diff --git a/plugins/storage/image/s3/src/org/apache/cloudstack/storage/datastore/driver/S3ImageStoreDriverImpl.java b/plugins/storage/image/s3/src/org/apache/cloudstack/storage/datastore/driver/S3ImageStoreDriverImpl.java index 850c42b96a9..85547ff2e6f 100644 --- a/plugins/storage/image/s3/src/org/apache/cloudstack/storage/datastore/driver/S3ImageStoreDriverImpl.java +++ b/plugins/storage/image/s3/src/org/apache/cloudstack/storage/datastore/driver/S3ImageStoreDriverImpl.java @@ -18,6 +18,8 @@ */ package org.apache.cloudstack.storage.datastore.driver; +import java.net.URL; +import java.util.Date; import java.util.Map; import javax.inject.Inject; @@ -28,14 +30,12 @@ import org.apache.cloudstack.storage.image.BaseImageStoreDriverImpl; import org.apache.cloudstack.storage.image.store.ImageStoreImpl; import org.apache.log4j.Logger; -import com.amazonaws.services.s3.model.CannedAccessControlList; import com.cloud.agent.api.to.DataStoreTO; import com.cloud.agent.api.to.S3TO; import com.cloud.configuration.Config; import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.storage.Storage.ImageFormat; import com.cloud.utils.S3Utils; -import com.cloud.utils.exception.CloudRuntimeException; public class S3ImageStoreDriverImpl extends BaseImageStoreDriverImpl { private static final Logger s_logger = Logger.getLogger(S3ImageStoreDriverImpl.class); @@ -74,20 +74,17 @@ public class S3ImageStoreDriverImpl extends BaseImageStoreDriverImpl { // make the url accessible S3TO s3 = (S3TO)getStoreTO(store); String key = installPath; - try { - S3Utils.setObjectAcl(s3, s3.getBucketName(), key, CannedAccessControlList.PublicRead); - } catch (Exception ex) { - s_logger.error("Failed to set ACL on S3 object " + key + " to PUBLIC_READ", ex); - throw new CloudRuntimeException("Failed to set ACL on S3 object " + key + " to PUBLIC_READ"); - } - // construct the url from s3 - StringBuffer s3url = new StringBuffer(); - s3url.append(s3.isHttps() ? "https://" : "http://"); - s3url.append(s3.getEndPoint()); - s3url.append("/"); - s3url.append(s3.getBucketName()); - s3url.append("/"); - s3url.append(key); + + s_logger.info("Generating pre-signed s3 entity extraction URL."); + Date expiration = new Date(); + long milliSeconds = expiration.getTime(); + milliSeconds += 1000 * 60 * 60; // expired after one hour. + expiration.setTime(milliSeconds); + + URL s3url = S3Utils.generatePresignedUrl(s3, s3.getBucketName(), key, expiration); + + s_logger.info("Pre-Signed URL = " + s3url.toString()); + return s3url.toString(); } diff --git a/utils/src/com/cloud/utils/S3Utils.java b/utils/src/com/cloud/utils/S3Utils.java index e7817f5a57c..0a4a4430cd5 100644 --- a/utils/src/com/cloud/utils/S3Utils.java +++ b/utils/src/com/cloud/utils/S3Utils.java @@ -38,7 +38,9 @@ import java.io.FileNotFoundException; import java.io.FilenameFilter; import java.io.IOException; import java.io.InputStream; +import java.net.URL; import java.util.ArrayList; +import java.util.Date; import java.util.List; import java.util.UUID; @@ -47,6 +49,7 @@ import org.apache.log4j.Logger; import com.amazonaws.AmazonClientException; import com.amazonaws.ClientConfiguration; +import com.amazonaws.HttpMethod; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.BasicAWSCredentials; import com.amazonaws.services.s3.AmazonS3; @@ -178,6 +181,17 @@ public final class S3Utils { } + public static URL generatePresignedUrl(final ClientOptions clientOptions, final String bucketName, final String key, + final Date expiration) { + + assert clientOptions != null; + assert !isBlank(bucketName); + assert !isBlank(key); + + return acquireClient(clientOptions).generatePresignedUrl(bucketName, key, expiration, HttpMethod.GET); + + } + // Note that whenever S3Object is returned, client code needs to close the internal stream to avoid resource leak. public static S3Object getObject(final ClientOptions clientOptions, final String bucketName, final String key) {