Can I change the ACLs of Google Cloud Storage objects (or buckets) using the api application? I understand that this can be done using the REST API, but is there any support for this in the Api files in appengine? They can be set when creating a new object using GSFileObject, but can you modify existing objects?
You can use urlfetch.fetch and app_identity.get_access_token to easily send an authenticated request to the REST api.
from google.appengine.api import app_identity from google.appengine.api import urlfetch acl_xml = """ <AccessControlList><Entries> <Entry> <Scope type="UserByEmail"> foo@example.com </Scope> <Permission>READ</Permission> </Entry> </Entries></AccessControlList> """ scope = 'https://www.googleapis.com/auth/devstorage.full_control' token = app_identity.get_access_token(scope) response = urlfetch.fetch( 'http://storage.googleapis.com/bucket/obj?acl', method=urlfetch.PUT, payload=acl_xml, headers={'Authorization': 'OAuth %s' % token})
import com.google.appengine.api.appidentity.AppIdentityService; import com.google.appengine.api.appidentity.AppIdentityServiceFactory; import java.io.OutputStreamWriter; import java.net.HttpURLConnection; import java.net.URL; import java.util.ArrayList; public String setAcl() throws Exception { // Change foo@example.com to a valid email. // Repeat <Entry/> as many times as necessary. String xmlString = ""; xmlString += "<AccessControlList><Entries>"; xmlString += " <Entry>"; xmlString += " <Scope type=\"UserByEmail\"> foo@example.com </Scope>"; xmlString += " <Permission>READ</Permission>"; xmlString += " </Entry>"; xmlString += "</Entries></AccessControlList>"; ArrayList scopes = new ArrayList(); scopes.add("https://www.googleapis.com/auth/devstorage.full_control"); AppIdentityService.GetAccessTokenResult accessToken = AppIdentityServiceFactory.getAppIdentityService().getAccessToken(scopes); // Change bucket and obj to the bucket and object of interest. URL url = new URL("https://storage.googleapis.com/bucket/obj?acl"); HttpURLConnection connection = (HttpURLConnection) url.openConnection(); connection.setDoOutput(true); connection.setRequestMethod("PUT"); connection.addRequestProperty( "Authorization", "OAuth " + accessToken.getAccessToken()); OutputStreamWriter writer = new OutputStreamWriter(connection.getOutputStream()); writer.write(xmlString); writer.close(); if (connection.getResponseCode() != HttpURLConnection.HTTP_OK) { throw new Exception(); } }
Changing ACLs on existing objects is not supported using the Google Cloud Storage API App Engine, however I just wrote a feature request suggesting to add this feature.