You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@camel.apache.org by "Brendan Long (JIRA)" <ji...@apache.org> on 2011/09/09 20:17:10 UTC

[jira] [Commented] (CAMEL-4435) Allow specifiying ACL on S3 producer

    [ https://issues.apache.org/jira/browse/CAMEL-4435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13101415#comment-13101415 ] 

Brendan Long commented on CAMEL-4435:
-------------------------------------

Actually, it turns out there's an easier way to do this on S3, so I'm not sure it would be helpful on Camel.

AWA policies allow us to set access control based on the folder, for example, this would allow public access to mybucket/some/path/*:

{
  "Id": "Policy4324355464",
  "Statement": [
    {
      "Sid": "Stmt456464646477",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::mybucket/some/path/*"
      ],
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    }
  ]
}

I probably won't be patching this after all; should I resolve as "won't fix"? I'm not exactly sure how I should go about this.

> Allow specifiying ACL on S3 producer
> ------------------------------------
>
>                 Key: CAMEL-4435
>                 URL: https://issues.apache.org/jira/browse/CAMEL-4435
>             Project: Camel
>          Issue Type: New Feature
>          Components: camel-aws
>            Reporter: Brendan Long
>            Priority: Minor
>
> With the S3 component, there's currently no way to specify ACLs on either the component or message level.
> I'm proposing:
> 1. Add a URL parameter, "acl", which can be either:
>   * A canned ACL (private, public-read, public-read-write, authenticated-read). Ex: acl=private
>   * A reference to an ACL bean (com.amazonaws.services.s3.model.CannedAccessControlList): acl=#myAcl
> 2. Add CamelAwsS3ACL header, which can contain a string ("private", "public-read", etc.), a CannedAccessControlList object, or an AccessControlList object
> I'm working on a patch for this, but I want to make sure the way I'm going about it will be accepted before getting too far.
> Some questions:
>   * Is "acl" a good URL parameter? Should it be "access"? Should ACL references be separate ("aclRef")?
>   * Should we accept a string for the canned ACL when it's a header, or just expect a CannedAccessControlList object?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira