forked from TrueCloudLab/rclone
b2: Support Application Keys - fixes #2428
This supports B2 application keys limited to a bucket by making sure we only list the buckets of the bucket ID that the key is limited to.
This commit is contained in:
parent
ffd11662ba
commit
a119ca9f10
3 changed files with 42 additions and 12 deletions
|
@ -31,11 +31,6 @@ func (e *Error) Fatal() bool {
|
||||||
|
|
||||||
var _ fserrors.Fataler = (*Error)(nil)
|
var _ fserrors.Fataler = (*Error)(nil)
|
||||||
|
|
||||||
// Account describes a B2 account
|
|
||||||
type Account struct {
|
|
||||||
ID string `json:"accountId"` // The identifier for the account.
|
|
||||||
}
|
|
||||||
|
|
||||||
// Bucket describes a B2 bucket
|
// Bucket describes a B2 bucket
|
||||||
type Bucket struct {
|
type Bucket struct {
|
||||||
ID string `json:"bucketId"`
|
ID string `json:"bucketId"`
|
||||||
|
@ -137,10 +132,26 @@ type File struct {
|
||||||
|
|
||||||
// AuthorizeAccountResponse is as returned from the b2_authorize_account call
|
// AuthorizeAccountResponse is as returned from the b2_authorize_account call
|
||||||
type AuthorizeAccountResponse struct {
|
type AuthorizeAccountResponse struct {
|
||||||
|
AbsoluteMinimumPartSize int `json:"absoluteMinimumPartSize"` // The smallest possible size of a part of a large file.
|
||||||
AccountID string `json:"accountId"` // The identifier for the account.
|
AccountID string `json:"accountId"` // The identifier for the account.
|
||||||
AuthorizationToken string `json:"authorizationToken"` // An authorization token to use with all calls, other than b2_authorize_account, that need an Authorization header.
|
Allowed struct { // An object (see below) containing the capabilities of this auth token, and any restrictions on using it.
|
||||||
|
BucketID string `json:"bucketId"` // When present, access is restricted to one bucket.
|
||||||
|
Capabilities []string `json:"capabilities"` // A list of strings, each one naming a capability the key has.
|
||||||
|
NamePrefix interface{} `json:"namePrefix"` // When present, access is restricted to files whose names start with the prefix
|
||||||
|
} `json:"allowed"`
|
||||||
APIURL string `json:"apiUrl"` // The base URL to use for all API calls except for uploading and downloading files.
|
APIURL string `json:"apiUrl"` // The base URL to use for all API calls except for uploading and downloading files.
|
||||||
|
AuthorizationToken string `json:"authorizationToken"` // An authorization token to use with all calls, other than b2_authorize_account, that need an Authorization header.
|
||||||
DownloadURL string `json:"downloadUrl"` // The base URL to use for downloading files.
|
DownloadURL string `json:"downloadUrl"` // The base URL to use for downloading files.
|
||||||
|
MinimumPartSize int `json:"minimumPartSize"` // DEPRECATED: This field will always have the same value as recommendedPartSize. Use recommendedPartSize instead.
|
||||||
|
RecommendedPartSize int `json:"recommendedPartSize"` // The recommended size for each part of a large file. We recommend using this part size for optimal upload performance.
|
||||||
|
}
|
||||||
|
|
||||||
|
// ListBucketsRequest is parameters for b2_list_buckets call
|
||||||
|
type ListBucketsRequest struct {
|
||||||
|
AccountID string `json:"accountId"` // The identifier for the account.
|
||||||
|
BucketID string `json:"bucketId,omitempty"` // When specified, the result will be a list containing just this bucket.
|
||||||
|
BucketName string `json:"bucketName,omitempty"` // When specified, the result will be a list containing just this bucket.
|
||||||
|
BucketTypes []string `json:"bucketTypes,omitempty"` // If present, B2 will use it as a filter for bucket types returned in the list buckets response.
|
||||||
}
|
}
|
||||||
|
|
||||||
// ListBucketsResponse is as returned from the b2_list_buckets call
|
// ListBucketsResponse is as returned from the b2_list_buckets call
|
||||||
|
|
|
@ -66,7 +66,7 @@ func init() {
|
||||||
NewFs: NewFs,
|
NewFs: NewFs,
|
||||||
Options: []fs.Option{{
|
Options: []fs.Option{{
|
||||||
Name: "account",
|
Name: "account",
|
||||||
Help: "Account ID",
|
Help: "Account ID or Application Key ID",
|
||||||
Required: true,
|
Required: true,
|
||||||
}, {
|
}, {
|
||||||
Name: "key",
|
Name: "key",
|
||||||
|
@ -691,7 +691,11 @@ type listBucketFn func(*api.Bucket) error
|
||||||
|
|
||||||
// listBucketsToFn lists the buckets to the function supplied
|
// listBucketsToFn lists the buckets to the function supplied
|
||||||
func (f *Fs) listBucketsToFn(fn listBucketFn) error {
|
func (f *Fs) listBucketsToFn(fn listBucketFn) error {
|
||||||
var account = api.Account{ID: f.info.AccountID}
|
var account = api.ListBucketsRequest{
|
||||||
|
AccountID: f.info.AccountID,
|
||||||
|
BucketID: f.info.Allowed.BucketID,
|
||||||
|
}
|
||||||
|
|
||||||
var response api.ListBucketsResponse
|
var response api.ListBucketsResponse
|
||||||
opts := rest.Opts{
|
opts := rest.Opts{
|
||||||
Method: "POST",
|
Method: "POST",
|
||||||
|
|
|
@ -55,7 +55,7 @@ Choose a number from below, or type in your own value
|
||||||
13 / Yandex Disk
|
13 / Yandex Disk
|
||||||
\ "yandex"
|
\ "yandex"
|
||||||
Storage> 3
|
Storage> 3
|
||||||
Account ID
|
Account ID or Application Key ID
|
||||||
account> 123456789abc
|
account> 123456789abc
|
||||||
Application Key
|
Application Key
|
||||||
key> 0123456789abcdef0123456789abcdef0123456789
|
key> 0123456789abcdef0123456789abcdef0123456789
|
||||||
|
@ -93,6 +93,21 @@ excess files in the bucket.
|
||||||
|
|
||||||
rclone sync /home/local/directory remote:bucket
|
rclone sync /home/local/directory remote:bucket
|
||||||
|
|
||||||
|
### Application Keys ###
|
||||||
|
|
||||||
|
B2 supports multiple [Application Keys for different access permission
|
||||||
|
to B2 Buckets](https://www.backblaze.com/b2/docs/application_keys.html).
|
||||||
|
|
||||||
|
You can use these with rclone too.
|
||||||
|
|
||||||
|
Follow Backblaze's docs to create an Application Key with the required
|
||||||
|
permission and add the `Application Key ID` as the `account` and the
|
||||||
|
`Application Key` itself as the `key`.
|
||||||
|
|
||||||
|
Note that you must put the Application Key ID as the `account` - you
|
||||||
|
can't use the master Account ID. If you try then B2 will return 401
|
||||||
|
errors.
|
||||||
|
|
||||||
### --fast-list ###
|
### --fast-list ###
|
||||||
|
|
||||||
This remote supports `--fast-list` which allows you to use fewer
|
This remote supports `--fast-list` which allows you to use fewer
|
||||||
|
|
Loading…
Reference in a new issue