Is it possible to change the ACLs of Google Cloud Storage objects(or buckets) using the appengine Api? I understand that this can be done using the REST API, but is there support for this in the Files Api in appengine? They can be set when creating a new object using GSFileObject, however can you change on existing objects??
Changing ACL for Google Cloud Storage from Appengine (JAVA)
Asked Answered
You can use urlfetch.fetch and app_identity.get_access_token to easily send an authenticated request to the REST api.
Python:
from google.appengine.api import app_identity
from google.appengine.api import urlfetch
acl_xml = """
<AccessControlList><Entries>
<Entry>
<Scope type="UserByEmail">[email protected]</Scope>
<Permission>READ</Permission>
</Entry>
</Entries></AccessControlList>
"""
scope = 'https://www.googleapis.com/auth/devstorage.full_control'
token = app_identity.get_access_token(scope)
response = urlfetch.fetch(
'http://storage.googleapis.com/bucket/obj?acl',
method=urlfetch.PUT,
payload=acl_xml,
headers={'Authorization': 'OAuth %s' % token})
Java:
import com.google.appengine.api.appidentity.AppIdentityService;
import com.google.appengine.api.appidentity.AppIdentityServiceFactory;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.ArrayList;
public String setAcl() throws Exception {
// Change [email protected] to a valid email.
// Repeat <Entry/> as many times as necessary.
String xmlString = "";
xmlString += "<AccessControlList><Entries>";
xmlString += " <Entry>";
xmlString += " <Scope type=\"UserByEmail\">[email protected]</Scope>";
xmlString += " <Permission>READ</Permission>";
xmlString += " </Entry>";
xmlString += "</Entries></AccessControlList>";
ArrayList scopes = new ArrayList();
scopes.add("https://www.googleapis.com/auth/devstorage.full_control");
AppIdentityService.GetAccessTokenResult accessToken =
AppIdentityServiceFactory.getAppIdentityService().getAccessToken(scopes);
// Change bucket and obj to the bucket and object of interest.
URL url = new URL("https://storage.googleapis.com/bucket/obj?acl");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setDoOutput(true);
connection.setRequestMethod("PUT");
connection.addRequestProperty(
"Authorization", "OAuth " + accessToken.getAccessToken());
OutputStreamWriter writer = new OutputStreamWriter(connection.getOutputStream());
writer.write(xmlString);
writer.close();
if (connection.getResponseCode() != HttpURLConnection.HTTP_OK) {
throw new Exception();
}
}
More info:
Since there is not yet an implementation in the Api, I choose your answer. Easy than I thought to make an authenticated request. I had no idea about the identity Api. thnks! –
Contemptible
So jealous of Python programmers right now...been messing with the Java version of this for several hours with no luck! –
Contemptible
I revoked the answer because I have not been able to do a working example in JAVA –
Contemptible
Added a java example. Sorry for missing that originally. –
Spatz
Thanks for adding the java example, it worked with a few modifications. BTW, do you know if you can ADD an ACL to an object? When I use this method, the acls were replaced with the acl provided in the xml. –
Contemptible
I think you just posted another question on this right? I answered there :) –
Spatz
The XML api does not allow you to add/remove acls -- just replace all of them. The JSON api does support add/remove semantics. –
Spatz
holy crud. i didn't know that's how you can get an OAuth token. so easy!!! thank you!!! –
Bookrest
Modifying ACLs on existing objects is not supported via the App Engine Google Cloud Storage API, however, I've just written a feature request asking to add that capability.
Btw, if you're creating objects with similar ACLs, using a default bucket or object acl might help (details: developers.google.com/storage/docs/accesscontrol#default). –
Avaavadavat
© 2022 - 2024 — McMap. All rights reserved.