Backblaze Application Keys

[lqbombjack]

Is it possible to add support for Application Keys which was added in v2 of the Backblze api?

Rather than having to use the main account's master id?

[gaul]

What happens when you use S3Proxy with an application key today? Reading through the docs it is not obvious if anything needs to be done to support it:

https://www.backblaze.com/b2/docs/application_keys.html

[ecarneiro]

I work for Backblaze and I wanted to chime in here and explain, how I understand, the authorize call works with B2.

When using the Master Key, the Key ID and the Account ID are the same. However, when using Application Keys, the Key ID of the application key is not the same as the account ID. The account ID is what is needed to make certain calls such as bucket operations.

The response of the b2_authorize_account contains the account ID.

If you look at the b2_list_buckets endpoint, it takes in an account ID. This Account ID is returned in the authorize call.

Looking at the source code, It seems that the account ID is being pulled from the credentials that the user entered versus the response from the authorize call.

Can you please confirm if this is indeed the case?

[ecarneiro]

@nilayp - Adding Nilay for Visibility.

[gaul]

Again, does anything need to be done to support applications keys beyond what already exists? You can trace through the jclouds code AuthorizationApi and RequestAuthorization to see the call to b2_authorize_account and use of the Authorization header. It would help if one of you can test this and share any symptoms.

[ecarneiro]

Yes. You need to pull the account ID from the response of the authorize call rather than use the account ID from what is passed in to authenticate the user.

If you look at the bucketsAPI class - https://github.com/apache/jclouds/blob/master/providers/b2/src/main/java/org/jclouds/b2/features/BucketApi.java - you will see that the account ID is pulled from : @PayloadParams(keys = {"accountId"}, values = {"{jclouds.identity}"})

This should actually be pulled from the Authorization response. https://github.com/apache/jclouds/blob/master/providers/b2/src/main/java/org/jclouds/b2/domain/Authorization.java

[gaul]

This makes sense. It seems that you will need a custom MapBinder to insert a dynamic value from Authorization. Could you open a JIRA ticket and a pull request against jclouds? The project plans a release next week so if you hurry it can include your fix.

[ecarneiro]

I am going to move this ticket to JClouds repo as I am not able to develop this. Hopefully someone from the community can contribute and fix this.

[kernworks]

+1 on this even though it's a JClouds issue
Looks like ecarneiro did open a JIRA against JClouds.
Here it is for reference:
https://issues.apache.org/jira/projects/JCLOUDS/issues/JCLOUDS-1519?filter=allopenissues

[davidsenk]

@gaul

Hi, I submitted a fix to the jclouds repository apache/jclouds#190

I tested my fix with s3proxy, and it works beautifully with application keys now! Hopefully a future release of s3proxy will be able to include this updated fix!

[gaul]

Addressed by S3Proxy 2.2.0.