1. 技术文章
  2. Changing ACL for Google Cloud Storage from Appengine (JAVA)

Changing ACL for Google Cloud Storage from Appengine (JAVA)

隐身守侯 提交于 2019-12-21 04:25:34

问题


Is it possible to change the ACLs of Google Cloud Storage objects(or buckets) using the appengine Api? I understand that this can be done using the REST API, but is there support for this in the Files Api in appengine? They can be set when creating a new object using GSFileObject, however can you change on existing objects??


回答1:


You can use urlfetch.fetch and app_identity.get_access_token to easily send an authenticated request to the REST api.

Python:

from google.appengine.api import app_identity
from google.appengine.api import urlfetch

acl_xml = """
<AccessControlList><Entries>
  <Entry>
    <Scope type="UserByEmail">foo@example.com</Scope>
    <Permission>READ</Permission>
  </Entry>
</Entries></AccessControlList>
"""
scope = 'https://www.googleapis.com/auth/devstorage.full_control'
token = app_identity.get_access_token(scope)
response = urlfetch.fetch(
    'http://storage.googleapis.com/bucket/obj?acl',
    method=urlfetch.PUT,
    payload=acl_xml,
    headers={'Authorization': 'OAuth %s' % token})

Java:

import com.google.appengine.api.appidentity.AppIdentityService;    
import com.google.appengine.api.appidentity.AppIdentityServiceFactory;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.ArrayList;

public String setAcl() throws Exception {
  // Change foo@example.com to a valid email.
  // Repeat <Entry/> as many times as necessary.
  String xmlString = "";
  xmlString += "<AccessControlList><Entries>";
  xmlString += "  <Entry>";
  xmlString += "    <Scope type=\"UserByEmail\">foo@example.com</Scope>";
  xmlString += "    <Permission>READ</Permission>";
  xmlString += "  </Entry>";
  xmlString += "</Entries></AccessControlList>";

  ArrayList scopes = new ArrayList();
  scopes.add("https://www.googleapis.com/auth/devstorage.full_control");

  AppIdentityService.GetAccessTokenResult accessToken =
      AppIdentityServiceFactory.getAppIdentityService().getAccessToken(scopes);

  // Change bucket and obj to the bucket and object of interest.
  URL url = new URL("https://storage.googleapis.com/bucket/obj?acl");
  HttpURLConnection connection = (HttpURLConnection) url.openConnection();
  connection.setDoOutput(true);
  connection.setRequestMethod("PUT");
  connection.addRequestProperty(
      "Authorization", "OAuth " + accessToken.getAccessToken());

  OutputStreamWriter writer = new OutputStreamWriter(connection.getOutputStream());
  writer.write(xmlString);
  writer.close();

  if (connection.getResponseCode() != HttpURLConnection.HTTP_OK) {
    throw new Exception();
  }
}

More info:

  • Python: https://developers.google.com/appengine/docs/python/appidentity/overview
  • Java: https://developers.google.com/appengine/docs/java/appidentity/overview
  • Relevant oauth scopes: https://developers.google.com/storage/docs/authentication#oauth



回答2:


Modifying ACLs on existing objects is not supported via the App Engine Google Cloud Storage API, however, I've just written a feature request asking to add that capability.



来源:https://stackoverflow.com/questions/13616007/changing-acl-for-google-cloud-storage-from-appengine-java

标签
google-app-engine
acl
google-cloud-storage
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!