s3proxy icon indicating copy to clipboard operation
s3proxy copied to clipboard
verified publisher icon gaul

Backblaze Application Keys

Open lqbombjack opened this issue 6 years ago • 9 comments

Is it possible to add support for Application Keys which was added in v2 of the Backblze api?

Rather than having to use the main account's master id?

lqbombjack avatar May 07 '19 15:05 lqbombjack

What happens when you use S3Proxy with an application key today? Reading through the docs it is not obvious if anything needs to be done to support it:

https://www.backblaze.com/b2/docs/application_keys.html

gaul avatar May 08 '19 10:05 gaul

I work for Backblaze and I wanted to chime in here and explain, how I understand, the authorize call works with B2.

When using the Master Key, the Key ID and the Account ID are the same. However, when using Application Keys, the Key ID of the application key is not the same as the account ID. The account ID is what is needed to make certain calls such as bucket operations.

The response of the b2_authorize_account contains the account ID.

If you look at the b2_list_buckets endpoint, it takes in an account ID. This Account ID is returned in the authorize call.

Looking at the source code, It seems that the account ID is being pulled from the credentials that the user entered versus the response from the authorize call.

Can you please confirm if this is indeed the case?

ecarneiro avatar Oct 03 '19 20:10 ecarneiro

@nilayp - Adding Nilay for Visibility.

ecarneiro avatar Oct 03 '19 21:10 ecarneiro

Again, does anything need to be done to support applications keys beyond what already exists? You can trace through the jclouds code AuthorizationApi and RequestAuthorization to see the call to b2_authorize_account and use of the Authorization header. It would help if one of you can test this and share any symptoms.

gaul avatar Oct 03 '19 21:10 gaul

Yes. You need to pull the account ID from the response of the authorize call rather than use the account ID from what is passed in to authenticate the user.

If you look at the bucketsAPI class - https://github.com/apache/jclouds/blob/master/providers/b2/src/main/java/org/jclouds/b2/features/BucketApi.java - you will see that the account ID is pulled from : @PayloadParams(keys = {"accountId"}, values = {"{jclouds.identity}"})

This should actually be pulled from the Authorization response. https://github.com/apache/jclouds/blob/master/providers/b2/src/main/java/org/jclouds/b2/domain/Authorization.java

ecarneiro avatar Oct 03 '19 22:10 ecarneiro

This makes sense. It seems that you will need a custom MapBinder to insert a dynamic value from Authorization. Could you open a JIRA ticket and a pull request against jclouds? The project plans a release next week so if you hurry it can include your fix.

gaul avatar Oct 03 '19 23:10 gaul

I am going to move this ticket to JClouds repo as I am not able to develop this. Hopefully someone from the community can contribute and fix this.

ecarneiro avatar Oct 08 '19 20:10 ecarneiro

+1 on this even though it's a JClouds issue Looks like ecarneiro did open a JIRA against JClouds. Here it is for reference: https://issues.apache.org/jira/projects/JCLOUDS/issues/JCLOUDS-1519?filter=allopenissues

kernworks avatar Oct 28 '19 15:10 kernworks

@gaul

Hi, I submitted a fix to the jclouds repository https://github.com/apache/jclouds/pull/190

I tested my fix with s3proxy, and it works beautifully with application keys now! Hopefully a future release of s3proxy will be able to include this updated fix!

davidsenk avatar Jan 30 '24 07:01 davidsenk

Addressed by S3Proxy 2.2.0.

gaul avatar Apr 01 '24 00:04 gaul