Downloads and uploads requires listBuckets permission

[mullenkamp]

Hi,

I just started testing the b2sdk and realised that downloads and uploads (other than download_file_by_id) require the listBuckets permission. This is because get_bucket_by_name (or get_bucket_by_id) must be called to create a bucket object, and this request makes a list_buckets request.
Is there a way around the list_buckets request, because this seems like an unnecessary extra permission to download and upload files?

Thanks

[ppolewicz]

You can use a key restricted to a bucket - in this case b2 account authorize will pre-fill the bucket id-to-name cache and you shouldn't need list_buckets

[mullenkamp]

Thanks for the reply. But it's still unclear when (and how) that cache gets updated with the bucket id and bucket name.

Following the tutorial (with real keys of course):

from b2sdk.v2 import InMemoryAccountInfo, B2Api

info = B2Api.InMemoryAccountInfo()
b2_api = B2Api.B2Api(info)
b2_api.authorize_account("production", 'fake_key_id', 'fake_key')

bucket = b2_api.get_bucket_by_id('fake_bucket_id')

The last line fails with an Unauthorized: unauthorized for application key with capabilities error.
Is there a step I'm missing?
The key that I'm using has read and write access to the files.

Thanks again

[mjurbanski-reef]

Seems the source of your problem to be in:

b2-sdk-python/b2sdk/_internal/session.py

Lines 74 to 79 in aaf8569

	if account_info is None:
	account_info = self.SQLITE_ACCOUNT_INFO_CLASS()
	if cache is None:
	cache = AuthInfoCache(account_info)
	if cache is None:
	cache = DummyCache()

I have to look more into this behavior, as my first instinct would be to change it, but we have a strong non-breaking changes policy.

In short, if AccountInfo is manually passed, then cache object is not automagically created for API and it is to expected to be passed in, explicitly, as you did with AccountInfo, i.e.

from b2sdk.v2 import B2Api, InMemoryAccountInfo, InMemoryCache

info = InMemoryAccountInfo()
b2_api = B2Api(
    info,
    cache=InMemoryCache()  # Without this line Bucket-specific Key with only readFiles capability won't work
)

[mullenkamp]

Thank you very much @ppolewicz , your solution does seem to work and I understand what's going on.
Maybe a brief mention of this in the docs would be helpful, because the tutorial only uses the InMemoryAccountInfo as I described.
Thanks again

[mjurbanski-reef]

To avoid breaking changes, the change was made to yet not stable b2sdk._v3 interface, while b2sdk.v2 stays as it was, but fixed documentation of to recommend:

from b2sdk.v2 import B2Api, InMemoryAccountInfo, AuthInfoCache

info = InMemoryAccountInfo()
b2_api = B2Api(
    info,
    cache=AuthInfoCache(info)
)

where as in b2sdk.v3 the manual creation of AuthInfoCache won't be required to attain the exactly same effect (i.e. having a working bucket cache).