specify acl for S3 objects (#412)

* specify acl for S3 objects
awslabs · Aug 12, 2022 · 7fd1d28 · 7fd1d28
1 parent 063bd19
commit 7fd1d28
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/s3.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/s3.py
@@ -79,7 +79,7 @@ def build_pathing_style(self, style, key):
             "virtual-hosted."
         )
 
-    def put_object(self, key, file_path, style="path", pre_check=False):
+    def put_object(self, key, file_path, style="path", pre_check=False, object_acl='private'):
         """
         Put the object into S3 and return the reference to the object
         in the requested path style.
@@ -101,6 +101,12 @@ def put_object(self, key, file_path, style="path", pre_check=False):
                 given file are not compared. Only whether the given object key
                 exists in the bucket or not.
 
+            object_acl (str): Set the object ACL when uploading the object.
+                Directly passed to boto3. Valid values are:
+                ACL='private'|'public-read'|'public-read-write'|
+                'authenticated-read'|'aws-exec-read'|'bucket-owner-read'|
+                'bucket-owner-full-control'
+
         Returns:
             str: The S3 object reference in the requested path style. This
                 will be returned regardless of whether or not an upload was
@@ -112,7 +118,7 @@ def put_object(self, key, file_path, style="path", pre_check=False):
         # If we don't need to check first, do. Otherwise, check if it exists
         # first and only upload if it does not exist.
         if not pre_check or not self._does_object_exist(key):
-            self._perform_put_object(key, file_path)
+            self._perform_put_object(key, file_path, object_acl)
         return self.build_pathing_style(style, key)
 
     def _does_object_exist(self, key):
@@ -131,7 +137,7 @@ def _does_object_exist(self, key):
         except self.client.exceptions.NoSuchKey:
             return False
 
-    def _perform_put_object(self, key, file_path):
+    def _perform_put_object(self, key, file_path, object_acl="private"):
         """
         Perform actual put operation without any checks.
         This is called internally by the put_object method when the
@@ -141,6 +147,8 @@ def _perform_put_object(self, key, file_path):
             key (str): They S3 key of the object to put the file contents to.
 
             file_path (str): The file to upload using binary write mode.
+
+            object_acl (str): The object ACL to be applied.
         """
         try:
             LOGGER.info(
@@ -151,7 +159,10 @@ def _perform_put_object(self, key, file_path):
                 self.region,
             )
             with open(file_path, mode='rb') as file_handler:
-                self.resource.Object(self.bucket, key).put(Body=file_handler)
+                self.resource.Object(self.bucket, key).put(
+                    ACL=object_acl,
+                    Body=file_handler,
+                )
                 LOGGER.debug("Upload of %s was successful.", key)
         except BaseException:
             LOGGER.error("Failed to upload %s", key, exc_info=True)

diff --git a/...bda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/test_s3.py b/...bda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/tests/test_s3.py
@@ -173,7 +173,7 @@ def test_put_object_no_checks_always_upload(does_exist, perform_put,
     assert return_value == object_path
 
     does_exist.assert_not_called()
-    perform_put.assert_called_once_with(object_key, file_path)
+    perform_put.assert_called_once_with(object_key, file_path, 'private')
     build_path.assert_called_once_with(path_style, object_key)
 
 
@@ -199,7 +199,7 @@ def test_put_object_do_check_upload_when_missing(
     assert return_value == object_path
 
     does_exist.assert_called_once_with(object_key)
-    perform_put.assert_called_once_with(object_key, file_path)
+    perform_put.assert_called_once_with(object_key, file_path, 'private')
     build_path.assert_called_once_with(path_style, object_key)
 
 
@@ -301,7 +301,7 @@ def test_perform_put_object_success(logger, boto3_resource):
         )
         mock_file.assert_called_with(file_path, mode='rb')
         s3_resource.Object.assert_called_once_with(s3_cls.bucket, object_key)
-        s3_object.put.assert_called_once_with(Body=mock_file.return_value)
+        s3_object.put.assert_called_once_with(ACL='private', Body=mock_file.return_value)
 
     logger.info.assert_called_once_with(
         "Uploading %s as %s to S3 Bucket %s in %s",
@@ -393,7 +393,7 @@ def test_perform_put_object_failed(logger, boto3_resource):
 
         mock_file.assert_called_with(file_path, mode='rb')
         s3_resource.Object.assert_called_once_with(s3_cls.bucket, object_key)
-        s3_object.put.assert_called_once_with(Body=mock_file.return_value)
+        s3_object.put.assert_called_once_with(ACL='private', Body=mock_file.return_value)
 
     logger.info.assert_called_once_with(
         "Uploading %s as %s to S3 Bucket %s in %s",