Using server privateKey to pass ACL information

[marstonstudio]

Hello,

The maven wagon plugin unfortunately doesn't look at the full configuration values of a server node, but there is a way to pass extra information by using the AuthenticationInfo that is passed into the wagon.

This pull request uses the privateKey value in the server node to set the ACL.

Any interest in incorporating this into your wagon?

Jon Marston

[jcaddel]

First of all, thanks for the pull request. I'm very interested in providing a way for the maven-wagon-plugin to upload artifacts that are not hard coded to be publicly available.

Was just re-looking at how to best pass permission related info from settings.xml to the maven-wagon-plugin and noticed something I missed before.

This page http://maven.apache.org/settings.html indicates that settings.xml already has support for:

<server>
  <id></id>
  <username></username>
  <password></password>
  <privateKey></privateKey>
  <passphrase></passphrase>
  <filePermissions></filePermissions>
  <directoryPermissions></directoryPermissions>
</server>

Since you are saying the maven-wagon-plugin accepts <privateKey> I'm wondering if it also accepts <filePermissions>?

If so, what seems like a better approach is to deprecate the custom <acl> tag the S3 wagon is using in favor of the <filePermissions> tag.

This would allow people to specify one of the enum values the AWS sdk supports inside of that tag.

 <filePermissions>AuthenticatedRead</filePermissions>

If the maven-wagon-plugin is already setup to accept that value, we've got the best of both worlds.

1 - More intuitive configuration for the maven-s3-wagon using the same tag documented by the Maven team 2 - Built in ACL support for the maven-wagon-plugin.

[marstonstudio]

I like the thinking, and I dug into it a bit, but the filePermissions and directoryPermissions nodes must have octal values (766). see http://stackoverflow.com/questions/2733447/can-maven-wagon-plugin-use-a-private-key-for-scp

I did try a few different things, but was unable to get at the repository or server information from inside the wagon. My best guess was to add this code in the S3Wagon.connectToRepository methos

RepositoryPermissions permissions = source.getPermissions(); if(permissions == null) { logger.info("no permissions set"); } else { logger.info("permissions.getDirectoryMode(): " + permissions.getDirectoryMode()); }

But I had no luck getting a repository permissions from my settings.xml to show up in the wagon code.

So for the time being, it looks like the privateKey hack is the best I can do. Is it good enough to merge into the plugin?

[jcaddel]

I'm not going to merge this into the maven-s3-wagon. Using the privateKey field to store the ACL would definitely work, but it's going to be confusing for people. Once the wagon-maven-plugin gets patched, I wouldn't want to support this method any longer.

I took a quick look at the wagon-maven-plugin and the fix on their side is very simple. I patched that code and attached it to this JIRA (http://jira.codehaus.org/browse/MOJO-1831) so hopefully that gets applied sometime soon.

In the meantime, I've also published a Kuali version of the wagon-maven-plugin that contains the patch, and thus allows direct use of that plugin in a way that supports custom ACL's.

Information on how to use the Kuali plugin is available here: http://site.kuali.org/maven/plugins/wagon-maven-plugin/1.0.0/plugin-info.html

[marstonstudio]

I like your solution! I switched my code over to use your patched wagon and it does exactly what I needed. I voted for the wagon patch too. :)