Closed mullenkamp closed 5 months ago
You can use a key restricted to a bucket - in this case b2 account authorize
will pre-fill the bucket id-to-name cache and you shouldn't need list_buckets
Thanks for the reply. But it's still unclear when (and how) that cache gets updated with the bucket id and bucket name.
Following the tutorial (with real keys of course):
from b2sdk.v2 import InMemoryAccountInfo, B2Api
info = B2Api.InMemoryAccountInfo()
b2_api = B2Api.B2Api(info)
b2_api.authorize_account("production", 'fake_key_id', 'fake_key')
bucket = b2_api.get_bucket_by_id('fake_bucket_id')
The last line fails with an Unauthorized: unauthorized for application key with capabilities
error.
Is there a step I'm missing?
The key that I'm using has read and write access to the files.
Thanks again
Seems the source of your problem to be in: https://github.com/Backblaze/b2-sdk-python/blob/aaf8569b81eb303c1619efb95e22b017a3ed01f9/b2sdk/_internal/session.py#L74-L79 I have to look more into this behavior, as my first instinct would be to change it, but we have a strong non-breaking changes policy.
In short, if AccountInfo is manually passed, then cache object is not automagically created for API and it is to expected to be passed in, explicitly, as you did with AccountInfo, i.e.
from b2sdk.v2 import B2Api, InMemoryAccountInfo, InMemoryCache
info = InMemoryAccountInfo()
b2_api = B2Api(
info,
cache=InMemoryCache() # Without this line Bucket-specific Key with only readFiles capability won't work
)
Thank you very much @ppolewicz , your solution does seem to work and I understand what's going on. Maybe a brief mention of this in the docs would be helpful, because the tutorial only uses the InMemoryAccountInfo as I described. Thanks again
To avoid breaking changes, the change was made to yet not stable b2sdk._v3
interface, while b2sdk.v2
stays as it was, but fixed documentation of to recommend:
from b2sdk.v2 import B2Api, InMemoryAccountInfo, AuthInfoCache
info = InMemoryAccountInfo()
b2_api = B2Api(
info,
cache=AuthInfoCache(info)
)
where as in b2sdk.v3
the manual creation of AuthInfoCache
won't be required to attain the exactly same effect (i.e. having a working bucket cache).
Hi,
I just started testing the b2sdk and realised that downloads and uploads (other than download_file_by_id) require the listBuckets permission. This is because get_bucket_by_name (or get_bucket_by_id) must be called to create a bucket object, and this request makes a list_buckets request. Is there a way around the list_buckets request, because this seems like an unnecessary extra permission to download and upload files?
Thanks