CODEWITHSUNDEEP
gogoogle-cloud-storage
MIkCode
MIkCode

Reputation: 2835

google storage signed url public read

I'm trying to create a signed URL for a public image
Is it possible to set the permission level on the URL or do I need to set it after the file is uploaded?

I tried to do it by passing some headers but I'm not sure on the correct way to do it.

opts := &storage.SignedURLOptions{
    GoogleAccessID: googleAccessID,
    PrivateKey:     data,
    Method:         "PUT",
    Expires:        time.Now().Add(time.Hour * 1),
    ContentType:    r.MimeType,
    Headers:        []string{"x-goog-acl"},
or maybe Headers:        []string{"x-goog-acl:public-read"},

}

Then the client need to set the header as well?

Upvotes: 3

Views: 1549

Answers (2)

Brandon Yarbrough
Brandon Yarbrough

Reputation: 38369

Whoever uses a signed URL acts with the permissions of the entity that signed the URL. Say you create service account A and use A's private key to sign the URL. When an end user tries to fetch a resource using that URL, GCS will check whether service account A has read access.

Upvotes: 2

Sean
Sean

Reputation: 1088

You can do it when you create a new bucket writer. You can set the headers and create an ACLRule. I do this in an application I host on Google App Engine using the "google.golang.org/cloud/storage" package. Hope this helps.

wc := bucket.Object(filename).NewWriter(ctx)
wc.ContentType = contentType
wc.CacheControl = "public, max-age=86400"
wc.ObjectAttrs.ACL = append(wc.ObjectAttrs.ACL, storage.ACLRule{Role: storage.RoleReader, Entity: storage.AllUsers})

Upvotes: 0

Related Questions