Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Migration from 1.3.1 to 2.0.1 breaks public permissions with Google Cloud Storage #2426

Closed
nerf-qh opened this issue Sep 26, 2019 · 2 comments · Fixed by #2525
Closed

Migration from 1.3.1 to 2.0.1 breaks public permissions with Google Cloud Storage #2426

nerf-qh opened this issue Sep 26, 2019 · 2 comments · Fixed by #2525

Comments

@nerf-qh
Copy link

nerf-qh commented Sep 26, 2019

After migration from 1.3.1 to 2.0.1 public permissions per object get
ruby 2.6.4
carrierwave 2.0.1
fog-core 2.1.0
fog-google 1.9.1

example
https://github.com/nerf-qh/carrierwave_update

Config

creds = {
  provider: 'Google',
  google_project: ENV['GCS_PROJECT'],
  google_json_key_string: ENV['GCS_AUTH']
}

CarrierWave.configure do |config|
  config.fog_credentials = creds
  config.fog_directory  = ENV['GCS_BUCKET']
  config.fog_public     = true
  config.storage = :fog
end

The initial file is public, but in the copy_to method this option is lost
https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/storage/fog.rb#L444-L446

The same happens if you just copy files
https://gist.github.com/nerf-qh/2606513f42e3be169e52cac4ca72f5ce
@yosiat
Copy link
Contributor

yosiat commented Jul 29, 2020

Getting the same issue, when upgrading carrierwave.

We noticed the difference is that:

  • old carrierwave gave this ACL:
  {
    "entity": "allUsers",
    "role": "READER"
  }
  • new carrierwave don't give this ACL and this is the only reader role it gives (replaced values):
  {
    "entity": "XXXXX",
    "projectTeam": {
      "projectNumber": "XXXXX",
      "team": "viewers"
    },
    "role": "READER"
  },

This is a major issue when upgrading carrierwave.

@yosiat
Copy link
Contributor

yosiat commented Sep 29, 2020

Did investigation of the issue and as written here it happens because of copy_object (which I think happens because of - #2136)

I opened an issue to ask fog-google on how to pass auth query parameters so we can pass it from carrierwave - fog/fog-google#505

yosiat added a commit to yosiat/carrierwave that referenced this issue Dec 30, 2020
@yosiat
GCS: pass acl_header for public read if fog is public
92a69de 
If not done, uploading a file via carrierwave with fog_public will return access denied.

Closes carrierwaveuploader#2426
@yosiat yosiat mentioned this issue Dec 30, 2020
Merged
This was referenced Mar 11, 2021
Merged
Closed
joemsak pushed a commit to Kadenze/carrierwave that referenced this issue Mar 27, 2021
@yosiat @joemsak
GCS: pass acl_header for public read if fog is public
bba8b0f 
If not done, uploading a file via carrierwave with fog_public will return access denied.

Closes carrierwaveuploader#2426
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

GCS: pass acl_header for public read if fog is public yosiat/carrierwave
2 participants
@yosiat @nerf-qh