storage: PostPolicyV4Options.SignBytes is not compatible with Credentials API #4752
Labels
api: storage
Issues related to the Cloud Storage API.
priority: p2
Moderately-important priority. Fix may not be included in next release.
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Client
Cloud Storage
Environment
Reproduced in local and remote environment
Go Environment
$ go version
go version go1.16.5 darwin/amd64
Code
The definition of
PostPolicyV4Options.SignBytes
andSignedURLOptions.SignBytes
differ.The input of
PostPolicyV4Options.SignBytes
is hashedBytes.google-cloud-go/storage/post_policy_v4.go
Lines 221 to 233 in 27c3ed0
google-cloud-go/storage/post_policy_v4.go
Lines 310 to 311 in 27c3ed0
The input of
SignedURLOptions.SignBytes
is raw bytes.google-cloud-go/storage/storage.go
Lines 699 to 715 in 27c3ed0
This difference seems to make
PostPolicyV4Options.SignBytes
incompatible withprojects.serviceAccounts.signBlob
of Service Account Credentials API.Code
Expected behavior
Signed policy document are valid in both cases of
IMPERSONATE_SERVICE_ACCOUNT
orGOOGLE_APPLICATION_CREDENTIALS
.Actual behavior
Signed policy document only valid in case of
GOOGLE_APPLICATION_CREDENTIALS
.Additional context
Possible patch
storage/v1.16.1...apstndb:fix-policy-document
The text was updated successfully, but these errors were encountered: