feat(storage): respect WithEndpoint for SignedURLs and PostPolicy #8113
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Clients initiated with a non default endpoint will use that endpoint for SignedURLs and Post Policies.
tritone
reviewed
Jun 16, 2023
storage/bucket.go
Outdated
| @@ -173,6 +173,9 @@ func (b *BucketHandle) Update(ctx context.Context, uattrs BucketAttrsToUpdate) ( | |||
| // [Overview of access control]: https://cloud.google.com/storage/docs/accesscontrol#signed_urls_query_string_authentication | |||
| // [automatic detection of credentials]: https://pkg.go.dev/cloud.google.com/go/storage#hdr-Credential_requirements_for_signing | |||
| func (b *BucketHandle) SignedURL(object string, opts *SignedURLOptions) (string, error) { | |||
| // Extract the correct endpoint from the readhost set on the client | |||
| opts.endpoint = b.c.readHost | |||
There was a problem hiding this comment.
I think calling this endpoint is a bit misleading. Usually I think of endpoint as being the full path for the JSON API, i.e. https://storage.googleapis.com/storage/v1. Just storage.googleapis.com would be a hostname.
Sidenote, readHost is also a bit misleading because now using XML reads is optional; maybe we should rename to xmlHost. (not required for this PR though).
There was a problem hiding this comment.
You are correct.
Here is a PR for renaming readHost: #8160
| want string | ||
| }{ | ||
| { | ||
| desc: "SignURLV4 creates link to resources in emulator", |
There was a problem hiding this comment.
These cases really seem like they belong in the conformance tests for signed URLs once the project is complete. Could you add a TODO to move them? (and I guess this would also require exporting the hostname option rather than having it be internal only)
| @@ -268,7 +268,7 @@ const ( | |||
| type URLStyle interface { | |||
There was a problem hiding this comment.
Can you also update the docs for PathStyle to indicate that the provided hostname is taken into account?
There was a problem hiding this comment.
Done. To-do on virtual hosted style, if we decide to support it.
storage/storage.go
Outdated
| func (s virtualHostedStyle) host(bucket string) string { | ||
| func (s virtualHostedStyle) host(endpoint, bucket string) string { | ||
| if endpoint != "" { | ||
| return bucket + "." + stripScheme(endpoint) |
There was a problem hiding this comment.
I'm not totally sure about this one and whether it is expected to be supported. Let's discuss offline next week.
tritone
approved these changes
Jun 23, 2023
storage/post_policy_v4.go
Outdated
| @@ -113,8 +113,13 @@ type PostPolicyV4Options struct { | |||
| // Optional. | |||
| Conditions []PostPolicyV4Condition | |||
|
|
|||
| // Hostname sets the host of the signed post policy. This field overrides | |||
| // any endpoint set on a storage Client or through STORAGE_EMULATOR_HOST. | |||
| // Not compatible with BucketBoundHostname URLStyle. | |||
There was a problem hiding this comment.
I would say "only compatible with PathStyle" because we omitted VirtualHosted also. Same in the docs for SignedURLOptions below.
BEGIN_NESTED_COMMIT fix(accessapproval): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(accesscontextmanager): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(advisorynotifications): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(aiplatform): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(alloydb): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(analytics): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(apigateway): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(apigeeconnect): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(apigeeregistry): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(apikeys): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(appengine): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(area120): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(artifactregistry): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(asset): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(assuredworkloads): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(automl): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(baremetalsolution): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(batch): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(beyondcorp): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(bigquery): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(bigtable): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(billing): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(binaryauthorization): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(certificatemanager): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(channel): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(cloudbuild): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(clouddms): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(cloudtasks): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(compute): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(confidentialcomputing): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(contactcenterinsights): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(container): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(containeranalysis): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(datacatalog): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(dataflow): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(dataform): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(datafusion): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(datalabeling): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(dataplex): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(dataproc): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(dataqna): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(datastore): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(datastream): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(deploy): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(dialogflow): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(discoveryengine): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(dlp): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(documentai): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(domains): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(edgecontainer): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(errorreporting): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(essentialcontacts): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(eventarc): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(filestore): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(firestore): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(functions): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(gaming): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(gkebackup): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(gkeconnect): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(gkehub): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(gkemulticloud): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(grafeas): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(gsuiteaddons): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(iam): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(iap): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(ids): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(iot): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(kms): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(language): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(lifesciences): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(logging): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(longrunning): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(managedidentities): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(maps): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(mediatranslation): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(memcache): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(metastore): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(monitoring): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(networkconnectivity): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(networkmanagement): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(networksecurity): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(notebooks): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(optimization): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(orchestration): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(orgpolicy): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(osconfig): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(oslogin): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(phishingprotection): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(policytroubleshooter): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(privatecatalog): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(profiler): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(pubsub): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(pubsublite): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(rapidmigrationassessment): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(recaptchaenterprise): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(recommendationengine): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(recommender): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(redis): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(resourcemanager): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(resourcesettings): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(retail): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(run): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(scheduler): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(secretmanager): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(security): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(securitycenter): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(servicecontrol): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(servicedirectory): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(servicemanagement): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(serviceusage): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(shell): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(spanner): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(speech): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(storage): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(storageinsights): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(storagetransfer): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(support): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(talent): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(texttospeech): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(tpu): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(trace): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(translate): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(video): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(videointelligence): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(vision): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(vmmigration): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(vmwareengine): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(vpcaccess): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(webrisk): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(websecurityscanner): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(workflows): REST query UpdateMask bug END_NESTED_COMMIT BEGIN_NESTED_COMMIT fix(workstations): REST query UpdateMask bug END_NESTED_COMMIT
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Clients initiated with a non default endpoint will use that endpoint for SignedURLs and Post Policies.
Uses the endpoint set for
client.readHostas we set that anyway to the correct endpoint when initializing a client. It could also be extracted fromclient.raw.BasePathbutclient.readHostis already in the form we need.