Open ccancellieri opened 3 years ago
We typically try to avoid transferring through CKAN when possible, because CKAN installs are typically not configured for a bunch of long-running processes dishing out downloads - it's not async. Not to mention the bandwith. Having a fallback is an a-okay idea, but the way you really want to solve this for google cloud is the same way we solve it for AWS S3 - Signed URLs. See https://cloud.google.com/storage/docs/access-control/signed-urls.
This allows you to keep your bucket private by default, do permission checks with CKAN, return a temporary URL with a cryptographic value attached to it, and allow the user to download the file directly from GCP without proxying.
Thanks @TkTech yes I know but having a quick alternative is better than nothing ;)
Thank you also for that link, I've seen als that approach but, if possible, I really don't want to implement it for a specific driver only (f.e.: google).
be sure, we need this driver working in production soon over google so, I'll try soon to add also that support in another pull request on this plugin and possibly directly into apache-libcloud.
Thanks
Let me reshape and split the two so you can selectively merge: #49 and #51 I'll come later with an ad hoc support for temp-signed-url feature for google buckets following your guidance .
@TkTech Just splitted (as you may have seen) and added the patch to the specific google support branch to provide signed private url from google and installation procedure.
Tested it works well.
How it looks now?
Thanks for your comments
may fix:
Apologizing mixing both but it 'solve' all the above.
Comments? :)