pigfox
Reputation: 1399
GCloud SignatureDoesNotMatch
I am attempting to get a signed url from Google cloud where we can upload a document.
func GetSignedURL(bucketName string, objectName string) string {
ctx := context.Background()
// Get a connection to gcloud
client, err := storage.NewClient(ctx, option.WithCredentialsFile(config.GetSettings().GoogleCloudKey))
if err != nil {
msg := err.Error() + " @ " + whereami.WhereAmI() + " on " + helpers.GetTimeInTimezone()
panic(msg)
}
defer client.Close()
opts := &storage.SignedURLOptions{
Scheme: storage.SigningSchemeV4,
Method: "PUT",
PrivateKey: []byte(getPrivateKey()), //<- a Google service account private key, obtainable from the Google Developers Console
Expires: time.Now().Add(15 * time.Minute),
Insecure: false,
}
//Use connection to get url
url, err := client.Bucket(bucketName).SignedURL(objectName, opts)
if err != nil {
msg := err.Error() + " @ " + whereami.WhereAmI() + " on " + helpers.GetTimeInTimezone()
panic(msg)
}
return url
}
Per https://cloud.google.com/storage/docs/access-control/signing-urls-with-helpers#storage-signed-url-object-go I do sign the request with my Private key, I get a url similar to this:
https://storage.googleapis.com/yyy-vv-upload-xxx/aa41dcaed3a24f65b8d5a9ac94b4c0a6?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=xxx-assets-gcs-yyy-devops%40yyy-devops.iam.gserviceaccount.com%2F20226667%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20221227T183246Z&X-Goog-Expires=899&X-Goog-Signature=260b2e695999ccdea5d5d5e46f0f83d204609dbfc0efcdf1fa8381b9ec748eacad36b525e695c6fc2fb02277a56e3c10674a75de2ba83c668c2052a89192345ddbdd0fe841ea28dc7df01648f2ca420b43d6fa162540e1c34865847d34c832ded157f2ec58bd8d57c47eef32d632ff02dc1927dc94f7509795e78c357dc556e2c96ea8e86dfb5015c796627f327caf04f45560bad4d5cdb714c5bc97d442cbc87639f44b2a102ce9d9a3fc83e81bcaf9fde38ce56efd02decd3fe8a1cf5fc823e46c85b39d7ada41618993e80b5c2e61a0380d403d0d6763310350ab1cf22d539c80fdaafc2320cbdeb3f1e7c21b4c40e3dc8889b348f67573852d5e7986167e&X-Goog-SignedHeaders=host
When I load it in a browser I get the following:
<Error>
<Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message>
<StringToSign>GOOG4-RSA-SHA256 20221227T183246Z 20221227/auto/storage/goog4_request 78f5677e7572233dc56657f7b055601eee26e7913bb6426194c888367c521990</StringToSign>
<CanonicalRequest>GET /yyy-vv-upload-xxx/aa41dcaed3a24f65b8d5a9ac94b4c0a6 X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=xxx-assets-gcs-yyy-devops%40yyy-devops.iam.gserviceaccount.com%2F20221227%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20221227T183246Z&X-Goog-Expires=899&X-Goog-SignedHeaders=host host:storage.googleapis.com host UNSIGNED-PAYLOAD</CanonicalRequest>
</Error>
Any advice?
Upvotes: 1
Views: 230
Answers (1)
pigfox
Reputation: 1399
The error is completely misleading, it should have complained about the http method. Once I put the generated url in Postman and made a PUT request it worked. I could upload an image of a goldfish. The error above is generated for a GET request.
Upvotes: 1
Related Questions
- Facing issue while uploading to Google cloud storage using signed URL
- Error with signed writable URL: The request signature we calculated does not match the signature you provided
- getSignedURL() in Google Cloud Function produces link that works for several days, then returns "SignatureDoesNotMatch"
- Google storage with signed url
- SignatureDoesNotMatch Ruby on Rails Google Storage Signed URL
- Signature does not match using Signed Url with GCS
- Signed URL for google bucket does not match signature provided
- Trouble creating signed URL in App Engine
- Google Cloud Storage Signed Url - SignatureDoesNotMatch
- Google Cloud Storage - JAVA REST API - Getting SignatureDoesNotMatch