Skip to content

Access Control using APIs

GCP#

Google Cloud Storage (GCS) allows you to manage your buckets and the files/folders stored in them. Using Google APIs, you can provide access control on GCS service. Then you can create an access policy for the GCS service to allow/deny permissions (read/write/delete) files, folders or buckets.

Prerequisite#

Ensure the following prerequisite is met:

  • GCP Dataserver should be up and running. For more information to install GCP Dataserver, click here.

Authentication#

  1. Generate the access and secret token.

    1. In Privacera Portal, go to Launch Pad > Privacera Token on the left navigation, and click Generate Token. Its corresponding dialog box is displayed.

    2. In the dialog box, add the required details and click Generate Token. The dialog box displays the access and secret key. Now, you can copy the keys.

  2. SSH to the instance where Privacera GCP Dataserver is installed or open a terminal on your local machine.

  3. Get the following details for the API. It will be used to access GCS using curl API.

    <DATASERVER_HOST> - Hostname of the GCP Dataserver.

    <PORT> - GCP Dataserver port. The default port is 8181, unless it has been manually changed using Privacera Manager.

    <GCP_PROJECT_NAME> - Enter the GCP project ID where the GCS application has been added.

    <ACCESS_TOKEN> - Copy the access token from step 1.

    <SECRET_TOKEN> - Copy the secret token from step 1.

  4. Run the following to authenticate.

    dataserver_host=<DATASERVER_HOST>
    dataserver_port=<PORT>
    
    curl -k -o /tmp/cacerts "http://${dataserver_host}:${dataserver_port}/services/certificate"
    chmod 400 /tmp/cacerts
    
    export HTTPS_PROXY=http://${dataserver_host}:${dataserver_port}
    
    export PRIVACERA_TOKEN="<ACCESS_TOKEN>|<SECRET_TOKEN>"
    export GCP_PROJECT_NAME=<GCP_PROJECT_NAME>
    

Read File#

  1. SSH to the instance where Privacera GCP Dataserver is installed or open a terminal on your local machine.

  2. Get the following details for the API:

    <BUCKET_NAME> - Enter the bucket name where the file is stored.

    <OBJECT_PATH> - Enter the object path of the file.

  3. Run the following commands to read the contents of a file.

    export BUCKET_NAME=<BUCKET_NAME>
    export OBJECT_PATH=<OBJECT_PATH>
    curl --cacert /tmp/cacerts -v -X GET -H "Authorization: Bearer ${PRIVACERA_TOKEN}" "https://storage.googleapis.com/storage/v1/b/${BUCKET_NAME}/o/${OBJECT_PATH}?project=${GCP_PROJECT_NAME}&alt=media"
    

Upload File#

  1. SSH to the instance where Privacera GCP Dataserver is installed or open a terminal on your local machine.

  2. Get the following details for the API:

    <BUCKET_NAME> - Enter the bucket name where the file is stored.

    <FILE_NAME> - Enter the name to be given for the uploaded file.

    <FILE_TO_UPLOAD> - Enter the file to be uploaded.

    <FILE_CONTENT_TYPE> - Enter the type of the file being uploaded.

  3. Run the following commands to upload a file.

    export BUCKET_NAME=<BUCKET_NAME>
    export FILE_NAME=<FILE_NAME>
    export FILE_TO_UPLOAD=<FILE_TO_UPLOAD>
    export FILE_CONTENT_TYPE=<FILE_CONTENT_TYPE>
    
    curl -k --cacert /tmp/cacerts -v -X POST -H "Authorization: Bearer ${PRIVACERA_TOKEN}" "https://storage.googleapis.com/upload/storage/v1/b/${BUCKET_NAME}/o?project=${GCP_PROJECT_NAME}&uploadType=media&name=${FILE_NAME}" --data "@${FILE_TO_UPLOAD}"  -H "Content-Type: ${FILE_CONTENT_TYPE}"
    

Delete File#

  1. SSH to the instance where Privacera GCP Dataserver is installed or open a terminal on your local machine.

  2. Get the following details for the API:

    <BUCKET_NAME> - Enter the bucket name where the file is stored.

    <FILE_NAME> - Enter the name to be given for the uploaded file.

  3. Run the following commands to delete a file.

    export BUCKET_NAME=<BUCKET_NAME>
    export FILE_NAME=<FILE_NAME>
    
    curl -k --cacert /tmp/cacerts -v -X DELETE -H "Authorization: Bearer ${PRIVACERA_TOKEN}" POST "https://storage.googleapis.com/storage/v1/b/${BUCKET_NAME}/o/${FILE_NAME}?project=${GCP_PROJECT_NAME}"
    

Last update: August 19, 2021