Google-cloud-node: options.public to storage/File.createWriteStream doesn't make uploaded files public

Setting public: true will set the object's predefinedAcl to publicRead. Calling file.makePublic() will grant the READER role to allUsers. Do you have any existing rules that might be trumping the predefinedAcl?

To test, I created a new bucket and new file, so that no existing configuration could get in the way.

The bucket's permissions:

The bucket's default object permissions:

The bucket's contents:

The file's permissions:

@stephenplusplus So, the only issue here should be an existing rule trumping predefinedAcl? Am not aware of having any such rule, but I'll look.

@stephenplusplus How did you add the allusers: Reader bit? Does this correspond to predefinedAcl: publicRead?

Yes, that came from setting predefinedAcl: publicRead.

@jgeewax, am I giving out correct information?

@stephenplusplus OK, so that should mean that predefinedAcl: publicRead is equivalent to calling file.makePublic() does it not? I end up with the same in my file permissions, by calling file.makePublic().

We saw this same issue lately as well. We used the CLI (since the UI didn't have this feature) to change the predefinedAcl on the whole bucket since we didn't want to call file.makePublic() on every file.

It would be ideal if the option worked as expected and make the file public.

I would like to resolve this the right way once and for all! I'm going to need some help from @jgeewax, @omaray, maybe @capstan. Simply put, what needs to be in an upload request body that makes the file being uploaded public? Thanks!

@stephenplusplus Come to think of it, how would you write a test for this issue? Apparently it's not solved, so seems as if you lack a test for this functionality.

We do: https://github.com/GoogleCloudPlatform/google-cloud-node/blob/35573c31e834c841b99ae73f6cf5e647b76ae7cc/packages/storage/system-test/storage.js#L424 -- but if we're not doing it the right way, we'll need to rewrite the test.

@stephenplusplus I guess there's some sort of false positive there, looks that way at least.

Indeed, looking forward to fixing this :)

@stephenplusplus When you upload an object, you can specify either a predefined ACL or a fully-enumerated ACL, and you get errors if you have both. If you don't want to bother writing client logic, you could just always turn public: true to the predefined ACL but then also use whatever client-provided ACL and let the service return the error that you cannot cross the streams. Seems like a bad idea to have the client specify one ACL that doesn't set it to public read and another in the same request that does. Or perhaps I'm misunderstanding and there's no additional user-provided ACL?

We're not really running into conflicting ACL specifications during the upload here. In the simplest case, a user might want to upload a file and make it public in one line, and it would look like this:

bucket.upload('./localfile.txt', { public: true }, function(err) {})

That would send POST https://.../o?name=localfile.txt&predefinedAcl=publicRead.

Is this what our library should do, or is there more to it?

I presume there's no body to the POST if resumable and it also contains an uploadType URL parameter that's either media or resumable? If so, then, that's exactly what it should do. Does the ACL you get back from such an object not list allUsers: READER?

The file does indeed get allUsers: READER permissions.

@aknuds1 @Splaktar can you show screenshots similar to the ones I've posted after uploading a new file? Everything seems to be working for me, as shown in my earlier post: https://github.com/GoogleCloudPlatform/google-cloud-node/issues/1566#issuecomment-244944739

It seems like we're doing this right as far as the API is concerned. If I'm missing something, we'll re-open and get back to work. Thanks!

Sorry, I ran out of bandwidth to debug this and then Hurricane Matthew hit. We were able to work around it for now. Thanks.