storage: some acl methods fail on empty (private) acl #652

pdknsk · 2015-02-16T10:51:36Z

Easiest to set this up with gsutil. Please notice the verbose message.

$ gsutil defacl set private gs://bucket
Setting default object ACL on gs://bucket/...
$ gsutil defacl get gs://bucket
No default object ACL present for gs://bucket. This could occur if the default object ACL is private, in which case objects created in this bucket will be readable only by their creators.
[]

In particular acl.reload and acl.save don't work, probably others too.

>>> acl = storage.acl.DefaultObjectACL(bucket)
>>> acl.get_entities()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/user/.local/lib/python2.7/site-packages/gcloud/storage/acl.py", line 358, in get_entities
    self._ensure_loaded()
  File "/home/user/.local/lib/python2.7/site-packages/gcloud/storage/acl.py", line 192, in _ensure_loaded
    self.reload()
  File "/home/user/.local/lib/python2.7/site-packages/gcloud/storage/acl.py", line 409, in reload
    for entry in found['items']:
KeyError: 'items'
>>> acl.get_entities()
[]
>>> acl.reload()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/user/.local/lib/python2.7/site-packages/gcloud/storage/acl.py", line 409, in reload
    for entry in found['items']:
KeyError: 'items'
>>> acl.save()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/user/.local/lib/python2.7/site-packages/gcloud/storage/acl.py", line 453, in save
    for entry in result[self._URL_PATH_ELEM]:
KeyError: 'defaultObjectAcl'

This works fine if the default ACL is set to project-private rather than private.

The text was updated successfully, but these errors were encountered:

dhermes · 2015-02-17T17:09:14Z

@pdknsk Thanks again for the great report!

I don't fully understand the meaning of private

It seems this is fixed easily by replacing found['items'] with found.get('items', []) and replacing result[self._URL_PATH_ELEM] with result.get(self._URL_PATH_ELEM, []).

Clarification: Are you authorized as yourself via gsutil when setting private?

Are you authorized as a service account when using gcloud-python?

pdknsk · 2015-02-19T11:57:03Z

It's a predefined ACL. I use the same owner account for both, set up with gcloud auth.

dhermes · 2015-02-19T16:20:08Z

@pdknsk Do you use gcloud auth with a user account (e.g. [email protected]) and then use a service account with gcloud-python?

pdknsk · 2015-02-19T16:21:03Z

Nope, it's a user account in both cases.

#652: Harden ACL 'save'/'reload' against missing element in server response.

dhermes added the api: storage Issues related to the Cloud Storage API. label Feb 18, 2015

dhermes modified the milestone: Storage Stable Feb 18, 2015

tseaver self-assigned this Feb 26, 2015

tseaver mentioned this issue Feb 26, 2015

#652: Harden ACL 'save'/'reload' against missing element in server response. #682

Merged

tseaver closed this as completed in #682 Feb 26, 2015

tseaver added a commit that referenced this issue Feb 26, 2015

Merge pull request #682 from tseaver/652-handle_empty_acls

51e286f

#652: Harden ACL 'save'/'reload' against missing element in server response.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

storage: some acl methods fail on empty (private) acl #652

storage: some acl methods fail on empty (private) acl #652

pdknsk commented Feb 16, 2015

dhermes commented Feb 17, 2015

pdknsk commented Feb 19, 2015

dhermes commented Feb 19, 2015

pdknsk commented Feb 19, 2015

storage: some acl methods fail on empty (private) acl #652

storage: some acl methods fail on empty (private) acl #652

Comments

pdknsk commented Feb 16, 2015

dhermes commented Feb 17, 2015

pdknsk commented Feb 19, 2015

dhermes commented Feb 19, 2015

pdknsk commented Feb 19, 2015