custom endpoint for v4 SignedUrl

googleapis · May 15, 2024 · 66096d3 · 66096d3
1 parent efeb4b8
commit 66096d3
Show file tree

Hide file tree

Showing 5 changed files with 78 additions and 21 deletions.
diff --git a/google/cloud/storage/client.cc b/google/cloud/storage/client.cc
@@ -389,7 +389,7 @@ StatusOr<std::string> Client::SignUrlV2(
   std::string signature = curl.MakeEscapedString(encoded).get();
 
   std::ostringstream os;
-  os << ExternalUrl() << '/' << request.bucket_name();
+  os << Endpoint() << '/' << request.bucket_name();
   if (!request.object_name().empty()) {
     os << '/' << curl.MakeEscapedString(request.object_name()).get();
   }
@@ -481,7 +481,7 @@ std::string CreateRandomPrefixName(std::string const& prefix) {
                                                   "abcdefghijklmnopqrstuvwxyz");
 }
 
-std::string Client::ExternalUrl() const{
+std::string Client::Endpoint() const {
   return connection_->options().get<RestEndpointOption>();
 }
 

diff --git a/google/cloud/storage/client.h b/google/cloud/storage/client.h
@@ -2995,8 +2995,9 @@ class Client {
                                           Options&&... options) {
     google::cloud::internal::OptionsSpan const span(
         SpanOptions(std::forward<Options>(options)...));
+    auto const host = Endpoint();
     internal::V4SignUrlRequest request(std::move(verb), std::move(bucket_name),
-                                       std::move(object_name));
+                                       std::move(object_name), std::move(host));
     request.set_multiple_options(std::forward<Options>(options)...);
     return SignUrlV4(std::move(request));
   }
@@ -3492,7 +3493,7 @@ class Client {
   StatusOr<PolicyDocumentV4Result> SignPolicyDocumentV4(
       internal::PolicyDocumentV4Request request);
 
-  std::string ExternalUrl() const;
+  std::string Endpoint() const;
 
   std::shared_ptr<internal::StorageConnection> connection_;
 };

diff --git a/google/cloud/storage/client_sign_url_test.cc b/google/cloud/storage/client_sign_url_test.cc
@@ -113,9 +113,11 @@ TEST_F(CreateSignedUrlTest, V2SignRemote) {
 /// @test Verify that CreateV2SignedUrl() respects the custom endpoint.
 TEST_F(CreateSignedUrlTest, V2SignCustomEndpoint) {
   auto const custom_endpoint = std::string{"https://storage.mydomain.com"};
-
-  Options options = Options{}.set<UnifiedCredentialsOption>(MakeServiceAccountCredentials(kJsonKeyfileContents))
-                             .set<RestEndpointOption>(custom_endpoint);
+
+  Options options = Options{}
+                        .set<UnifiedCredentialsOption>(
+                            MakeServiceAccountCredentials(kJsonKeyfileContents))
+                        .set<RestEndpointOption>(custom_endpoint);
   Client client(options);
   StatusOr<std::string> actual =
       client.CreateV2SignedUrl("GET", "test-bucket", "test-object");
@@ -126,8 +128,11 @@ TEST_F(CreateSignedUrlTest, V2SignCustomEndpoint) {
 TEST_F(CreateSignedUrlTest, V2SignCustomUniverseDomain) {
   auto const custom_ud = std::string{"mydomain.com"};
 
-  Options options = Options{}.set<UnifiedCredentialsOption>(MakeServiceAccountCredentials(kJsonKeyfileContents))
-                             .set<google::cloud::internal::UniverseDomainOption>(custom_ud);
+  Options options =
+      Options{}
+          .set<UnifiedCredentialsOption>(
+              MakeServiceAccountCredentials(kJsonKeyfileContents))
+          .set<google::cloud::internal::UniverseDomainOption>(custom_ud);
   Client client(options);
 
   StatusOr<std::string> actual =
@@ -259,6 +264,49 @@ TEST_F(CreateSignedUrlTest, V4SignRemote) {
   EXPECT_THAT(*actual, HasSubstr(expected_signed_blob_hex));
 }
 
+/// @test Verify that CreateV4SignedUrl() respects the custom endpoint.
+TEST_F(CreateSignedUrlTest, V4SignCustomEndpoint) {
+  auto const custom_endpoint = std::string{"https://storage.mydomain.com"};
+  std::string const bucket_name = "test-bucket";
+  std::string const object_name = "test-object";
+  std::string const date = "2019-02-01T09:00:00Z";
+  auto const valid_for = std::chrono::seconds(10);
+
+  Options options =
+      Options{}
+          .set<UnifiedCredentialsOption>(
+              MakeServiceAccountCredentials(kJsonKeyfileContentsForV4))
+          .set<RestEndpointOption>(custom_endpoint);
+  Client client(options);
+
+  auto actual = client.CreateV4SignedUrl(
+      "GET", bucket_name, object_name,
+      SignedUrlTimestamp(google::cloud::internal::ParseRfc3339(date).value()),
+      SignedUrlDuration(valid_for));
+  EXPECT_THAT(actual, IsOkAndHolds(StartsWith(custom_endpoint)));
+}
+
+/// @test Verify that CreateV4SignUrl() respects the custom universe domain.
+TEST_F(CreateSignedUrlTest, V4SignCustomUniverseDomain) {
+  auto const custom_ud = std::string{"mydomain.com"};
+  std::string const bucket_name = "test-bucket";
+  std::string const object_name = "test-object";
+  std::string const date = "2019-02-01T09:00:00Z";
+  auto const valid_for = std::chrono::seconds(10);
+
+  Options options =
+      Options{}
+          .set<UnifiedCredentialsOption>(
+              MakeServiceAccountCredentials(kJsonKeyfileContentsForV4))
+          .set<google::cloud::internal::UniverseDomainOption>(custom_ud);
+  Client client(options);
+  auto actual = client.CreateV4SignedUrl(
+      "GET", bucket_name, object_name,
+      SignedUrlTimestamp(google::cloud::internal::ParseRfc3339(date).value()),
+      SignedUrlDuration(valid_for));
+  EXPECT_THAT(actual, IsOkAndHolds(HasSubstr(custom_ud)));
+}
+
 TEST_F(CreateSignedUrlTest, V4SignRemoteNoSigningEmail) {
   EXPECT_CALL(*mock_, SignBlob).Times(0);
   auto client = ClientForMock();

