Better way to get S3 bucket owner

src/main/java/com/google/devtools/build/lib/remote/RemoteOptions.java

@@ -49,14 +49,6 @@ public final class RemoteOptions extends OptionsBase {
   )
   public String s3CacheBucket;
 
-  @Option(
-      name = "s3_full_control_userid",
-      defaultValue = "null",
-      category = "remote",
-      help = "An AWS canonical user id for a user who should have full control over uploaded objects"
-  )
-  public String s3FullControlUserId;
-
   @Option(name = "remote_fallback_strategy",
     allowMultiple = true,
     converter = AssignmentConverter.class,

src/main/java/com/google/devtools/build/lib/remote/S3ActionCache2.java

@@ -14,19 +14,14 @@
 
 package com.google.devtools.build.lib.remote;
 
-import com.amazonaws.AbortedException;
 import com.amazonaws.AmazonClientException;
 import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
 import com.amazonaws.services.s3.AmazonS3;
 import com.amazonaws.services.s3.AmazonS3Client;
 import com.amazonaws.services.s3.model.*;
-import com.google.common.hash.HashCode;
-import com.google.devtools.build.lib.actions.ActionInput;
-import com.google.devtools.build.lib.actions.ActionInputFileCache;
 import com.google.devtools.build.lib.concurrent.ThreadSafety.ThreadSafe;
 import com.google.devtools.build.lib.remote.RemoteProtocol.ContentDigest;
 import com.google.devtools.build.lib.vfs.Path;
-import com.google.protobuf.ByteString;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -36,16 +31,15 @@
 import java.io.FileOutputStream;
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
-import java.util.Collection;
 
 /**
  * xcxc
  */
 @ThreadSafe
 public final class S3ActionCache2 {
     private final String bucketName;
-    private final String s3userId;
     private final boolean debug;
+    private String bucketOwner;
 
     private static volatile int numConsecutiveErrors;
     private static volatile long disableUntilTimeMillis;
@@ -58,7 +52,6 @@ public final class S3ActionCache2 {
      */
     public S3ActionCache2(RemoteOptions options) {
         this.bucketName = options.s3CacheBucket;
-        this.s3userId = options.s3FullControlUserId;
         this.debug = options.remoteCacheDebug;
     }
 
@@ -200,19 +193,30 @@ public void put(String key, byte[] blob) {
         putObject(key, new PutObjectRequest(bucketName, key, new ByteArrayInputStream(blob), new ObjectMetadata()));
     }
 
+    private synchronized String getBucketOwner() {
+        if (bucketOwner == null) {
+            try {
+                bucketOwner = client.getBucketAcl(bucketName).getOwner().getId();
+                recordCacheSuccessfulOperation();
+            } catch (AmazonClientException e) {
+                recordCacheFailedOperation(e);
+            }
+        }
+        return bucketOwner;
+    }
+
     private void putObject(String key, PutObjectRequest object) {
         if (!isCacheEnabled()) {
             return;
         }
 
         long t0 = System.currentTimeMillis();
         try {
-            if (s3userId != null) {
-                Grantee grantee = new CanonicalGrantee(s3userId);
-                AccessControlList acl = new AccessControlList();
-                acl.grantPermission(grantee, Permission.FullControl);
-                object = object.withAccessControlList(acl);
-            }
+            // Make sure the bucket owner has full control of the uploaded object
+            Grantee grantee = new CanonicalGrantee(getBucketOwner());
+            AccessControlList acl = new AccessControlList();
+            acl.grantPermission(grantee, Permission.FullControl);
+            object = object.withAccessControlList(acl);
 
             client.putObject(object);
             if (debug) {