")`
			`defer func() { trace.EndSpan(ctx, err) }()`

			`if a.object != "" {`
			`return a.objectList(ctx)`
			`}`
			`if a.isDefault {`
			`return a.bucketDefaultList(ctx)`
			`}`
			`return a.bucketList(ctx)`
			`}`

			`func (a *ACLHandle) bucketDefaultList(ctx context.Context) ([]ACLRule, error) {`
			`var acls *raw.ObjectAccessControls`
			`var err error`
			`err = runWithRetry(ctx, func() error {`
			`req := a.c.raw.DefaultObjectAccessControls.List(a.bucket)`
			`a.configureCall(ctx, req)`
			`acls, err = req.Do()`
			`return err`
			`})`
			`if err != nil {`
			`return nil, err`
			`}`
			`return toObjectACLRules(acls.Items), nil`
			`}`

			`func (a *ACLHandle) bucketDefaultDelete(ctx context.Context, entity ACLEntity) error {`
			`return runWithRetry(ctx, func() error {`
			`req := a.c.raw.DefaultObjectAccessControls.Delete(a.bucket, string(entity))`
			`a.configureCall(ctx, req)`
			`return req.Do()`
			`})`
			`}`

			`func (a *ACLHandle) bucketList(ctx context.Context) ([]ACLRule, error) {`
			`var acls *raw.BucketAccessControls`
			`var err error`
			`err = runWithRetry(ctx, func() error {`
			`req := a.c.raw.BucketAccessControls.List(a.bucket)`
			`a.configureCall(ctx, req)`
			`acls, err = req.Do()`
			`return err`
			`})`
			`if err != nil {`
			`return nil, err`
			`}`
			`return toBucketACLRules(acls.Items), nil`
			`}`

			`func (a *ACLHandle) bucketSet(ctx context.Context, entity ACLEntity, role ACLRole) error {`
			`acl := &raw.BucketAccessControl{`
			`Bucket: a.bucket,`
			`Entity: string(entity),`
			`Role: string(role),`
			`}`
			`err := runWithRetry(ctx, func() error {`
			`req := a.c.raw.BucketAccessControls.Update(a.bucket, string(entity), acl)`
			`a.configureCall(ctx, req)`
			`_, err := req.Do()`
			`return err`
			`})`
			`if err != nil {`
			`return err`
			`}`
			`return nil`
			`}`

			`func (a *ACLHandle) bucketDelete(ctx context.Context, entity ACLEntity) error {`
			`return runWithRetry(ctx, func() error {`
			`req := a.c.raw.BucketAccessControls.Delete(a.bucket, string(entity))`
			`a.configureCall(ctx, req)`
			`return req.Do()`
			`})`
			`}`

			`func (a *ACLHandle) objectList(ctx context.Context) ([]ACLRule, error) {`
			`var acls *raw.ObjectAccessControls`
			`var err error`
			`err = runWithRetry(ctx, func() error {`
			`req := a.c.raw.ObjectAccessControls.List(a.bucket, a.object)`
			`a.configureCall(ctx, req)`
			`acls, err = req.Do()`
			`return err`
			`})`
			`if err != nil {`
			`return nil, err`
			`}`
			`return toObjectACLRules(acls.Items), nil`
			`}`

			`func (a *ACLHandle) objectSet(ctx context.Context, entity ACLEntity, role ACLRole, isBucketDefault bool) error {`
			`type setRequest interface {`
			`Do(opts ...googleapi.CallOption) (*raw.ObjectAccessControl, error)`
			`Header() http.Header`
			`}`

			`acl := &raw.ObjectAccessControl{`
			`Bucket: a.bucket,`
			`Entity: string(entity),`
			`Role: string(role),`
			`}`
			`var req setRequest`
			`if isBucketDefault {`
			`req = a.c.raw.DefaultObjectAccessControls.Update(a.bucket, string(entity), acl)`
			`} else {`
			`req = a.c.raw.ObjectAccessControls.Update(a.bucket, a.object, string(entity), acl)`
			`}`
			`a.configureCall(ctx, req)`
			`return runWithRetry(ctx, func() error {`
			`_, err := req.Do()`
			`return err`
			`})`
			`}`

