Thank you Kota, by setting content type in the boto call I got the policy
to work.
...
prp_json = json.dumps(public_read_policy)
bucket.set_policy(prp_json, headers={'Content-Type': 'application/json'})
...
Setting read-public acl on the buckets would not work for me because that
only allows the bucket to be listed, and not each object to be read. But
the policy works to give all objects in the bucket public read access.
On Tue, Oct 14, 2014 at 12:57 AM, Kota Uenishi <k...@basho.com> wrote:
> How about setting read-public acl to buckets instead of setting it each
> object?
>
> BTW that seems valid JSON, or did you correctly put 'application/json'
> as content-type when you put the policy?
>
> On Tue, Oct 14, 2014 at 5:19 AM, Michael Grauer
> <michael.gra...@kitware.com> wrote:
> > Thanks Ali.
> >
> > I now am having a permissions issue it seems in accessing the objects.
> >
> > I try to curl the object
> >
> >
> http://10.x.x.x/test-bucket/pointclouds/4f55ed40ca08aeb57bf19257aa6601e85436ff0684aa2/static/metadata.ini
> >
> > and I get
> >
> > <?xml version="1.0"
> > encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access
> >
> Denied</Message><Resource>/test-bucket/pointclouds/4f55ed40ca08aeb57bf19257aa6601e85436ff0684aa2/static/metadata.ini</Resource><RequestId></RequestId></Error>
> >
> >
> > When I request the ACL for this bucket from boto I get:
> >
> > <Policy: http://acs.amazonaws.com/groups/global/AllUsers = READ,
> > michael.grauer (owner) = FULL_CONTROL>
> >
> > I would like to not have to set ACLs on each object in my bucket, as I
> > expect a large number of objects. I tried to set a bucket policy like
> this:
> >
> > {
> > "Version":"2008-10-17",
> > "Statement":[{
> > "Sid":"AllowPublicRead",
> > "Effect":"Allow",
> > "Principal": {
> > "AWS": "*"
> > },
> > "Action":["s3:GetObject"],
> > "Resource":["arn:aws:s3:::test-bucket/*"
> > ]
> > }
> > ]
> > }
> >
> >
> >
> > But this was not accepted by boto or s3cmd . boto told me
> > boto.exception.S3ResponseError: S3ResponseError: 415 Unsupported Media
> Type
> > , but there weren't any errors that I could see in the riak-cs logs.
> >
> > Can anyone point the way?
> >
> >
> > Thanks again
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Oct 13, 2014 at 2:53 PM, Ali Nikkhah <ali.nikk...@datasphere.com
> >
> > wrote:
> >>
> >> Hi Mike,
> >>
> >> You are trying to resolve a domain name 'test-bucket.10.x.x.x,' which is
> >> invalid. This is the part that is incorrect. There are a couple options:
> >>
> >> 0) You should be able to access the bucket by using
> >> http://ip/bucket-name, like:
> >>
> >> http://10.x.x.x/test-bucket/my_key_path
> >>
> >> 1) For easier public access, you can then set up a resolvable domain
> >> name in your DNS configuration for the bucket, i.e. add a dns entry
> >> like:
> >>
> >> test-bucket.<yourdomain>.com
> >>
> >> pointing to the riak-cs proxy ip. As long as your proxy is set up
> >> properly, you should then be able to access the object using:
> >>
> >> http://test-bucket.<yourdomain>.com/my_key_path
> >>
> >>
> >>
> >> -Ali
> >>
> >>
> >> On Mon, 2014-10-13 at 14:11 -0400, Michael Grauer wrote:
> >> > Hi,
> >> >
> >> >
> >> > I'm very new to Riak-CS, and am investigating using it as a standin
> >> > for S3. I'd like to have a url that allows an anonymous
> >> > (unauthenticated) user to download an object from a bucket.
> >> >
> >> >
> >> > Riak 2.0.0-1
> >> > Riak CS 1.5.0-1
> >> > Stanchion 1.5.0-1
> >> > Ubuntu 14.04
> >> >
> >> >
> >> > I have test-bucket set up, and can connect to it, and upload and
> >> > download a file there all using an authenticated user that owns the
> >> > bucket, via boto.
> >> >
> >> >
> >> > My Riak CS is running as 10.x.x.x , the internal IP of my AWS
> >> > instance, and proxied behind nginx.
> >> >
> >> >
> >> > When I try to curl
> >> >
> >> >
> >> > curl -v http://test-bucket.10.x.x.x/my_key_path
> >> >
> >> >
> >> > I'm getting "could not resolve host: test-bucket.10.x.x.x"
> >> >
> >> >
> >> > My configuration is incorrect, but I'm uncertain of how to fix it.
> >> >
> >> >
> >> > Any help is appreciated!
> >> >
> >> >
> >> > Thanks,
> >> > Mike
> >> > _______________________________________________
> >> > riak-users mailing list
> >> > riak-users@lists.basho.com
> >> > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
> >>
> >>
> >>
> >
> >
> > _______________________________________________
> > riak-users mailing list
> > riak-users@lists.basho.com
> > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
> >
>
>
>
> --
> Kota UENISHI / @kuenishi
> Basho Japan KK
>
_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
