Using google cloud storage Api (json or xml, preferably json) is there a way to set the ACLs for all objects in a bucket? I know it is possible to get a list of objects and then iterate and set the ACL for each object individually, but surely there is an easier way. I know with gsutil your can use setacl -R to setacl on entire bucket. How about with the API?? I'm working in Java appengine, but can also use the restful api of course. Any help would be great!
2
votes
How about setting the default object ACL on the bucket, so that new objects will automatically get the ACL?
- jterrace
I want to be able to change existing objects. Setting the default acl is usefull, but it will not do what I need in this case. I need to change all existing objects.
- Patrick
Why not just use gsutil then? Is this a one-time operation or do you need to do this often?
- jterrace
This is an ongoing need. Basically I have different groups within my app and want a bucket for each group. I need to update the ACLs as members join/leave the group. So manually using gsutil is not an option.
- Patrick
If you want to adjust ACLs as members join/leave the group, please consider using a group grant for your objects. That way you only need to update once (in the group mamagement page), and it affects all objects.
- Mike Schwartz
1 Answers
5
votes
Existing object ACLs are orthogonal to bucket acls. In order to change the acls for all the objects in a bucket you need to do one of the following:
- List all the objects in the bucket and update each object's acl
- Take a look at batch requests - https://developers.google.com/api-client-library/python/guide/batch
- Use a GroupByEmail or GroupByDomain grant - https://developers.google.com/storage/docs/accesscontrol
- Add/remove people from your project team - https://developers.google.com/storage/docs/projects
You can change the membership of your group and team without having to go back and update all your objects.
