// PUT on a bucket creates the bucket.
// http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTBucketPUT.html
func (r bucketResource) put(a *action) interface{} {
var created bool
if r.bucket == nil {
if !validBucketName(r.name) {
fatalf(400, "InvalidBucketName", "The specified bucket is not valid")
}
if loc := locationConstraint(a); loc == "" {
fatalf(400, "InvalidRequets", "The unspecified location constraint is incompatible for the region specific endpoint this request was sent to.")
}
// TODO validate acl
r.bucket = &bucket{
name: r.name,
// TODO default acl
objects: make(map[string]*object),
multipartUploads: make(map[string][]*multipartUploadPart),
multipartMeta: make(map[string]http.Header),
}
a.srv.buckets[r.name] = r.bucket
created = true
}
if !created && a.srv.config.send409Conflict() {
fatalf(409, "BucketAlreadyOwnedByYou", "Your previous request to create the named bucket succeeded and you already own it.")
}
r.bucket.acl = s3.ACL(a.req.Header.Get("x-amz-acl"))
return nil
}
// Driver uses the DriverFactory's Options to construct a strata.Driver
func (factory DriverFactory) Driver() (*strata.Driver, error) {
options := factory.GetOptions().(*Options)
accessKey := os.Getenv("AWS_ACCESS_KEY_ID")
secretKey := os.Getenv("AWS_SECRET_ACCESS_KEY")
if accessKey == "" || secretKey == "" {
return nil, errors.New("Environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be set")
}
s3storage, err := s3storage.NewS3Storage(
aws.Regions[options.AWS.Region],
aws.Auth{AccessKey: accessKey, SecretKey: secretKey},
options.AWS.BucketName,
options.AWS.BucketPrefix,
s3.ACL(options.AWS.BucketACL))
if err != nil {
return nil, err
}
replica, err := lreplica.NewLocalReplica(options.Replica.MaxBackgroundCopies, strconv.Itoa(options.Replica.Port))
if err != nil {
return nil, err
}
manager, err := strata.NewSnapshotManager(replica, s3storage)
if err != nil {
return nil, err
}
return &strata.Driver{Manager: manager}, err
}
func (u *S3Uploader) Upload(artifact *api.Artifact) error {
permission := "public-read"
if os.Getenv("BUILDKITE_S3_ACL") != "" {
permission = os.Getenv("BUILDKITE_S3_ACL")
} else if os.Getenv("AWS_S3_ACL") != "" {
permission = os.Getenv("AWS_S3_ACL")
}
// The dirtiest validation method ever...
if permission != "private" &&
permission != "public-read" &&
permission != "public-read-write" &&
permission != "authenticated-read" &&
permission != "bucket-owner-read" &&
permission != "bucket-owner-full-control" {
logger.Fatal("Invalid S3 ACL `%s`", permission)
}
Perms := s3.ACL(permission)
logger.Debug("Reading file \"%s\"", artifact.AbsolutePath)
data, err := ioutil.ReadFile(artifact.AbsolutePath)
if err != nil {
return errors.New("Failed to read file " + artifact.AbsolutePath + " (" + err.Error() + ")")
}
logger.Debug("Uploading \"%s\" to bucket with permission `%s`", u.artifactPath(artifact), permission)
err = u.Bucket.Put(u.artifactPath(artifact), data, u.mimeType(artifact), Perms, s3.Options{})
if err != nil {
return errors.New(fmt.Sprintf("Failed to PUT file \"%s\" (%s)", u.artifactPath(artifact), err.Error()))
}
return nil
}
func NewTestableS3Volume(c *check.C, readonly bool, replication int) *TestableS3Volume {
clock := &fakeClock{}
srv, err := s3test.NewServer(&s3test.Config{Clock: clock})
c.Assert(err, check.IsNil)
auth := aws.Auth{}
region := aws.Region{
Name: "test-region-1",
S3Endpoint: srv.URL(),
S3LocationConstraint: true,
}
bucket := &s3.Bucket{
S3: s3.New(auth, region),
Name: TestBucketName,
}
err = bucket.PutBucket(s3.ACL("private"))
c.Assert(err, check.IsNil)
return &TestableS3Volume{
S3Volume: NewS3Volume(auth, region, TestBucketName, readonly, replication),
server: srv,
serverClock: clock,
}
}