stackoom
  简体   繁体   中英

Equivalent of AWS s3 x-amz-acl header in Azure and Google Cloud

 原文  2021-08-16 14:51:45       amazon-s3/ google-cloud-storage/ azure-storage

Question

In AWS S3 when uploading an object you can add "x-amz-acl=bucket-owner-full-control" to url (as query parameter) to make the object belong to the bucket and not the uploader. How do you achieve the same when using Cloud Storage or Azure Storage?

3 answers

solution1
 2  2021-08-16 14:57:16

How do you achieve the same when using Cloud Storage or Azure Storage?

In Azure Storage, you don't have to do anything special. The ownership of objects (blobs) always lie with the storage account owner where the blob is being uploaded. They can delegate permissions to manage the blob to some other users but the ownership always remains with the account owner.

solution2
 1  2021-08-16 23:03:36

Firebase Storage is closer to Dropbox or Google Drive where the owner is technically the bucket, Should you want to track who the owner is, you can however use the metadata 

var newMetadata = {
  customMetadata : {
      'owner': auth().currentUser.uid
      }
};
storageItemReference.updateMetadata(newMetadata)
  .then((metadata) => {
    // Updated metadata for your storage item is returned in the Promise
  }).catch((error) => {
    // Uh-oh, an error occurred!
  });

If you are finding that users are able to delete storage when they shouldn't, You can also control this behavior from Security Rules

service firebase.storage {
  match /b/{bucket}/o {
    // A read rule can be divided into read and list rules
    match /images/{imageId} {
      // Applies to single document read requests
      allow get: if <condition>;
      // Applies to list and listAll requests (Rules Version 2)
      allow list: if <condition>;

    // A write rule can be divided into create, update, and delete rules
    match /images/{imageId} {
      // Applies to writes to nonexistent files
      allow create: if <condition>;

      // Applies to updates to file metadata
      allow update: if <condition>;

      // Applies to delete operations
      allow delete: if <condition>;
    }
  }
 }
}

Source: https://firebase.google.com/docs/storage/security/core-syntax

solution3
 1 ACCPTED  2021-08-16 23:39:20

For Google Cloud Storage, the equivalent of uploading an object with the x-amz-acl=bucket-owner-full-control is to upload an object with the x-goog-acl=bucket-owner-full-control header. Switching the amz to goog works for most headers. There's a translation table of S3 to GCS headers.

In addition, if you're looking to make sure that all objects in a bucket are accessible by only the bucket owner, you may find it more convenient to use Uniform Bucket Level Access . Once enabled, individual object ownership within the bucket no longer exists, and you no longer need to specify that header with each upload.

You can enable Uniform Bucket Level Access from the UI, the API, or via this command: gsutil uniformbucketlevelaccess set on gs://BUCKET_NAME

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Equivalent of AWS Athena over s3 AWS S3 ACL Permissions How to stream Azure Blob to AWS S3? Migrate s3 data to google cloud storage What is the Azure equivalent of GCP's Cloud Run? S3 Bucket without ACL - No permission Can we upload files to AWS S3 and Google Cloud Storage simultaneously using CarrierWave gem? Copy Data From Azure Blob Storage to AWS S3 Exporting data from Google Cloud Storage to Amazon S3 Configuring AWS S3 Frontend and Lightsail API on Google Domains
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM