fix(cos): remove default acl config and support policy config

Author: yugasun

__tests__/cos.test.js

@@ -10,6 +10,24 @@ describe('Cos', () => {
   };
   const bucket = `serverless-cos-test-${process.env.TENCENT_APP_ID}`;
   const staticPath = path.join(__dirname, 'static');
+  const policy = {
+    Statement: [
+      {
+        Principal: { qcs: ['qcs::cam::anyone:anyone'] },
+        Effect: 'Allow',
+        Action: [
+          'name/cos:HeadBucket',
+          'name/cos:ListMultipartUploads',
+          'name/cos:ListParts',
+          'name/cos:GetObject',
+          'name/cos:HeadObject',
+          'name/cos:OptionsObject',
+        ],
+        Resource: [`qcs::cos:${process.env.REGION}:uid/${process.env.TENCENT_APP_ID}:${bucket}/*`],
+      },
+    ],
+    version: '2.0',
+  };
   const inputs = {
     bucket: bucket,
     src: staticPath,
@@ -43,6 +61,9 @@ describe('Cos', () => {
     force: true,
     protocol: 'https',
     replace: true,
+    acl: {
+      permissions: 'public-read',
+    },
   };
   const cos = new Cos(credentials, process.env.REGION);
 
@@ -65,6 +86,29 @@ describe('Cos', () => {
     expect(content).toMatch(/Serverless\sFramework/gi);
   });
 
+  test('should deploy Cos success with policy', async () => {
+    inputs.acl.permissions = 'private';
+    inputs.policy = policy;
+    const res = await cos.deploy(inputs);
+    await sleep(1000);
+    const reqUrl = `https://${bucket}.cos.${process.env.REGION}.myqcloud.com/index.html`;
+    const content = await request.get(reqUrl);
+    expect(res).toEqual(inputs);
+    expect(content).toMatch(/Serverless\sFramework/gi);
+  });
+
+  test('should deploy website success with policy', async () => {
+    websiteInputs.acl.permissions = 'private';
+    websiteInputs.policy = policy;
+    const res = await cos.website(websiteInputs);
+    await sleep(1000);
+    const websiteUrl = `${inputs.bucket}.cos-website.${process.env.REGION}.myqcloud.com`;
+    const reqUrl = `${websiteInputs.protocol}://${websiteUrl}`;
+    const content = await request.get(reqUrl);
+    expect(res).toBe(websiteUrl);
+    expect(content).toMatch(/Serverless\sFramework/gi);
+  });
+
   test('should remove Cos success', async () => {
     await cos.remove(inputs);
     try {

src/modules/cos/index.js

@@ -183,6 +183,29 @@ class Cos {
     }
   }
 
+  async setPolicy(inputs = {}) {
+    console.log(`Setting policy for bucket ${inputs.bucket}`);
+    const setPolicyParams = {
+      Bucket: inputs.bucket,
+      Region: this.region,
+    };
+    if (inputs.policy) {
+      setPolicyParams.Policy = inputs.policy;
+    }
+    const setPolicyHandler = this.promisify(this.cosClient.putBucketPolicy.bind(this.cosClient));
+    try {
+      await setPolicyHandler(setPolicyParams);
+    } catch (e) {
+      throw new ApiError({
+        type: `API_COS_putBucketPolicy`,
+        message: e.message,
+        stack: e.stack,
+        reqId: e.reqId,
+        code: e.code,
+      });
+    }
+  }
+
   async setTags(inputs = {}) {
     console.log(`Setting tags for ${this.region}'s bucket: ${inputs.bucket}`);
     const tags = [];
@@ -422,10 +445,6 @@ class Cos {
       },
     };
 
-    if (inputs.cors && inputs.cors.length > 0) {
-      await this.setAcl(inputs);
-    }
-
     const setWebsiteHandler = this.promisify(this.cosClient.putBucketWebsite.bind(this.cosClient));
     try {
       await setWebsiteHandler(staticHostParams);
@@ -615,17 +634,16 @@ class Cos {
       force: true,
     });
 
-    inputs.acl = {
-      permissions: 'public-read',
-      grantRead: '',
-      grantWrite: '',
-      grantFullControl: '',
-    };
-    await this.setAcl(inputs);
+    if (inputs.acl) {
+      await this.setAcl(inputs);
+    }
+
+    if (inputs.policy) {
+      await this.setPolicy(inputs);
+    }
 
     await this.setWebsite(inputs);
 
-    // 对cors进行额外处理
     if (inputs.cors) {
       await this.setCors(inputs);
     }
@@ -681,6 +699,9 @@ class Cos {
     if (inputs.acl) {
       await this.setAcl(inputs);
     }
+    if (inputs.policy) {
+      await this.setPolicy(inputs);
+    }
     if (inputs.cors) {
       await this.setCors(inputs);
     } else {