:FSrSSKJr SSKJr SSKJr SSKJr SSKrSSKJr SSKJ r SS K J r SS K J r SS K J r SS K Jr SS KJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJr SSKJr SSK!J"r" SSK#J$r$ SSK%J&r& SSK'J(r( SSK'J)r) SSK*J+r+ Sr,Sr-Sr.S r/S!r0S"r1\,\-ReS#5-\.ReS#5-S$-r3S%S#Ri\/\0-\1-/5-r5\"\3\55r6\"\-\05r7\"\,\/5r8\"\.\15r9"S&S'\5r:g)(zFImplementation of default object acl command for Google Cloud Storage.)absolute_import)print_function)division)unicode_literalsN) gcs_json_api)metrics)AccessDeniedException)BadRequestException) Preconditions)ServiceException)Command)SetAclExceptionHandler)SetAclFuncWrapper)CommandArgument) ApiSelector)CommandException)CreateHelpText)StorageUrlFromString)UrlsAreForSingleProvider)storage_v1_messages) acl_helper)NO_MAX)Retry)GcloudStorageFlag)GcloudStorageMap)PRIVATE_DEFAULT_OBJ_ACLzJ gsutil defacl set (|) gs://... z( gsutil defacl get gs:// zF gsutil defacl ch [-f] -u|-g|-d|-p ... gs://... a[ SET The ``defacl set`` command sets default object ACLs for the specified buckets. If you specify a default object ACL for a certain bucket, Cloud Storage applies the default object ACL to all new objects uploaded to that bucket, unless an ACL for that object is separately specified during upload. Similar to the ``acl set`` command, the ``defacl set`` command specifies either a predefined ACL or the path to a file that contains ACL text. See "gsutil help acl" for examples of editing and setting ACLs via the acl command. See `Predefined ACLs `_ for a list of predefined ACLs. Setting a default object ACL on a bucket provides a convenient way to ensure newly uploaded objects have a specific ACL. If you don't set the bucket's default object ACL, it will default to project-private. If you then upload objects that need a different ACL, you will need to perform a separate ACL update operation for each object. Depending on how many objects require updates, this could be very time-consuming. z{ GET Gets the default ACL text for a bucket, which you can save and edit for use with the "defacl set" command. a CH The "defacl ch" (or "defacl change") command updates the default object access control list for a bucket. The syntax is shared with the "acl ch" command, so see the "CH" section of "gsutil help acl" for the full help description. CH EXAMPLES Grant anyone on the internet READ access by default to any object created in the bucket example-bucket: gsutil defacl ch -u AllUsers:R gs://example-bucket NOTE: By default, publicly readable objects are served with a Cache-Control header allowing such objects to be cached for 3600 seconds. If you need to ensure that updates become visible immediately, you should set a Cache-Control header of "Cache-Control:private, max-age=0, no-transform" on such objects. For help doing this, see "gsutil help setmeta". Add the user john.doe@example.com to the default object ACL on bucket example-bucket with READ access: gsutil defacl ch -u john.doe@example.com:READ gs://example-bucket Add the group admins@example.com to the default object ACL on bucket example-bucket with