I am aware that we can create signed GCS URLs using a service account file. https://cloud.google.com/storage/docs/access-control/signing-urls-manually
In my case, what I want is to create signed URLs using the service account of the cloud function, how can I do that?
You can perform that by providing the access token and the email of the service account.
The library will, instead of using the private key locally to sign the url, perform a call to the Service Account Credentials REST API, and use the method signBlob to sign your URL.
For that, the library need to know the token to use to be authenticated against the API, and the service account to use for performing the signature
credentials, project_id = auth.default()
if credentials.token is None:
# Perform a refresh request to populate the access token of the
# current credentials.
credentials.refresh(requests.Request())
client = Client()
bucket = client.get_bucket(bucket)
blob = bucket.blob(blob)
return blob.generate_signed_url(
version="v4",
service_account_email=credentials.service_account_email,
access_token=credentials.token
)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With