Home > Backend Development > Golang > Unable to sign GCS URL using gcloud default login

Unable to sign GCS URL using gcloud default login

WBOY
Release: 2024-02-08 21:21:28
forward
1266 people have browsed it

无法使用 gcloud 默认登录名签署 GCS 网址

php Editor Zimo may encounter a problem when using gcloud, that is, he cannot use the default login name to sign the GCS URL. This problem may cause some confusion, but we can find a solution. In this article, we will introduce how to solve this problem so that you can successfully use gcloud to sign GCS URLs. Whether you are a beginner or an experienced developer, this article will provide you with clear and concise solutions. Let’s take a look!

Question content

I am developing a golang backend and using the cloud.google.com/go/storage library to communicate with our gcs instance. Currently I'm using this library to sign urls and upload media to our instance. However, I want to avoid downloading the service account key file and explicitly setting the google_application_credentials environment variable for local development purposes. To achieve this, I provided the user credentials for adc as per the reference documentation.

Uploading media works fine with the new adc configuration. However, when trying to sign the url using the following code snippet:

u, err := client.bucket(bucket).signedurl(object, &storage.signedurloptions{
        method:  http.methodget,
        expires: time.now().add(365 * 24 * time.hour),
    })
Copy after login

I received an error message:

storage: unable to detect default GoogleAccessID: storage: empty client email in credentials
Copy after login

This error message is confusing because I authenticated using gcloud auth application-default login before executing the code. What could be the problem here and how can I fix it?

edit: I tried adding the --impersonate-service-account flag to point to the service account that has token creation permissions, but that doesn't seem to work either.

Workaround

Apparently this issue is resolved in the latest version of cloud.google.com/go/storage (I read about it in the GitHub discussion content, but for some reason the link can no longer be found). You must append the service account to the signed URL, and the library is now able to obtain the GoogleAccessID associated with the impersonation. After upgrading to v1.29.0 and authenticating using gcloud auth application-default login --impersonate-service-account=<SERVICE_ACCOUNT> everything seems to be working fine. Make sure your user account has the "Service Account Token Creator" role assigned under the service account.

The above is the detailed content of Unable to sign GCS URL using gcloud default login. For more information, please follow other related articles on the PHP Chinese website!

source:stackoverflow.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template