Table of Contents
Cyberduck Help / Howto / Google Storage
Google Cloud Storage is a S3 compatible service with pricing based on usage. Google Cloud Storage is interoperable with S3.
Connecting to Google Storage
Interoperable Access
You must obtain the login credentials (Access Key and Secret) from the Google API Console under Legacy Access from the Google Cloud Storage tab.
In the login prompt of Cyberduck you enter the Access Key for the username and Secret for the password. This allows you to connect to one project configured in your account.
OAuth 2.0 Access
You must obtain the project ID (x-goog-project-id) of your project from the Google API Console under Storage Access from the Google Cloud Storage tab.
In the login prompt of Cyberduck you enter the x-goog-project-id for the username and enter the Authorization Code retrieved from the website where you grant Cyberduck acccess to your account.
You access the page with the authorization code from the link displayed in the login prompt. Click it to open it in a web browser window. You only need to get the authorization code from the website on the first login attempt. Subsequent OAuth authentications will use a refresh token retrieved from service.
Creating a bucket
When connecting the first time, you must first create a new bucket with File → New Folder... (⌘-N). You can choose the bucket location in Preferences (⌘-,) → S3 The following locations are supported:
- US
- EU - Europe
Bucket Access Logging
When this option is enabled in the Google Cloud Storage panel of the Info (File → Info (⌘-I)) window for a bucket or any file within, available log records for this bucket are periodically aggregated into log files and delivered to root in the target logging bucket specified.
Analytics
After logging is configured, you can access statistics from your access logs using a service such as Qloudstat.
Folders
Creating a folder inside a bucket will create a placeholder object named after the directory, has no data content and the mimetype application/x-directory. Directory placeholder objects created in Google Storage Manager are not supported.
Files
Metadata
You can edit standard HTTP headers add custom HTTP headers to files to store metadata. Choose File → Info → Google Storage to edit headers.
ACLs
Default ACLs
- Buckets. New buckets created have a default pre-defined canned ACL set to public-read. You get FULL_CONTROL. All other users have READ access.
Granting access to selected users
You can give access to a specific user to a document by granting READ access to the email address registered with Google. The Authenticated URL from the ACL tab in the Info window with the format https://sandbox.google.com/storage/<container>/<file> will verify access to the resource using the Google Account login credentials.
The link will redirect to the file only after the user has successfully logged in to their Google Account and is listed in the ACL you have just edited.
Granting access to Google Apps domain
Google Apps customers can associate their email accounts with an Internet domain name. When you do this, each email account takes the form username@…. You can specify a scope by using any Internet domain name that is associated with a Google Apps account.
Granting access to members of Google Group
Every Google group has a unique email address that is associated with the group. For example, the Google Storage for Developers group has the following email address: gs-discussion@…. You can find the email address that is associated with a Google group by clicking About this group, which appears on the homepage of every Google group.
Permissions
The following permissions can be given to grantees:
| Bucket | Files | |
|---|---|---|
| READ | Allows grantee to list the files in the bucket | Allows grantee to download the file and its metadata |
| WRITE | Allows grantee to create, overwrite, and delete any file in the bucket | Not applicable |
| FULL_CONTROL | Allows grantee all permissions on the bucket | Allows grantee all permissions on the object |
Limitations
- No content distribution (CDN) configuration.
- Torrent URLs are not supported.
- Signed URLs are not supported.
References
Attachments
- Google Storage ACLs.png (44.8 KB) - added by dkocher 15 months ago.
- Google Storage Access Log Configuration.png (67.7 KB) - added by dkocher 7 months ago.
- OAuth2 Authentication Prompt.png (45.9 KB) - added by dkocher 7 months ago.
- OAuth Token.png (44.9 KB) - added by dkocher 6 months ago.