OWNER access: gsutil defacl ch -g admins@example.com:O gs://example-bucket Remove the group admins@example.com from the default object ACL on bucket example-bucket: gsutil defacl ch -d admins@example.com gs://example-bucket Add the owners of project example-project-123 to the default object ACL on bucket example-bucket with READ access: gsutil defacl ch -p owners-example-project-123:R gs://example-bucket NOTE: You can replace 'owners' with 'viewers' or 'editors' to grant access to a project's viewers/editors respectively. CH OPTIONS The "ch" sub-command has the following options -d Remove all roles associated with the matching entity. -f Normally gsutil stops at the first error. The -f option causes it to continue when it encounters errors. With this option the gsutil exit status will be 0 even if some ACLs couldn't be changed. -g Add or modify a group entity's role. -p Add or modify a project viewers/editors/owners role. -u Add or modify a user entity's role.  z z. The defacl command has three sub-commands: c^\rSrSrSr\R "S/SQ\S\SSSS\ R\ R/\ R\ R"5\ R"5/\ R"S5/\ R"5/S .S 9 r\R""S/S QS S \\\\S.S9rU4SjrSrSrSrSr\"\SSS9S5rSrSr Sr!U=r"$) DefAclCommandz(Implementation of gsutil defacl command.defacl) setdefacl getdefaclchdefaclz fg:u:d:p:F)setgetch) command_name_aliasesusage_synopsismin_argsmax_argssupported_sub_args file_url_okprovider_url_okurls_start_arggs_api_supportgs_default_apiargparse_arguments)z default aclr"r#r$ command_helpz*Get, set, or change default ACL on buckets)r(r'r)) help_namehelp_name_aliases help_typehelp_one_line_summary help_textsubcommand_help_textc >URRS5nUS:Xa[/SQ0S9nGO US:XaURRS5n[RR U5(a[SSSS U-/0S9nOU[ R;a[ RUnOUn[SSSS U-/0S9nOzUS :XatUR5 [R"UR5Ul [/S Q[S 5[S 5[S 5[S5[S5S.S9n[TU]9W5$)Nrr()storagebucketsdescribez,--format=multi(defaultObjectAcl:format=json)z--raw)gcloud_commandflag_mapr'r=r>updatez--default-object-acl-file=z --predefined-default-object-acl=r))r=r>rBz--add-default-object-acl-grantz!--remove-default-object-acl-grantz--continue-on-error)-g-p-u-dz-f)argspoprospathisfiler+FULL_PREDEFINED_ACL_XML_TO_JSON_TRANSLATION ParseSubOptsrtranslate_sub_opts_for_shimsub_optsrsuperget_gcloud_storage_args)self sub_commandgcloud_storage_mapacl_file_or_predefined_aclpredefined_acl __class__s (platform/gsutil/gslib/commands/defacl.pyrQ%DefAclCommand.get_gcloud_storage_argss^))--"Ke+    #'99==#3 ''..3 4 4-9h,/II   &  D D FFF,. 6.-9h2^C      <>cUR(dUR5 URSR5S:XdURS:Xagg)Nrr'r"r&)rG$RaiseWrongNumberOfArgumentsExceptionlowercommand_alias_usedrRs rX_CalculateUrlsStartArg$DefAclCommand._CalculateUrlsStartArgsB 99 //1 ! % ;.  rZc[URS5R5(d[SUR-5eUR [ [5 g![a UR5 ef=f)N)URL must name a bucket for the %s command) rrGIsBucketr command_nameSetAclCommandHelperrrr _WarnServiceAccountsr_s rX _SetDefAclDefAclCommand._SetDefAclsq  " . 7 7 9 9 H!../ 00  02HI   !  