CLOUDSTACK-3030: Object_Store_Refactor - Download template from S3

should not set template to public-readable.

plugins/storage/image/s3/src/org/apache/cloudstack/storage/datastore/driver/S3ImageStoreDriverImpl.java

@@ -18,6 +18,8 @@
  */
 package org.apache.cloudstack.storage.datastore.driver;
 
+import java.net.URL;
+import java.util.Date;
 import java.util.Map;
 import javax.inject.Inject;
 
@@ -28,14 +30,12 @@ import org.apache.cloudstack.storage.image.BaseImageStoreDriverImpl;
 import org.apache.cloudstack.storage.image.store.ImageStoreImpl;
 import org.apache.log4j.Logger;
 
-import com.amazonaws.services.s3.model.CannedAccessControlList;
 import com.cloud.agent.api.to.DataStoreTO;
 import com.cloud.agent.api.to.S3TO;
 import com.cloud.configuration.Config;
 import com.cloud.configuration.dao.ConfigurationDao;
 import com.cloud.storage.Storage.ImageFormat;
 import com.cloud.utils.S3Utils;
-import com.cloud.utils.exception.CloudRuntimeException;
 
 public class S3ImageStoreDriverImpl extends  BaseImageStoreDriverImpl {
     private static final Logger s_logger = Logger.getLogger(S3ImageStoreDriverImpl.class);
@@ -74,20 +74,17 @@ public class S3ImageStoreDriverImpl extends  BaseImageStoreDriverImpl {
         // make the url accessible
         S3TO s3 = (S3TO)getStoreTO(store);
         String key = installPath;
-        try {
-            S3Utils.setObjectAcl(s3, s3.getBucketName(), key, CannedAccessControlList.PublicRead);
-        } catch (Exception ex) {
-            s_logger.error("Failed to set ACL on S3 object " + key + " to PUBLIC_READ", ex);
-            throw new CloudRuntimeException("Failed to set ACL on S3 object " + key + " to PUBLIC_READ");
-        }
-        // construct the url from s3
-        StringBuffer s3url = new StringBuffer();
-        s3url.append(s3.isHttps() ? "https://" : "http://");
-        s3url.append(s3.getEndPoint());
-        s3url.append("/");
-        s3url.append(s3.getBucketName());
-        s3url.append("/");
-        s3url.append(key);
+
+        s_logger.info("Generating pre-signed s3 entity extraction URL.");
+        Date expiration = new Date();
+        long milliSeconds = expiration.getTime();
+        milliSeconds += 1000 * 60 * 60; // expired after one hour.
+        expiration.setTime(milliSeconds);
+
+        URL s3url = S3Utils.generatePresignedUrl(s3, s3.getBucketName(), key, expiration);
+
+        s_logger.info("Pre-Signed URL = " + s3url.toString());
+
         return s3url.toString();
     }
 

utils/src/com/cloud/utils/S3Utils.java

@@ -38,7 +38,9 @@ import java.io.FileNotFoundException;
 import java.io.FilenameFilter;
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.URL;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.List;
 import java.util.UUID;
 
@@ -47,6 +49,7 @@ import org.apache.log4j.Logger;
 
 import com.amazonaws.AmazonClientException;
 import com.amazonaws.ClientConfiguration;
+import com.amazonaws.HttpMethod;
 import com.amazonaws.auth.AWSCredentials;
 import com.amazonaws.auth.BasicAWSCredentials;
 import com.amazonaws.services.s3.AmazonS3;
@@ -178,6 +181,17 @@ public final class S3Utils {
 
     }
 
+    public static URL generatePresignedUrl(final ClientOptions clientOptions, final String bucketName, final String key,
+            final Date expiration) {
+
+        assert clientOptions != null;
+        assert !isBlank(bucketName);
+        assert !isBlank(key);
+
+        return acquireClient(clientOptions).generatePresignedUrl(bucketName, key, expiration, HttpMethod.GET);
+
+    }
+
     // Note that whenever S3Object is returned, client code needs to close the internal stream to avoid resource leak.
     public static S3Object getObject(final ClientOptions clientOptions,
             final String bucketName, final String key) {