/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.S3.Model { ///

/// Container for the parameters to the PutACL operation. /// Sets the permissions on an existing bucket using access control lists (ACL). For more /// information, see Using /// ACLs. To set the ACL of a bucket, you must have WRITE_ACP permission. /// /// /// /// You can use one of the following two ways to set a bucket's permissions: /// ///

/// /// Specify the ACL in the request body /// ///
/// /// Specify permissions using request headers /// ///

/// /// You cannot specify access permission using both the body and the request headers. /// /// /// /// Depending on your application needs, you may choose to set the ACL on a bucket using /// either the request body or the headers. For example, if you have an existing application /// that updates a bucket ACL using the request body, then you can continue to use that /// approach. /// /// /// /// If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs /// are disabled and no longer affect permissions. You must use policies to grant access /// to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and /// return the AccessControlListNotSupported error code. Requests to read /// ACLs are still supported. For more information, see Controlling /// object ownership in the Amazon S3 User Guide. /// ///

Permissions

/// /// /// You can set access permissions using one of the following methods: /// ///

/// /// Specify a canned ACL with the x-amz-acl request header. Amazon S3 supports /// a set of predefined ACLs, known as canned ACLs. Each canned ACL has a predefined /// set of grantees and permissions. Specify the canned ACL name as the value of x-amz-acl. /// If you use this header, you cannot use other access control-specific headers in your /// request. For more information, see Canned /// ACL. /// ///
/// /// Specify access permissions explicitly with the x-amz-grant-read, x-amz-grant-read-acp, /// x-amz-grant-write-acp, and x-amz-grant-full-control headers. /// When using these headers, you specify explicit access permissions and grantees (Amazon /// Web Services accounts or Amazon S3 groups) who will receive the permission. If you /// use these ACL-specific headers, you cannot use the x-amz-acl header to /// set a canned ACL. These parameters map to the set of permissions that Amazon S3 supports /// in an ACL. For more information, see Access /// Control List (ACL) Overview. /// /// /// /// You specify each grantee as a type=value pair, where the type is one of the following: /// ///
- /// /// id – if the value specified is the canonical user ID of an Amazon Web /// Services account /// ///
- /// /// uri – if you are granting permissions to a predefined group /// ///
- /// /// emailAddress – if the value specified is the email address of an Amazon /// Web Services account /// ///
  /// /// Using email addresses to specify a grantee is only supported in the following Amazon /// Web Services Regions: /// ///
  - /// /// US East (N. Virginia) /// ///
  - /// /// US West (N. California) /// ///
  - /// /// US West (Oregon) /// ///
  - /// /// Asia Pacific (Singapore) /// ///
  - /// /// Asia Pacific (Sydney) /// ///
  - /// /// Asia Pacific (Tokyo) /// ///
  - /// /// Europe (Ireland) /// ///
  - /// /// South America (São Paulo) /// ///
  /// /// For a list of all the Amazon S3 supported Regions and endpoints, see Regions /// and Endpoints in the Amazon Web Services General Reference. /// ///
/// /// For example, the following x-amz-grant-write header grants create, overwrite, /// and delete objects permission to LogDelivery group predefined by Amazon S3 and two /// Amazon Web Services accounts identified by their email addresses. /// /// /// /// x-amz-grant-write: uri="http://acs.amazonaws.com/groups/s3/LogDelivery", id="111122223333", /// id="555566667777" /// ///

/// /// You can use either a canned ACL or specify access permissions explicitly. You cannot /// do both. /// /// /// /// Grantee Values /// /// /// /// You can specify the person (grantee) to whom you're assigning access rights (using /// request elements) in the following ways: /// ///

/// /// By the person's ID: /// /// /// /// <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser"><ID><>ID<></ID><DisplayName><>GranteesEmail<></DisplayName> /// </Grantee> /// /// /// /// DisplayName is optional and ignored in the request /// ///
/// /// By URI: /// /// /// /// <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group"><URI><>http://acs.amazonaws.com/groups/global/AuthenticatedUsers<></URI></Grantee> /// /// ///
/// /// By Email address: /// /// /// /// <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="AmazonCustomerByEmail"><EmailAddress><>Grantees@email.com<></EmailAddress>lt;/Grantee> /// /// /// /// /// The grantee is resolved to the CanonicalUser and, in a response to a GET Object acl /// request, appears as the CanonicalUser. /// ///
/// /// Using email addresses to specify a grantee is only supported in the following Amazon /// Web Services Regions: /// ///
- /// /// US East (N. Virginia) /// ///
- /// /// US West (N. California) /// ///
- /// /// US West (Oregon) /// ///
- /// /// Asia Pacific (Singapore) /// ///
- /// /// Asia Pacific (Sydney) /// ///
- /// /// Asia Pacific (Tokyo) /// ///
- /// /// Europe (Ireland) /// ///
- /// /// South America (São Paulo) /// ///
/// /// For a list of all the Amazon S3 supported Regions and endpoints, see Regions /// and Endpoints in the Amazon Web Services General Reference. /// ///

