Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to create signed Google Cloud Storage URLs in Cloud Function using Cloud Function service account?

I am aware that we can create signed GCS URLs using a service account file. https://cloud.google.com/storage/docs/access-control/signing-urls-manually

In my case, what I want is to create signed URLs using the service account of the cloud function, how can I do that?

like image 795
Soumitri Pattnaik Avatar asked Jun 29 '26 02:06

Soumitri Pattnaik


1 Answers

You can perform that by providing the access token and the email of the service account.

The library will, instead of using the private key locally to sign the url, perform a call to the Service Account Credentials REST API, and use the method signBlob to sign your URL.

For that, the library need to know the token to use to be authenticated against the API, and the service account to use for performing the signature

    credentials, project_id = auth.default()
    if credentials.token is None:
        # Perform a refresh request to populate the access token of the
        # current credentials.
        credentials.refresh(requests.Request())
    client = Client()
    bucket = client.get_bucket(bucket)
    blob = bucket.blob(blob)
    return blob.generate_signed_url(
        version="v4",
        service_account_email=credentials.service_account_email,
        access_token=credentials.token
    )
like image 197
guillaume blaquiere Avatar answered Jul 01 '26 15:07

guillaume blaquiere



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!