I am trying to figure out how exactly is the authorization-string for IBM Cloud object storage created. I do have an accessKeyId and accessKeySecret.
I am able to connect to the bucket using cyberDuck. But need to manage the objects using Java and Rest APIs.
Any pointers ?
Found the signature generation sample for java(and others) here : https://console.bluemix.net/docs/services/cloud-object-storage/hmac/hmac-signature.html#java-example
Additional info : S3 admin can set the authorization from AWS Signature to a BASE64 auth as well.
Related
I have already a code to retrieve the objects in the bucket using oci-java-sdk and this is working as expected. I would like to retrieve the URL of the file which was uploaded to the bucket in object storage and when I use this URL, this should redirect to the actual location without asking any credentials.
I saw preauthenticated requests but again i need to create one more request. I dont want to send one more request and want to get URL in the existing GetObjectResponse.
Any suggestions>
Thanks,
js
The URL of an object is not returned from the API but can be built using information you know (See Update Below!). The pattern is:
https://{api_endpoint}/n/{namespace_name}/b/{bucket_name}/o/{object_name}
Accessing that URL will (generally, see below) require authentication. Our authentication mechanism is described at:
https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm
Authentication is NOT required if you configure the bucket as a Public Bucket.
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/managingbuckets.htm?TocPath=Services%7CObject%20Storage%7C_____2#publicbuckets
As you mentioned, Pre-authenticated Requests (PARs) are an option. They are generally used in this situation, and they work well.
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/usingpreauthenticatedrequests.htm
Strictly speaking, it is also possible to use our Amazon S3 Compatible API...
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/s3compatibleapi.htm
...and S3's presigned URLs to generate (without involving the API) a URL that will work without additional authentication.
https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html
Update: A teammate pointed out that the OCI SDK for Java now includes a getEndpoint method that can be used to get the hostname needed when querying the Object Storage API. https://docs.cloud.oracle.com/en-us/iaas/tools/java/1.25.3/com/oracle/bmc/objectstorage/ObjectStorage.html#getEndpoint--
Can anyone comment on if it should be possible to use rclone's swift support to access buckets in OCI object storage (new OCI, not classic).
I'm interested in it because S3 compatibility mode is limited to a single designated compartment and I'd like to be able to use rclone with any bucket in my tenancy.
I know that for public buckets there is still a swift style URL. The 3 functional URLs styles seem to be:
Native: https://objectstorage.{region}.oraclecloud.com/n/{object-storage-namespace}/b/{bucket}/o/{filename}
Swift: https://swiftobjectstorage.{region}.oraclecloud.com/v1/{object-storage-namespace}/{bucket}/{filename}
S3: https://{object-storage-namespace}.compat.objectstorage..oraclecloud.com/{bucket}/{filename}
https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/managingcredentials.htm talks a little bit about Swift password (Auth Tokens) and you can create one in the console.
But I can't find anything about what the auth URL would be for the non-classic version of object storage. And storage_url with a auth_token doesn't seem to work either.
Using -vvvv doesn't show anything more than 401 Unauthorized.
I'm interested in it because S3 compatibility mode is limited to a single designated compartment and I'd like to be able to use rclone with any bucket in my tenancy.
The designated compartment only controls where buckets created via that protocol (S3 or Swift) are placed. The designated compartment does not affect authorization. Authorization is controlled by the relevant IAM policies.
But I can't find anything about what the auth URL would be for the non-classic version of object storage. And storage_url with a auth_token doesn't seem to work either.
The new/current OCI Object Storage does not support auth URLs. You must use HTTP basic-style auth with Swift on OCI. It does not seem that rclone supports HTTP basic auth with swift directly (it is possible to create the basic auth header yourself and have rclone send it).
All that said, using rclone with s3 is the best approach for OCI Object Storage. Ensure you set the "region" option to the correct region name like "us-phoenix-1" and you should be good.
Thanks!
I want to create pre-authenticated request for an object inside a bucket in the OCI object storage using python SDK. I found out that I can use get_preauthenticated_request for the bucket to put objects inside the bucket but not to get the objects pre-authenticated. I can create a pre-authenticated request using the OCI console but I need to do it in a python script. can anybody help me in this issue?
You can use create_preauthenticated_request (see code) for both buckets and individual objects.
The difference is in the access type:
ANY_OBJECT_WRITE is for the whole bucket
OBJECT_READ, OBJECT_READ_WRITE and OBJECT_WRITE are for objects
So you should be able to create a Pre-Authenticated Request with something like
request_details = create_preauthenticated_request_details()
request_details.access_type("ObjectReadWrite")
par = create_preauthenticated_request("namespace", "bucket", request_details)
You can find more on the request details here and for the request itself here.
Let me know if this works for you, I don't have an account to test against at the moment.
I know how to do it for views, for example:
http://127.0.0.1:8092/<my_bucket>/_design/all/_view/all?full_set=true&key=<my_document_key>&connection_timeout=60000
And I tried:
http://127.0.0.1:8091/contacts/hello
(after creating via the UI a document with the key hello).
And the response was "Not Found."
What am I doing wrong?
Thanks,
Michael
There is no REST API for retrieving documents by key. You can either write your own thin service layer that uses the client SDK internally, or as of Couchbase 4.0, use the N1QL REST API to get the document through a query by key:
SELECT * FROM bucket USE KEYS [docId];
You can read about using the N1QL service endpoint here: http://developer.couchbase.com/documentation/server/4.1/n1ql/n1ql-rest-api/index.html
(Edit: Changed N1QL syntax to actually work. Thanks Gerald.)
In following way we can access couchbase document
Syntax:
hostname:8091/pools/default/buckets/{bucketname}/docs/{docid}
http://localhost:8091/pools/default/buckets/Aggregation/docs/AvgSumAssuredByProduct
Where
To access bucket related, use api: http://localhost:8091/pools/default/buckets/
Bucket Name: Aggregation
docid : AvgSumAssuredByProduct
If you want to use it for development purpose then you can use CLI or admin console (UI).
In production you should ALWAYS use language specific client SDK. Couchbase SDKs are intelligent as they have details about cluster map. Client knows before hand about which node should be used for CRUD operation.
How can I call MiSys Equation API from BizTalk or .NET?
Equation is a banking system hosted on ISeries AS/400 server.
is the Host Integration server way to go?
we need to use IBM iSeries Access for window for this.
just wrote a blog post on this
http://usmanshaheen.wordpress.com/2010/04/14/invoke-misys-equation-api-from-net/
You need to Call the API Program from .net,Java,VB Program thru Remote call or using MQ .
How you are looking for ?