You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
vangent
merged 2 commits into
google:master
from
mark-kubacki:impl-gcsblob-default-signingJun 9, 2020
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This enables to use blob.SignURL out-of-the-box by setting the required values, primarily the GoogleAccessID and a PrivateKey—where available—, and a default signing behaviour.
By moving the IAM Credentials API client into the bucket, it's henceforth possible to use it in bucket.Options.SignBytes() without any external wrapper.
Previously users ran into SignURL working properly with the likes of S3 without doing anything special, and GCS has been the outlier that needed additional work degrading productivity and developer experience.
I've dropped detection of the service account on GCE (as GoogleAccessID) from this PR and will file it separately once this is in. It required upgrading to cloud.google.com/go v0.57.0
This lifts gcsblob to function parity with other blob implementations
and enables users to skip setting those values in environments
such as AppEngine, where the file is in a well-known location, and
generally whenever a GOOGLE_APPLICATION_CREDENTIALS is set.
Thanks for your patience negotiating this. Tests are in, and I believe we've arrived at an expanded functionality that opens up this to use-cases with improved security.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This enables to use blob.SignURL out-of-the-box by setting the required values, primarily the GoogleAccessID and a PrivateKey—where available—, and a default signing behaviour.
By moving the IAM Credentials API client into the bucket, it's henceforth possible to use it in
bucket.Options.SignBytes()without any external wrapper.Previously users ran into
SignURLworking properly with the likes of S3 without doing anything special, and GCS has been the outlier that needed additional work degrading productivity and developer experience.closes #2653