Related Resources /// ///

/// /// CreateBucket /// /// ///
/// /// DeleteBucket /// /// ///
/// /// GetObjectAcl /// /// ///

///

public partial class PutACLRequest : AmazonWebServiceRequest { private S3AccessControlList accessControlPolicy; private S3CannedACL cannedACL; private string bucket; private ChecksumAlgorithm _checksumAlgorithm; private string expectedBucketOwner; private string key; private string versionId; ///

/// Custom ACLs to be applied to the bucket or object. ///

public S3AccessControlList AccessControlList { get { return this.accessControlPolicy; } set { this.accessControlPolicy = value; } } // Check to see if AccessControlPolicy property is set internal bool IsSetAccessControlPolicy() { return this.accessControlPolicy != null; } ///

/// The canned ACL to apply to the bucket. /// ///

public S3CannedACL CannedACL { get { return this.cannedACL; } set { this.cannedACL = value; } } // Check to see if CannedACL property is set internal bool IsSetCannedACL() { return this.cannedACL != null; } ///

/// The bucket name that contains the object to which you want to attach the ACL. /// When using this API with an access point, you must direct requests to the access point hostname. /// The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. /// When using this operation with an access point through the AWS SDKs, you provide the access point /// ARN in place of the bucket name. For more information about access point ARNs, see /// Using Access Points /// in the Amazon Simple Storage Service Developer Guide. ///

public string BucketName { get { return this.bucket; } set { this.bucket = value; } } // Check to see if BucketName property is set internal bool IsSetBucketName() { return this.bucket != null; } ///

/// Gets and sets the property ChecksumAlgorithm. /// /// Indicates the algorithm used to create the checksum for the object. Amazon S3 will /// fail the request with a 400 error if there is no checksum associated with the object. /// For more information, see /// Checking object integrity in the Amazon S3 User Guide. /// ///

public ChecksumAlgorithm ChecksumAlgorithm { get { return this._checksumAlgorithm; } set { this._checksumAlgorithm = value; } } // Check to see if ChecksumAlgorithm property is set internal bool IsSetChecksumAlgorithm() { return this._checksumAlgorithm != null; } ///

/// The account ID of the expected bucket owner. /// If the bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error. ///

public string ExpectedBucketOwner { get { return this.expectedBucketOwner; } set { this.expectedBucketOwner = value; } } ///

/// Checks to see if ExpectedBucketOwner is set. ///

/// true, if ExpectedBucketOwner property is set. internal bool IsSetExpectedBucketOwner() { return !String.IsNullOrEmpty(this.expectedBucketOwner); } ///

/// The key of an S3 object. /// If not specified, the ACLs are applied to the bucket. /// /// Key for which the PUT action was initiated. /// /// /// When using this action with an access point, you must direct requests to the access point hostname. /// The access point hostname takes the form AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com. /// When using this action with an access point through the Amazon Web Services SDKs, you provide the access point ARN in place of the bucket name. /// For more information about access point ARNs, see /// Using Access Points in the Amazon S3 User Guide. /// /// /// When you use this action with Amazon S3 on Outposts, you must direct requests to the S3 on Outposts hostname. /// The S3 on Outposts hostname takes the form AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com. /// When you use this action with S3 on Outposts through the Amazon Web Services SDKs, you provide the Outposts access point ARN in place of the bucket name. /// For more information about S3 on Outposts ARNs, see /// What is S3 on Outposts in the Amazon S3 User Guide. /// ///

/// /// This property will be used as part of the resource path of the HTTP request. In .NET the System.Uri class /// is used to construct the uri for the request. The System.Uri class will canonicalize the uri string by compacting characters like "..". /// For example an object key of "foo/../bar/file.txt" will be transformed into "bar/file.txt" because the ".." /// is interpreted as use parent directory. For further information view the documentation for /// the Uri class: https://docs.microsoft.com/en-us/dotnet/api/system.uri /// public string Key { get { return this.key; } set { this.key = value; } } // Check to see if Key property is set internal bool IsSetKey() { return this.key != null; } ///

/// If set and an object key has been specified, the ACLs are applied /// to the specific version of the object. /// This property is ignored if the ACL is to be set on a Bucket. ///

public string VersionId { get { return this.versionId; } set { this.versionId = value; } } ///

/// Checks if VersionId property is set. ///

/// true if VersionId property is set. internal bool IsSetVersionId() { return this.versionId != null; } } }