diff --git a/google/cloud/storage/internal/signed_url_requests.cc b/google/cloud/storage/internal/signed_url_requests.cc
@@ -235,19 +235,20 @@ Status V4SignUrlRequest::Validate() {
 }
 
 std::string V4SignUrlRequest::Hostname() {
+  auto const host = common_request_.host();
   if (virtual_host_name_) {
-    return common_request_.bucket_name() + ".storage.googleapis.com";
+    return common_request_.bucket_name() + "." + host;
   }
   if (domain_named_bucket_) {
     return *domain_named_bucket_;
   }
-  return "storage.googleapis.com";
+  return host;
 }
 
 std::string V4SignUrlRequest::HostnameWithBucket() {
-  return scheme_ + "://" + Hostname() +
-         (SkipBucketInPath() ? std::string()
-                             : ("/" + common_request_.bucket_name()));
+  return Hostname() + (SkipBucketInPath()
+                           ? std::string()
+                           : ("/" + common_request_.bucket_name()));
 }
 
 std::chrono::system_clock::time_point V4SignUrlRequest::DefaultTimestamp() {

diff --git a/google/cloud/storage/internal/signed_url_requests.h b/google/cloud/storage/internal/signed_url_requests.h
@@ -38,14 +38,16 @@ class SignUrlRequestCommon {
  public:
   SignUrlRequestCommon() = default;
   SignUrlRequestCommon(std::string verb, std::string bucket_name,
-                       std::string object_name)
+                       std::string object_name, std::string host)
       : verb_(std::move(verb)),
         bucket_name_(std::move(bucket_name)),
-        object_name_(std::move(object_name)) {}
+        object_name_(std::move(object_name)),
+        host_(std::move(host)) {}
 
   std::string const& verb() const { return verb_; }
   std::string const& bucket_name() const { return bucket_name_; }
   std::string const& object_name() const { return object_name_; }
+  std::string const& host() const { return host_; }
   std::string const& sub_resource() const { return sub_resource_; }
   std::map<std::string, std::string> const& extension_headers() const {
     return extension_headers_;
@@ -94,6 +96,7 @@ class SignUrlRequestCommon {
   std::string verb_;
   std::string bucket_name_;
   std::string object_name_;
+  std::string host_;
   std::string sub_resource_;
   std::map<std::string, std::string> extension_headers_;
   std::multimap<std::string, std::string> query_parameters_;
@@ -108,10 +111,11 @@ class SignUrlRequestCommon {
 class V2SignUrlRequest {
  public:
   V2SignUrlRequest() = default;
-  explicit V2SignUrlRequest(std::string verb, std::string bucket_name,
-                            std::string object_name)
+  explicit V2SignUrlRequest(
+      std::string verb, std::string bucket_name, std::string object_name,
+      std::string host = "https:://storage.googleapis.com")
       : common_request_(std::move(verb), std::move(bucket_name),
-                        std::move(object_name)),
+                        std::move(object_name), std::move(host)),
         expiration_time_(DefaultExpirationTime()) {}
 
   std::string const& verb() const { return common_request_.verb(); }
@@ -121,6 +125,7 @@ class V2SignUrlRequest {
   std::string const& object_name() const {
     return common_request_.object_name();
   }
+  std::string const& host() const { return common_request_.host(); }
   std::string const& sub_resource() const {
     return common_request_.sub_resource();
   }
@@ -221,9 +226,10 @@ class V4SignUrlRequest {
  public:
   V4SignUrlRequest() : expires_(0) {}
   explicit V4SignUrlRequest(std::string verb, std::string bucket_name,
-                            std::string object_name)
+                            std::string object_name,
+                            std::string host = "https://storage.googleapis.com")
       : common_request_(std::move(verb), std::move(bucket_name),
-                        std::move(object_name)),
+                        std::move(object_name), std::move(host)),
         scheme_("https"),
         timestamp_(DefaultTimestamp()),
         expires_(DefaultExpires()),
@@ -236,6 +242,7 @@ class V4SignUrlRequest {
   std::string const& object_name() const {
     return common_request_.object_name();
   }
+  std::string const& host() const { return common_request_.host(); }
 
   std::vector<std::string> ObjectNameParts() const;