Python-docs-samples: How can I set the ACL of objects being upload using a signed URL?

Created on 11 Apr 2019  路  4Comments  路  Source: GoogleCloudPlatform/python-docs-samples

I'm following the example found in python-docs-samples/storage/signed_urls/generate_signed_urls.py in order to create a signed URL that I can use to upload an object to Cloud Storage.

I'd like to know how I can make the objects I'm uploading (via curl, let's say) publicly visible. I've tried setting/providing the x-goog-acl header (see below) in the URL signing function and in my request, but this doesn't seem to impact the newly created object. (Note: I _do_ see the new header in the resulting signed URL.)

New header:

if headers is None:
    headers = dict()
headers['host'] = 'storage.googleapis.com'
headers['x-goog-acl'] = 'public-read'

Request:

curl -v -X POST -H 'x-goog-acl:public-read' $URL -F "[email protected]"

I'm sure others have wanted/will want to know how to do this and I think it'd be a worthwhile addition to the example and documentation.

storage question
Source
picture ethagnawl

All 4 comments

There's a sample showing how to make objects public: https://cloud.google.com/storage/docs/access-control/making-data-public#storage-make-object-public-python

Is this not sufficient because you need the objects public as soon as they're uploaded?

JesseLovelace picture JesseLovelace on 5 Dec 2019

Jesse, @ethagnawl would like to automatically set the newly upload object public from the start using a SignedURL. It should be possible by supplying the x-goog-acl header in the upload request. He'd like to see this example added to our documentation.

Potentially here:
https://cloud.google.com/storage/docs/access-control/signing-urls-manually

I'd recommend starting with an example using gsutil and cURL. Lowest hanging fruit.

frankyn picture frankyn on 5 Dec 2019
👍1

This is a derivative of the following example:
https://cloud.google.com/storage/docs/access-control/signing-urls-with-helpers#code-samples

ACL specific example:

from google.cloud import storage
import datetime


def generate_upload_signed_url_v4(bucket_name, blob_name):
    """Generates a v4 signed URL for uploading a blob using HTTP PUT.

    Note that this method requires a service account key file. You can not use
    this if you are using Application Default Credentials from Google Compute
    Engine or from the Google Cloud SDK.
    """
    # bucket_name = 'your-bucket-name'
    # blob_name = 'your-object-name'

    storage_client = storage.Client()
    bucket = storage_client.bucket(bucket_name)
    blob = bucket.blob(blob_name)

    url = blob.generate_signed_url(
        version="v4",
        # This URL is valid for 15 minutes
        expiration=datetime.timedelta(minutes=15),
        # Allow PUT requests using this URL.
        method="PUT",
        content_type="application/octet-stream",
        headers={'x-goog-acl':'public-read'},
    )

    print("Generated PUT signed URL:")
    print(url)
    print("You can use this URL with any user agent, for example:")
    print(
        "curl -X PUT -H 'x-goog-acl: public-read' -H 'Content-Type: application/octet-stream' "
        "--upload-file 'my-file' '{}'".format(url)
    )
    return url

generate_upload_signed_url_v4("anima-frank", "object-name")

Apologies for the delay.

frankyn picture frankyn on 30 Apr 2020
👍1

Apologies for the delay.

No worries at all.

This example is very useful and I'm sure others will appreciate it in the future. Thanks!

ethagnawl picture ethagnawl on 1 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

antoineChammas picture antoineChammas  路  7Comments
kunalvjti picture kunalvjti  路  3Comments
helloworldkr picture helloworldkr  路  4Comments
matteo-mazzanti picture matteo-mazzanti  路  7Comments
LuizFernandoCabral picture LuizFernandoCabral  路  6Comments