			`func (a *ACLHandle) objectDelete(ctx context.Context, entity ACLEntity) error {`
			`return runWithRetry(ctx, func() error {`
			`req := a.c.raw.ObjectAccessControls.Delete(a.bucket, a.object, string(entity))`
			`a.configureCall(ctx, req)`
			`return req.Do()`
			`})`
			`}`

			`func (a *ACLHandle) configureCall(ctx context.Context, call interface{ Header() http.Header }) {`
			`vc := reflect.ValueOf(call)`
			`vc.MethodByName("Context").Call([]reflect.Value{reflect.ValueOf(ctx)})`
			`if a.userProject != "" {`
			`vc.MethodByName("UserProject").Call([]reflect.Value{reflect.ValueOf(a.userProject)})`
			`}`
			`setClientHeader(call.Header())`
			`}`

			`func toObjectACLRules(items []*raw.ObjectAccessControl) []ACLRule {`
			`var rs []ACLRule`
			`for _, item := range items {`
			`rs = append(rs, toObjectACLRule(item))`
			`}`
			`return rs`
			`}`

			`func toBucketACLRules(items []*raw.BucketAccessControl) []ACLRule {`
			`var rs []ACLRule`
			`for _, item := range items {`
			`rs = append(rs, toBucketACLRule(item))`
			`}`
			`return rs`
			`}`

			`func toObjectACLRule(a *raw.ObjectAccessControl) ACLRule {`
			`return ACLRule{`
			`Entity: ACLEntity(a.Entity),`
			`EntityID: a.EntityId,`
			`Role: ACLRole(a.Role),`
			`Domain: a.Domain,`
			`Email: a.Email,`
			`ProjectTeam: toObjectProjectTeam(a.ProjectTeam),`
			`}`
			`}`

			`func toBucketACLRule(a *raw.BucketAccessControl) ACLRule {`
			`return ACLRule{`
			`Entity: ACLEntity(a.Entity),`
			`EntityID: a.EntityId,`
			`Role: ACLRole(a.Role),`
			`Domain: a.Domain,`
			`Email: a.Email,`
			`ProjectTeam: toBucketProjectTeam(a.ProjectTeam),`
			`}`
			`}`

			`func toRawObjectACL(rules []ACLRule) []*raw.ObjectAccessControl {`
			`if len(rules) == 0 {`
			`return nil`
			`}`
			`r := make([]*raw.ObjectAccessControl, 0, len(rules))`
			`for _, rule := range rules {`
			`r = append(r, rule.toRawObjectAccessControl("")) // bucket name unnecessary`
			`}`
			`return r`
			`}`

			`func toRawBucketACL(rules []ACLRule) []*raw.BucketAccessControl {`
			`if len(rules) == 0 {`
			`return nil`
			`}`
			`r := make([]*raw.BucketAccessControl, 0, len(rules))`
			`for _, rule := range rules {`
			`r = append(r, rule.toRawBucketAccessControl("")) // bucket name unnecessary`
			`}`
			`return r`
			`}`

			`func (r ACLRule) toRawBucketAccessControl(bucket string) *raw.BucketAccessControl {`
			`return &raw.BucketAccessControl{`
			`Bucket: bucket,`
			`Entity: string(r.Entity),`
			`Role: string(r.Role),`
			`// The other fields are not settable.`
			`}`
			`}`

			`func (r ACLRule) toRawObjectAccessControl(bucket string) *raw.ObjectAccessControl {`
			`return &raw.ObjectAccessControl{`
			`Bucket: bucket,`
			`Entity: string(r.Entity),`
			`Role: string(r.Role),`
			`// The other fields are not settable.`
			`}`
			`}`

			`func toBucketProjectTeam(p raw.BucketAccessControlProjectTeam) ProjectTeam {`
			`if p == nil {`
			`return nil`
			`}`
			`return &ProjectTeam{`
			`ProjectNumber: p.ProjectNumber,`
			`Team: p.Team,`
			`}`
			`}`

			`func toObjectProjectTeam(p raw.ObjectAccessControlProjectTeam) ProjectTeam {`
			`if p == nil {`
			`return nil`
			`}`
			`return &ProjectTeam{`
			`ProjectNumber: p.ProjectNumber,`
			`Team: p.Team,`
			`}`
			`}`