I generate an access grant for my personal machine with all permissions (RWLD). I am trying to create a short term access credential for S3 compatibility.
When I run this command, I receive a “Error: permission is empty”.
uplink share --writeonly --register sj://[bucket_name]/[folder]
However, when I run, everything works as expected.
uplink share --readonly=true --register sj://[bucket_name]/[folder]
What am I doing wrong? Also, is this command available in the Python bindings? I couldn’t figure out how to generate the S3 access in the Python bindings.
Regarding Python bindings, our dev has confirmed that they have the functionality that uplink-c exposed in 1.2.2 - so we do not expect S3 functions to be available.
I’d like to make a product feature request for this. Could it please get prioritized? It would save me a lot of workarounds to have that feature.
If I don’t have that feature, I would need to have my code call into bash to run the Storj CLI directly and issue tokens. From there I would need to parse the response back in my code. Lots of room for error.
Is there any feedback on my core issue of the access grant permissions?
The explanation of such a behavior - the uplink share command generates read-only grants by default, thus specifying the --writeonly option will extends the default --readonly=true option with the --writeonly=true option, thus by binary logic it results to no permissions at all. So you need to disable the read-only flag and enable write-only flag. Please, note - it will produce:
Just some more technical details: Generate S3 access with an existing grant is easy, it’s just an HTTP call to the authservice.
Creating a new grant with restricting an existing one is slightly more complex, the existing api key should be parsed, and more restriction should be added.
I agree with the feature request, it would be great to include. But in case you would like to implement it your own, just let me know. I can find the exact details of parsing the grant/macaroon… The only tricky part is the marshall/unmarshall IMHO, after that the signatures are based on standard APIs…
I don’t plan on implementing it myself. Unfortunately, I have a growing list of developer workarounds in Storj I have to implement already.
While I wouldn’t mind skipping the S3 altogether, the Storj Swift bindings don’t work for iOS (Ticket). I used the AWSS3 client library because it has a good tutorials and integration for things like upload status and pausing. Also S3 gives me some degree of portability in case there are other issues.
I just need this to work in iOS for my application! Although I am planning to upgrade machines in the next few months to the new MacBook Pro, so support on M1 would be nice to have.