How to Create Google Cloud Storage Signed Urls on App Engine Python

Question

I couldn't find a simple example on how to implement Google Cloud Storage Signed Urls on Google App Engine with Python. Please write a step by step guide. :)

Answer 1

I created this repo: https://github.com/voscausa/appengine-gcs-signed-url

Using GAE Pyrthon app_identity.get_service_account_name() and app_identity.sign_blob() makes creating signed url's very easy, without using a PEM key. The app shows how to download a GCS file.

But if you use the SDK to test the app, you have to use:

1. --appidentity_email_address
2. --appidentity_private_key_path

because creating a signed url is not part of the GCS client.

Answer 2

The other solutions work but there is a simpler way using generate_signed_url. This method does the same thing as @voscausa's answer but is less tedious and has custom exceptions and support for other environments.

def sign_url(obj, expires_after_seconds=60):

    client = storage.Client()
    default_bucket = '%s.appspot.com' % app_identity.get_application_id()
    bucket = client.get_bucket(default_bucket)
    blob = storage.Blob(obj, bucket)

    expiration_time = int(time.time() + expires_after_seconds)

    url = blob.generate_signed_url(expiration_time)

    return url

What vascausa said regarding local development server testing

But if you use the SDK to test the app, you have to use:

--appidentity_email_address

--appidentity_private_key_path

because creating a signed url is not part of the GCS client.

still holds.