Allow users to generate signed url with write permissions

cloudbridge/interfaces/resources.py

@@ -2204,7 +2204,7 @@ class BucketObject(CloudResource):
         pass
 
     @abstractmethod
-    def generate_url(self, expires_in):
+    def generate_url(self, expires_in, write=False):
         """
         Generate a signed URL to this object.
 
@@ -2214,6 +2214,10 @@ class BucketObject(CloudResource):
 
         :type expires_in: ``int``
         :param expires_in: Time to live of the generated URL in seconds.
+        :type write: ``bool``
+        :param write: Write permission for this signed URL. Users with the URL
+            will be able to upload to this object, but they will NOT be able to
+            read from it.
 
         :rtype: ``str``
         :return: A URL to access the object.

cloudbridge/providers/aws/resources.py

@@ -871,7 +871,11 @@ class AWSBucketObject(BaseBucketObject):
     def delete(self):
         self._obj.delete()
 
-    def generate_url(self, expires_in):
+    def generate_url(self, expires_in, write):
+        if write:
+            return self._provider.s3_conn.meta.client.create_presigned_post(
+                self._obj.bucket_name, self.id, expiration=expires_in
+            )
         return self._provider.s3_conn.meta.client.generate_presigned_url(
             'get_object',
             Params={'Bucket': self._obj.bucket_name, 'Key': self.id},

cloudbridge/providers/azure/azure_client.py

@@ -451,7 +451,7 @@ class AzureClient(object):
         blob_client = self.blob_client(container_name, blob_name)
         blob_client.delete_blob(delete_snapshots)
 
-    def get_blob_url(self, container_name, blob_name, expiry_time):
+    def get_blob_url(self, container_name, blob_name, expiry_time, write):
         now = datetime.datetime.utcnow()
         expiry = now + datetime.timedelta(
             seconds=expiry_time)
@@ -462,7 +462,7 @@ class AzureClient(object):
         )
         sas = generate_blob_sas(
             self.storage_account, container_name, blob_name,
-            permission=BlobSasPermissions(read=True), expiry=expiry,
+            permission=BlobSasPermissions(read=True, write=write), expiry=expiry,
             user_delegation_key=delegation_key
         )
         url = (

cloudbridge/providers/azure/resources.py

@@ -258,12 +258,12 @@ class AzureBucketObject(BaseBucketObject):
         """
         self._blob_client.delete_blob()
 
-    def generate_url(self, expires_in):
+    def generate_url(self, expires_in, write):
         """
         Generate a URL to this object.
         """
         return self._provider.azure_client.get_blob_url(
-            self._container, self.name, expires_in)
+            self._container, self.name, expires_in, write)
 
     def refresh(self):
         pass

cloudbridge/providers/gcp/resources.py

@@ -1975,14 +1975,16 @@ class GCPBucketObject(BaseBucketObject):
              .delete(bucket=self._obj['bucket'], object=self.name)
              .execute())
 
-    def generate_url(self, expires_in):
+    def generate_url(self, expires_in, write):
         """
         Generates a signed URL accessible to everyone.
         """
+        http_method = "POST" if write else "GET"
+
         # pylint:disable=protected-access
         return helpers.generate_signed_url(
             self._provider._credentials, self._obj['bucket'], self.name,
-            expiration=expires_in)
+            expiration=expires_in, http_method=http_method)
 
     def refresh(self):
         # pylint:disable=protected-access

cloudbridge/providers/openstack/resources.py

@@ -1316,7 +1316,8 @@ class OpenStackBucketObject(BaseBucketObject):
                 result = result and del_res['success']
         return result
 
-    def generate_url(self, expires_in):
+    def generate_url(self, expires_in, write):
+        http_method = "POST" if write else "GET"
         # Set a temp url key on the object (http://bit.ly/2NBiXGD)
         temp_url_key = "cloudbridge-tmp-url-key"
         self._provider.swift.post_account(
@@ -1325,7 +1326,7 @@ class OpenStackBucketObject(BaseBucketObject):
         access_point = "{0}://{1}".format(base_url.scheme, base_url.netloc)
         url_path = "/".join([base_url.path, self.cbcontainer.name, self.name])
         return urljoin(access_point, generate_temp_url(url_path, expires_in,
-                                                       temp_url_key, 'GET'))
+                                                       temp_url_key, http_method))
 
     def refresh(self):
         self._obj = self.cbcontainer.objects.get(self.id)._obj