In 2.25.0 GoogleStorage generate_url() returns url with AWSAccessKeyId instead of GoogleAccessId #2108

Closed
ghost opened this Issue Feb 19, 2014 · 3 comments

Projects

None yet

1 participant

@ghost
ghost commented Feb 19, 2014

When generating a Google Storage signed url:

conn = boto.connect_gs(gs_access_key, gs_secret_access)
signed_url = conn.generate_url(900, 'GET', bucket=bucket_name, key=file_name)

signed_url is of the form:

https://bucket_name.storage.googleapis.com/file_name?Signature=foo&Expires=1392808714&**AWSAccessKeyId**=gs_access_key

But should be of the form:

https://bucket_name.storage.googleapis.com/file_name?Signature=foo&Expires=1392808714&**GoogleAccessId**=gs_access_key

@danielgtaylor
Member

It looks like the example at the veeery bottom of this page agrees with you:

https://developers.google.com/storage/docs/accesscontrol#Signed-URLs

@mfschwartz is using AWSAccessKeyId not supported or just not the recommended way to do this?

@danielgtaylor
Member

It looks like the value is hard-coded into the Google Storage class:

https://github.com/boto/boto/blob/develop/boto/gs/connection.py#L35

@ghost
ghost commented Feb 24, 2014

When using AWSAccessKeyId Google Storage replies with a 403 AccessDenied response

Yes, changing the line in https://github.com/boto/boto/blob/develop/boto/gs/connection.py#L35 to QueryString = 'Signature=%s&Expires=%d&GoogleAccessId=%s' fixes the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment