====== [HOWTO] Using ACLs ======
^ Documentation ^|
^Name:|[HOWTO] Using ACLs |
^Description:| Howto setup bucket and object ACLs |
^Modification date :| 18/09/2019|
^Owner:|dodger|
^Notify changes to:|Owner |
^Tags:|ceph, object storage |
^Scalate to:|The_fucking_bofh|
====== Official documentation ======
===== For Objects =====
* [[https://docs.ceph.com/docs/nautilus/radosgw/s3/csharp/?highlight=acl#change-an-object-s-acl|Object ACL with c#]]
* [[https://docs.ceph.com/docs/nautilus/radosgw/s3/authentication/?highlight=acl#access-control-lists-acls|Complete CEPH ACL API methods]]
===== For Buckets =====
* [[https://docs.ceph.com/docs/nautilus/radosgw/s3/bucketops/?highlight=acl|Ceph bucket operations]]
* [[https://docs.ceph.com/docs/nautilus/radosgw/bucketpolicy/?highlight=acl|Ceph bucket policies]]
*
===== For both =====
* [[https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-rest-api.html|Amazon's Managing ACLs Using the REST API]]
* [[https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-using-dot-net-sdk.html|Amazon S3 C# acl examples]]
* [[https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html|Amazon ACL overview]]
====== Real life ======
===== Object to public+url =====
Python example:
def set_public(FileName):
filekey = bucket.get_key(FileName)
filekey.set_canned_acl('public-read')
fileUrl = filekey.generate_url(0, query_auth=False, force_http=True)
print(fileUrl)
This piece of code will make an object public and print the resulting URL, for example:
[[http://clover.ciberterminal.net/monguitest/david_hasselhoff_dog.jpg]]
===== Object to private =====
Python example:
def set_private(FileName):
filekey = bucket.get_key(FileName)
filekey.set_canned_acl('private')
This piece of code will make an object private
===== Signed URL for object download (timestamped) =====
Python example:
def get_signed_url(FileName):
filekey = bucket.get_key(FileName)
fileUrl = filekey.generate_url(3600, query_auth=True, force_http=True)
print(fileUrl)
This piece will generate a download url for an object (it can be a **private object**) and print it:
bofher@avmlm-salt-001 ~/scripts/ceph :( $ python s3_wrapper_v2.py --put secret.txt
secret.txt
bofher@avmlm-salt-001 ~/scripts/ceph $ python s3_wrapper_v2.py --onehourlink secret.txt
http://clover.ciberterminal.net/monguitest/secret.txt?Signature=3gaNKewt3tM1DdgyA3ap%2BlneLeU%3D&Expires=1568794738&AWSAccessKeyId=W45IHOZ15VWDTEHHV01C