RiakCS - Making object publicly accessible

[IvanLuber]

Hi, I've been using minio-go to upload and download image files (PutObject and GetObject) in Riak CS (AWS Signature version 2), and It works splendidly.
But Problem arised when there's a need to access those images with URLs. I got 'access denied' when requesting this url through my browser :
thehost/bucket_name/file_name
*I put the file directly under the bucket.

I tried using SetBucketPolicy :
err = minioClient.SetBucketPolicy("bucketname", "", policy.BucketPolicyReadWrite)
But I got '415 Unsupported Media Type' error (same error when using ./mc policy command line)

I also tried using PresignedGetObject, it returns an URL, but still AccessDenied

Is there a way to upload an object (image) publicly as default ?

Best Regards again, its a great service.

[IvanLuber]

we also have ruby code that connects to riak cs with fog-aws gem. They have sort of a "public option"

args = {
	  key:    someKey,
	  body:   someimage,
	  content_type: 'image/png',
          public: true
}
RiakStorage.directory('bucketname').files.create(args)

So the image can be accessed publicly. I need the same functionality with golang.

[poornas]

@IvanLuber , setting the bucket policy is the correct approach. It looks like a Riak CS bug in parsing media type from content-type header. You should raise your issue on RiakCS project.

[IvanLuber]

hi @poornas , thanks for your quick response.
Unfortunately I'm not quite sure how to raise issue on riak cs project ( This repo : https://github.com/basho/riak_cs , right? ).
If it's not too much, Maybe you can give me the detailed api request which is sent to RiakCS when using SetBucketPolicy. Or any other information that may be helpful,so the guys from riakcs can clearly address their problem.`

I'm also still confused about "prefix" string. I presumed if I upload something to bucket named "uploads" with key "image/object1" , then that object have prefix equal to "image". furthermore, An empty prefix ("") is possible (if object stored directly under the bucket). (Is it true?)

I am somewhat new to Riak and cloud computing, I hope you can explain it to me.

[harshavardhana]

@IvanLuber Riak only supports BucketACLs we do not support that in minio-go and are not planning to support it in near future.

What Riak needs to implement is SetBucketPolicy API http://docs.aws.amazon.com/AmazonS3/latest/user-guide/add-bucket-policy.html

[IvanLuber]

Ok @harshavardhana , I'll raise this issue to RiakCS rightaway.

[IvanLuber]

@harshavardhana @poornas , in the issue page I raised in riak_cs repo (basho/riak_cs#1346) ,
they said, and I quote :
"
As I did that work for sure basho/riak_cs#364 , I think you may have misconfigured something either on the CS or on client side.
"

could it really be an issue in minio-go ?

To clear things up,
I initialilze my minio client using NewV2, and tried using SetBucketPolicy :

minioClient, err := riakcs.NewV2(endpoint, accessKeyID, secretAccessKey, useSSL)
err = minioClient.SetBucketPolicy("uploads", "", policy.BucketPolicyReadWrite)

but got error 415 unsupported media when setting policy.
*the "uploads" bucket is already availible publicly (created long time ago), prefix = "" (empty string)
*the connection worked well, I successfully used PutObject & GetObject

[harshavardhana]

Can you set riakcs.TraceOn(os.Stderr) in your code and send us the trace output ?

[IvanLuber]

Here is the output :

---------START-HTTP---------
GET /uploads/?location= HTTP/1.1
Host: 192.168.34.170:8080
User-Agent: Minio (linux; amd64) minio-go/4.0.4
Authorization: AWS **REDACTED**:**REDACTED**
Date: Thu, 07 Dec 2017 00:29:34 GMT
Accept-Encoding: gzip

HTTP/1.1 200 OK
Content-Length: 136
Content-Type: application/xml
Date: Thu, 07 Dec 2017 00:26:30 GMT
Server: Riak CS
---------END-HTTP---------
---------START-HTTP---------
GET /uploads/?policy= HTTP/1.1
Host: 192.168.34.170:8080
User-Agent: Minio (linux; amd64) minio-go/4.0.4
Authorization: AWS **REDACTED**:**REDACTED**
Date: Thu, 07 Dec 2017 00:29:34 GMT
Accept-Encoding: gzip

HTTP/1.1 404 Not Found
Content-Length: 207
Content-Type: application/xml
Date: Thu, 07 Dec 2017 00:26:30 GMT
Server: Riak CS

<?xml version="1.0" encoding="UTF-8"?><Error><Code>NoSuchBucketPolicy</Code><Message>The specified bucket does not have a bucket policy.</Message><Resource>/uploads/</Resource><RequestId></RequestId></Error>---------END-HTTP---------
---------START-HTTP---------
PUT /uploads/?policy= HTTP/1.1
Host: 192.168.34.170:8080
User-Agent: Minio (linux; amd64) minio-go/4.0.4
Content-Length: 417
Authorization: AWS **REDACTED**:**REDACTED**
Content-Md5: d4Sj0xE9GbH0UsQ4mjtPjQ==
Date: Thu, 07 Dec 2017 00:29:34 GMT
Accept-Encoding: gzip

HTTP/1.1 415 Unsupported Media Type
Content-Length: 0
Content-Type: application/json
Date: Thu, 07 Dec 2017 00:26:30 GMT
Server: Riak CS
---------END-HTTP---------
415 Unsupported Media Type

[poornas]

@IvanLuber , if you look at the last part of the trace PUT /uploads/?policy= HTTP/1.1 is not sending content-type as we are not required to, and we are in compliance with s3 spec . Riak seems to be expecting content-type header and throwing an error. You should check with RiakCS on this.

[IvanLuber]

@poornas , I'va passed it to basho/riak_cs#1346 ,
while waiting, I want to ask,
does SetBucketPolicy only set permission for a bucket ? not a file ? because as far as i know, a "public" bucket may have a "private" object inside it.
is there a way in minio-go to set permission to public for a single object ?

[poornas]

@IvanLuber, that's right - policies can only be set at the bucket level.However, you should be able to access an object in a private bucket if you generate the url via PresignedGetObject method. You could get the trace of that command as well.

[deekoder]

@IvanLuber closing this as its no longer actionable to us at minio. Please feel free to reopen if you think we have to discuss this more.