s A A<c[URS5R5(d[SUR-5eUR URS5 g)Nrrd)rrGrerrfGetAndPrintAclr_s rX _GetDefAclDefAclCommand._GetDefAclsR  ! - 6 6 8 8 H!../ 00 ! %rZcSUl/UlUR(Ga2URGH!upUS:XaFURR[R "U[R RS95 US:XaFURR[R "U[R RS95 US:XaFURR[R "U[R RS95 US:XdMURR[R"U55 GM$ UR(d [S5e[UR5(a&[URS5RS :wa$[S R!UR"55e[%5nURH`nUR'U5HHnUR(R+5(d [S 5eUR-UR(5 MJ Mb UHnUR/U5 M g ) zDParses options and changes default object ACLs on specified buckets.TrC) scope_typerErDrFzFPlease specify at least one access change with the -g, -u, or -d flagsrgsz2The "{0}" command can only be used with gs:// URLsz5The defacl ch command can only be applied to buckets.N)parse_versionschangesrOappendr AclChange ChangeTypeGROUPUSERPROJECTAclDelrrrGrschemeformatrfr'WildcardIterator storage_urlreaddApplyAclChanges)rRoa bucket_urlsurl_argresultr~s rX _ChDefAclDefAclCommand._ChDefAclsDDL }}}--$! 9 ,,  ""11F1F1L1LM O 9 ,,  ""11F1F1K1KL N 9 ,,  ""11F1F1N1NO Q 9 ,,  j//2 3  << < == %TYY / /TYYq\*11T9  > E E ! ""%K99))'2&!!**,, EG G**+ 3#  ;'#rZ)tries timeout_secscURRURURSS/S9nURnUR X5S:XaUR RSU5 gU(dUR[5 [URS9n[R"US9nURRURUUURS /S 9 UR RS U5 g![an[!S [#U5-5eSnAf[$a UR'5 [!S U-5ef=f)z8Applies the changes in self.changes to the provided URL.defaultObjectAclmetageneration)providerfieldsrzNo changes to %sN)meta_gen_match)rid) preconditionsrrzUpdated default ACL on %sz$Received bad request from server: %szTFailed to set acl for %s. Please ensure you have OWNER-role access to this resource.) gsutil_api GetBucket bucket_namer{r$_ApplyAclChangesAndReturnChangeCountloggerinfortrr rapitools_messagesBucket PatchBucketr rstrr rh)rRurlbucket current_aclrbucket_metadataes rXrDefAclCommand.ApplyAclChanges=sF__ & & "$45'7F))K 00BaG kk)3/ 01J#63H3HIm)00+No oo!!#//"10=+.::*. "1  kk2C8 N Cc!fL MM J ! CEHI JJJs A5D E D$$,EcnSnURH"nX4RXSUR5- nM$ U$)Nrr!)rsExecuter)rRr~defacl_messagemodification_countchanges rXr2DefAclCommand._ApplyAclChangesAndReturnChangeCountes?,,NN;+3T[[BB rZcpURRS5nURSS9 SUlSUlUS:Xa UR nODUS:Xa UR nO1US;a URnO[SU<S UR<S 35e[R"U/URS 9 U"5 g) z+Command entry point for the defacl command.rT) check_argsFr(r')r)rzInvalid subcommand "z " for the z# command. See "gsutil help defacl".) subcommandsrO) rGrHrMdef_aclcontinue_on_errorrmrirrrfrLogCommandParamsrO)rRaction_subcommandfuncs rX RunCommandDefAclCommand.RunCommandls a(&DL"DE! __d e # __d . . ^^d /1B1BD EE  *;)<&*mm5F rZ)rsrrrrrO)#__name__ __module__ __qualname____firstlineno____doc__r CreateCommandSpec _SYNOPSISrrXMLJSONrMakeFileURLOrCannedACLArgument%MakeZeroOrMoreCloudBucketURLsArgumentMakeNCloudBucketURLsArgument command_specHelpSpec_DETAILED_HELP_TEXT_get_help_text_set_help_text _ch_help_text help_specrQr`rirmrrr rrr__static_attributes__ __classcell__)rWs@rXrrs0**A$!oo{'7'78 %%<<>CCE ">>qAB FFHI ,,MH# )3?j & &(P 3%J4%JN  rZr);r __future__rrrrrIgslibrrgslib.cloud_apir r r r gslib.commandr rrgslib.command_argumentrgslib.cs_api_maprgslib.exceptionrgslib.help_providerrgslib.storage_urlrr"gslib.third_party.storage_apitoolsrr gslib.utilsrgslib.utils.constantsrgslib.utils.retry_utilrgslib.utils.shim_utilrrgslib.utils.translation_helperr _SET_SYNOPSIS _GET_SYNOPSIS _CH_SYNOPSIS_SET_DESCRIPTION_GET_DESCRIPTION_CH_DESCRIPTIONlstriprjoin _DESCRIPTIONrrrrrrZrXrs&M&%' 1/),!0+2(,.26W"((32B   , 9v]11$7 7   &')/0  ii!$44FGHI %Y = /?@ /?@|_= a Ga rZ