在CloudRun中创建V4签名的URL [英] Creating V4 Signed URLs in CloudRun
问题描述
我想从使用CloudRun部署的应用程序创建指向Google Cloud Storage资源的签名URL.
I'd like to create Signed URLs to Google Cloud Storage resources from an app deployed using CloudRun.
我使用我的目的是使用V4签名从CloudRun创建签名URL.为此用途有指南-文件service_account.json
用于生成JWT配置的情况.当我从Google的IAM下载文件时,这对我在localhost上有效.我想避免将此文件提交到存储库中,请使用我在CloudRun UI中提供的文件.
My intent was to use V4 Signing to create Signed URLs from CloudRun. There is a guide for this use-case where a file service_account.json
is used to generate JWT config. This works for me on localhost when I download the file from google's IAM. I'd like to avoid having this file committed in the repository use the one that I provided in CloudRun UI.
我希望CloudRun将此服务帐户文件注入到应用容器中,并使其在GOOGLE_APPLICATION_CREDENTIALS
变量中可访问,但事实并非如此.
I was hoping that CloudRun injects this service account file to the app container and makes it accessible in GOOGLE_APPLICATION_CREDENTIALS
variable but that's not the case.
您对此有何建议?谢谢.
Do you have a recommendation on how to do this? Thank you.
推荐答案
正如您所说,Golang存储客户端库需要一个服务帐户json文件来对URL进行签名.
As you say, Golang Storage Client Libraries require a service account json file to sign urls.
当前在GitHub中有一个功能请求已打开这个,但您应该可以通过我发现的这个示例来解决
There is currently a feature request open in GitHub for this but you should be able to work this around with this sample that I found here:
import (
"context"
"fmt"
"time"
"cloud.google.com/go/storage"
"cloud.google.com/go/iam/credentials/apiv1"
credentialspb "google.golang.org/genproto/googleapis/iam/credentials/v1"
)
const (
bucketName = "bucket-name"
objectName = "object"
serviceAccount = "[PROJECTNUMBER]-compute@developer.gserviceaccount.com"
)
func main() {
ctx := context.Background()
c, err := credentials.NewIamCredentialsClient(ctx)
if err != nil {
panic(err)
}
opts := &storage.SignedURLOptions{
Method: "GET",
GoogleAccessID: serviceAccount,
SignBytes: func(b []byte) ([]byte, error) {
req := &credentialspb.SignBlobRequest{
Payload: b,
Name: serviceAccount,
}
resp, err := c.SignBlob(ctx, req)
if err != nil {
panic(err)
}
return resp.SignedBlob, err
},
Expires: time.Now().Add(15*time.Minute),
}
u, err := storage.SignedURL(bucketName, objectName, opts)
if err != nil {
panic(err)
}
fmt.Printf("\"%v\"", u)
}
这篇关于在CloudRun中创建V4签名的URL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!