jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Kingsland <steve.kingsl...@opower.com>
Subject Re: Example of setting Blob ACL using S3 provider?
Date Thu, 25 Sep 2014 19:54:38 GMT
Andrew,

I'd be happy to create a ticket for using the BlobStore API to set
object-level ACLs on the putBlob() call, if you think it's achievable
across all providers that Jclouds supports. I won't be able to implement
this myself, though, because like I said Jclouds has advanced beyond the
point where I'm able to use the latest version, because of the Guava
version it depends on (see JCLOUDS-427).

I don't totally follow what you're talking about with signed URLs; is this
explained somewhere on jclouds.apache.org that I could read more about it,
and see if it fits my needs?

Also, perhaps I made too big a deal of the ACL issue; it's actually only 1
line of code, and it's working quite nicely for me locally:

    S3Object s3Object = s3Client.newS3Object();
    s3Object.setPayload(payload);
    s3Object.getMetadata().setKey(objectName);

    PutObjectOptions putObjectOptions =
*PutObjectOptions.Builder.withAcl(CannedAccessPolicy.PUBLIC_READ);*

    s3Client.putObject(bucketName, s3Object, putObjectOptions);

The only "catch" I struggled with was how to get a handle to the S3Client
instance; the docs on the site were out-of date. (I'll submit a pull
request to fix them up, although I'm not entirely sure what the difference
is between the AWSS3Client the docs are using, and the S3Client that I've
used. OK if I change them to use S3Client instead?)

Thanks for your help!



*Steve Kingsland*

Senior Software Engineer

*Opower* <http://www.opower.com/>


*We’re hiring! See jobs here <http://www.opower.com/careers>*

On Wed, Sep 24, 2014 at 7:03 PM, Andrew Gaul <gaul@apache.org> wrote:

> Many providers support ACLs and the jclouds portable abstraction could
> provide support for a subset of them, mostly the public read and write
> variants.  I opened a JIRA issue for container ACLs:
>
> https://issues.apache.org/jira/browse/JCLOUDS-660
>
> Could you open an issue for object ACLs?  Could you also research this
> issue further and potentially implement the desired functionality
> itself?  The portable abstraction is growing and it should provide
> support for copying blobs in the next major release.
>
> In the mean-time, you might consider signed URLs instead of object ACLs.
> Signed URLs allow your application to vend a time-limited read or write
> token to a client which then interacts with the object store directly.
> This approach offers finer-grained permissions and most jclouds
> providers support this feature.
>
> On Wed, Sep 24, 2014 at 02:28:53PM -0400, Steve Kingsland wrote:
> > Thanks Andrew, it now makes sense that ACLs would be a provider-specific
> > feature. Maybe my confusion arose simply because the S3-specific docs [1]
> > were a bit out-of-date, with regards to getting the provider-specific
> API?
> > (referencing a method which no longer exists)
> >
> > AFA supporting ACLs on the AWSS3PutOptions, I'm afraid that adding this
> to
> > the latest version of jclouds wouldn't help me at all. I'm stuck on 1.6.3
> > because of a Guava incompatibility between Jclouds (see JCLOUDS-427) and
> > the version of HBase we're using (see HBASE-9667). But that's fine;
> instead
> > of passing around a BlobStoreContext in my code, it's a straightforward
> > change to use an S3Client object instead, which gives me access to all
> the
> > S3-specific features (like ACLs) that I need.
> >
> >
> > [1] http://jclouds.apache.org/guides/aws/
> >
> >
> >
> > *Steve Kingsland*
> >
> > Senior Software Engineer
> >
> > *Opower* <http://www.opower.com/>
> >
> >
> > *We’re hiring! See jobs here <http://www.opower.com/careers>*
> >
> > On Wed, Sep 24, 2014 at 1:10 PM, Andrew Phillips <andrewp@apache.org>
> wrote:
> >
> > > was apparently removed in Jclouds 1.6. I think I can work around this
> using
> > >> contextBuilder.buildApi(S3Client.class) and the S3Object class to set
> the
> > >> ACL.
> > >>
> > >> But then if I have to use an S3-specific API to set an ACL, why not
> just
> > >> use the com.amazonaws.services.s3.AmazonS3Client client directly? How
> is
> > >> Jclouds actually benefitting me, if I'm using it to code directly to
> the
> > >> S3
> > >> provider?
> > >>
> > >
> > > The challenge here is that ACLs are not something that is supported by
> all
> > > the blobstores jclouds supports, so is not included in the BlobStore
> > > abstraction. In other words, coding with ACLs on blobs is implicitly
> making
> > > your code provider-dependent already.
> > >
> > > In order to support provider-specific features like that, jclouds
> indeed
> > > supports access to the underlying API, as you describe (see [1] for
> more
> > > details). This is indeed not all that different from using the provider
> > > client directly, but if the number of provider-specific calls you need
> to
> > > make are small, using jclouds will allow you to move to another
> provider
> > > relatively easily if you can re-implement the provider-specific calls
> or
> > > remove them.
> > >
> > > A "middle-ground approach" that jclouds takes for some options is the
> > > ability to pass provider-specific options to the abstract interface.
> E.g.
> > > something like:
> > >
> > > Blob myBlob = ...
> > > PutOptions options = AWSS3PutOptions.Builder.
> > > storageClass(...).otherOption...;
> > > blobstore.putBlob("myContainer", myBlob, options); // [2]
> > >
> > > This is *also* AWS-specific code, but not quite as tied to the specific
> > > underlying API. Unfortunately, "withAcl" is not an option currently
> > > supported on AWSS3PutOptions [3] (it *is* supported on PutObjectOptions
> > > [4], but that's the options class for the S3-specific call).
> > >
> > > That should be a relatively easy fix, though - would you be interested
> in
> > > submitting a PR for that?
> > >
> > > Hope that helps!
> > >
> > > ap
> > >
> > > [1] http://jclouds.apache.org/start/concepts/
> > > [2] http://javadocs.jclouds.cloudbees.net/org/jclouds/
> > > blobstore/BlobStore.html#putBlob(java.lang.String,
> > > org.jclouds.blobstore.domain.Blob, org.jclouds.blobstore.options.
> > > PutOptions)
> > > [3] http://javadocs.jclouds.cloudbees.net/org/jclouds/aws/
> > > s3/blobstore/options/AWSS3PutOptions.html
> > > [4] http://javadocs.jclouds.cloudbees.net/org/jclouds/s3/
> > > options/PutObjectOptions.html
> > >
>
> --
> Andrew Gaul
> http://gaul.org/
>

Mime
View raw message