-
Notifications
You must be signed in to change notification settings - Fork 592
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
getSignedUrl requires private_key
#211
Comments
private_key
private_key
private_key
private_key
We need this for |
The best solution is to just require |
Hmm... When I get started I have a credentials.json file -- which has a private key as one of the properties... Could we maybe also accept a credentials file? |
If they have a keyfile, this will work everywhere: var gcs = gcloud.storage({ keyFilename: '...keyfile.json' });
gcs.bucket('bucket').file('file').getSignedUrl(); If they don't provide a keyfile, the callback would have received an error. So, I was thinking: var gcs = gcloud.storage();
gcs.bucket('bucket').file('file').getSignedUrl({
// ...
client_email: '...',
private_key: '...'
}, function() {}); This is similar to how ruby does it: googleapis/google-cloud-ruby#196 And this is already quite an edge case, because we're saying "hey, since you didn't provide a credentials object earlier, how about you give us one now? Are you suuuure you don't have one?" Any solution really works, as long as we have some way to make it work. Vote?
|
Shouldn't we then offer the same argument handling that var args = <something>
var gcs = gcloud.storage(args);
gcs.bucket('bucket').file('file').getSignedUrl();
gcs.bucket('bucket').file('file').getSignedUrl(args, function() {}); So any valid value of |
I think that's weird, since
It is just weird to one-off our hierarchy and auth:
I think this maybe changed my mind, though. If a user ever has a credentials object to give, or a keyfile path, we should say "Give it to |
I'm just thinking about what's easiest for me. In most cases, I'd rather not create a new instance of storage just for that, but I could.... Or I could just pass in whatever would have been valid for storage, but specifically to this specific method -- which is super nice. If I know how to instantiate storage, I know how to sign a URL with the right credentials. If I had to vote, I'd say either we accept anything that storage accepts, or nothing at all (raising an Exception saying "yo, you can't sign URLs, cuz storage ain't got no credentials on it... set that up first... kthxbai.") |
If this is an edge case I think we should just mandate that they create a separate |
I get you, and I think we can solve "easy" with intuition. For me, that would be, "Oh, this needs auth to work? I'll go back and give it a keyfile." I wouldn't expect each method to support credentials.
I like this too, but it has to be on the docs level, only because it's an async process to determine if we have the credentials. We can technically see if the properties The callback will be invoked with some auth error from google-auth-library that should inspire them to check out the docs. We can return a custom error as well, but I'm not sure which is better there (what if the original error was actually helpful to a user who did provide the right credentials, but something about them is off) |
The callback couldn't contain an error saying "we couldn't find any credentials.. you gotta do that!" or "we had credentials, but we tried and they were no good..." ? I'm all for the callback coming with an |
Maybe we could wrap it? getSignedUrl({}, function(err) {
console.log(err);
// Signing failed. See `error` property for more.
// Make sure you gave the correct credentials to your Storage instance.
// https://googlecloudplatform.github.io/gcloud-node/#/docs/v0.20.0/storage/file?method=getSignedUrl
console.log(err.err);
// Original message from google-auth-library error.
}); |
Sorry I didn't chime in earlier, I had been trying to nudge some Google folks with googleapis/google-cloud-python#922 to support signing a blob on GCE (it's already supported on GAE). |
* updated CHANGELOG.md [ci skip] * updated package.json [ci skip] * updated samples/package.json [ci skip]
* updated CHANGELOG.md [ci skip] * updated package.json [ci skip] * updated samples/package.json [ci skip]
* updated CHANGELOG.md [ci skip] * updated package.json [ci skip] * updated samples/package.json [ci skip]
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/325cd597-d8fe-40d6-aad1-01bd299fa976/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@ba9918c
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/cb5a7bf7-f080-4698-bd24-ff5880d64fc8/targets - [ ] To automatically regenerate this PR, check this box. PiperOrigin-RevId: 361273630 Source-Link: googleapis/googleapis@5477122
* feat: support regapic LRO Use gapic-generator-typescript v2.15.1. PiperOrigin-RevId: 456946341 Source-Link: googleapis/googleapis@88fd18d Source-Link: googleapis/googleapis-gen@accfa37 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiYWNjZmEzNzFmNjY3NDM5MzEzMzM1YzY0MDQyYjA2M2MxYzUzMTAyZSJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * fix: proper camel case for sequences of capital letters Use gapic-generator-typescript v2.15.2. PiperOrigin-RevId: 458552034 Source-Link: googleapis/googleapis@ae65014 Source-Link: googleapis/googleapis-gen@b09ede4 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiYjA5ZWRlNDM1Y2NlMTEwNDQ2ZDRhYjlmNjJhMDgxYjU3MWQzN2UzZiJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
* feat: Add fields for Pub/Sub triggers Committer: @gleeper PiperOrigin-RevId: 368533270 Source-Link: googleapis/googleapis@9a9e296 Source-Link: googleapis/googleapis-gen@3735c39 * 🦉 Updates from OwlBot Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
* chore(main): release 2.2.2 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
🤖 I have created a release *beep* *boop* --- ## [4.1.0](googleapis/nodejs-analytics-admin@v4.0.0...v4.1.0) (2022-06-29) ### Features * support regapic LRO ([#210](googleapis/nodejs-analytics-admin#210)) ([a783ccd](googleapis/nodejs-analytics-admin@a783ccd)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
…211) - [ ] Regenerate this pull request now. PiperOrigin-RevId: 417856712 Source-Link: googleapis/googleapis@285ed91 Source-Link: googleapis/googleapis-gen@7d52805 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiN2Q1MjgwNTc3MjRlMWQ0Mjg4MmE3YmNkNjdiZmEwNjk1MWNiZjFjYSJ9
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/da9a0346-3aae-4809-a60a-a33e68ec23d5/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@0c868d4
* Update Sendgrid library to latest version
This PR was generated using Autosynth. 🌈 Synth log will be available here: https://source.cloud.google.com/results/invocations/5a972b54-1689-4186-80b6-fe1833110259/targets - [ ] To automatically regenerate this PR, check this box. Source-Link: googleapis/synthtool@0c868d4
…rvice to aiplatform v1 (#211) Committer: @dizcology PiperOrigin-RevId: 402573132 Source-Link: googleapis/googleapis@d706102 Source-Link: googleapis/googleapis-gen@3e9242f Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiM2U5MjQyZjY1YmUzYTA3MjVjMGNlZDU2YWUzNDFiOGIwMmMxODliNyJ9
To generate a signed url, we need a private_key: https://developers.google.com/storage/docs/accesscontrol#Signed-URLs & https://github.com/GoogleCloudPlatform/gcloud-node/blob/v0.6.0/lib/storage/index.js#L267
We get this if a user provides a credentials object or path to a keyfile, but not in GCE or in the future, GAE. Is it going to be possible to get the private key in those environments?
The text was updated successfully, but these errors were encountered: