How to do the equivalent of 's3cmd setacl --acl-grant=read:82b82d.. s3://somebucket/..' in Ruby?

How can you do the equivalent of:

s3cmd setacl --acl-grant=read:82b82d14a8d011e09d86001cc029a3688cdd635ea8d011e0b499001cc029a3689052a4f4a8d011e0bd25001cc029a368 s3://somebucket/some/path/to/file

in Ruby? (preferably by using the 'aws-s3' gem)

=== Edit ===

As Soren suggests below, something similar to this should开发者_开发技巧 work:

grant = AWS::S3::ACL::Grant.new
grant.permission = 'READ'
grantee = AWS::S3::ACL::Grantee.new
grantee.id = '82b82d14a8d011e09d86001cc029a3688cdd635ea8d011e0b499001cc029a3689052a4f4a8d011e0bd25001cc029a368'
grant.grantee = grantee
acl = AWS::S3::S3Object.acl('some/path/to/file', 'somebucket')
acl.grants << grant
AWS::S3::S3Object.acl 'some/path/to/file', 'somebucket', acl 

However that does not work, I get the following error:

The XML you provided was not well-formed or did not validate against our published schema (AWS::S3::MalformedACLError)

Any ideas how to make this work?

I can't get it to work with the 'aws-s3' gem, but it does work with the 'rightscale_aws' gem:

require 'right_aws'

s3     = RightAws::S3.new(access_key, secret_key, {:logger => Logger.new('/dev/null')})
bucket =  s3.bucket('somebucket')

bucket.put 'some/path/to/file', open('/tmp/myfile')
access_id = '82b82d14a8d011e09d86001cc029a3688cdd635ea8d011e0b499001cc029a3689052a4f4a8d011e0bd25001cc029a368'
key = bucket.key('some/path/to/file')
RightAws::S3::Grantee.new(key, access_id, ['READ'], :apply)

I struggled exactly on the same error, the documentation is very poor on this point, you have to look at the Grantee class doc

In order to set a grantee id you need to specify :

grantee.type = "CanonicalUser"
grantee.name = "aName"
grantee.id = '82b82d14a8d011e09d86001cc029a3688cdd635ea8d011e0b499001cc029a3689052a4f4a8d011e0bd25001cc029a368'

This solves the malformed XML error that you have

Hope this helps, Vincent

I've run into the same bug myself. It seems that to work around it you need to first grab the policy of the object, then modify it, and apply the modified ACL back onto the object.

One difference I see is that you're not explicitly defining the type to be CanonicalUser. Another problem may be that the object whose ACL you're reading doesn't give you permission to do so (you lack a READ_ACP permission).

policy = AWS::S3::S3Object.acl('object_in_somebucket', 'somebucket')
grantee = AWS::S3::ACL::Grantee.new
grantee.type = 'CanonicalUser'
grantee.id = '82b82d14a8d011e09d86001cc029a3688cdd635ea8d011e0b499001cc029a3689052a4f4a8d011e0bd25001cc029a368'

grant = AWS::S3::ACL::Grant.new
grant.permission = 'READ'
grant.grantee = grantee
policy.grants << grant
AWS::S3::S3Object.acl('object_in_somebucket', 'somebucket', policy)

The Ruby implementation (which you find here http://amazon.rubyforge.org/ http://amazon.rubyforge.org/doc/ ) should work for you.