Add google_storage_object_signed_url documentation.
This commit is contained in:
parent
80a42feb5a
commit
ef07ed149d
|
@ -176,7 +176,7 @@ func loadJwtConfig(d *schema.ResourceData, meta interface{}) (*jwt.Config, error
|
||||||
return cfg, nil
|
return cfg, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil, fmt.Errorf("Credentials not provided in resource or provider configuration or GOOGLE_APPLICATION_CREDENTIALS environment variable.")
|
return nil, fmt.Errorf("Credentials not found in datasource, provider configuration or GOOGLE_APPLICATION_CREDENTIALS environment variable.")
|
||||||
}
|
}
|
||||||
|
|
||||||
func guessUnixHomeDir() string {
|
func guessUnixHomeDir() string {
|
||||||
|
@ -281,6 +281,7 @@ func (u *UrlData) BuildUrl() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func SignString(toSign []byte, cfg *jwt.Config) ([]byte, error) {
|
func SignString(toSign []byte, cfg *jwt.Config) ([]byte, error) {
|
||||||
|
// Parse private key
|
||||||
pk, err := parsePrivateKey(cfg.PrivateKey)
|
pk, err := parsePrivateKey(cfg.PrivateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not parse key: %v\nKey:%s", err, string(cfg.PrivateKey))
|
return nil, fmt.Errorf("could not parse key: %v\nKey:%s", err, string(cfg.PrivateKey))
|
||||||
|
@ -290,9 +291,10 @@ func SignString(toSign []byte, cfg *jwt.Config) ([]byte, error) {
|
||||||
hasher := sha256.New()
|
hasher := sha256.New()
|
||||||
hasher.Write(toSign)
|
hasher.Write(toSign)
|
||||||
|
|
||||||
|
// Sign string
|
||||||
signed, err := rsa.SignPKCS1v15(rand.Reader, pk, crypto.SHA256, hasher.Sum(nil))
|
signed, err := rsa.SignPKCS1v15(rand.Reader, pk, crypto.SHA256, hasher.Sum(nil))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Error from signing: %s\n", err)
|
return nil, fmt.Errorf("error signing string: %s\n", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return signed, nil
|
return signed, nil
|
||||||
|
|
|
@ -0,0 +1,54 @@
|
||||||
|
---
|
||||||
|
layout: "google"
|
||||||
|
page_title: "Google: google_storage_object_signed_url"
|
||||||
|
sidebar_current: "docs-google-datasource-signed_url"
|
||||||
|
description: |-
|
||||||
|
Provides signed URL to Google Cloud Storage object.
|
||||||
|
---
|
||||||
|
|
||||||
|
# google\_storage\_object\_signed_url
|
||||||
|
|
||||||
|
The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.
|
||||||
|
|
||||||
|
For more info about signed URL's is available [here](https://cloud.google.com/storage/docs/access-control/signed-urls).
|
||||||
|
|
||||||
|
## Example Usage
|
||||||
|
|
||||||
|
```
|
||||||
|
data "google_storage_object_signed_url" "artifact" {
|
||||||
|
bucket = "install_binaries"
|
||||||
|
path = "path/to/install_file.bin"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance" "vm" {
|
||||||
|
name = "vm"
|
||||||
|
...
|
||||||
|
|
||||||
|
provisioner "remote-exec" {
|
||||||
|
inline = [
|
||||||
|
"wget ${data.google_storage_object_signed_url.artifact.signed_url}",
|
||||||
|
"chmod +x install_file.bin",
|
||||||
|
"./install_file.bin"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Argument Reference
|
||||||
|
|
||||||
|
The following arguments are supported:
|
||||||
|
|
||||||
|
* `bucket` - (Required) The name of the bucket to read the object from
|
||||||
|
* `path` - (Required) The full path to the object inside the bucket
|
||||||
|
* `http_method` - (Optional) What HTTP Method will the signed URL allow (defaults to `GET`)
|
||||||
|
* `duration` - (Optional) For how long shall the signed URL be valid (defaults to 1 hour `1h`). See [here](https://golang.org/pkg/time/#ParseDuration) for info on valid duration formats.
|
||||||
|
* `credentials` - (Optional) What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source `credentials` attribute, provider `credentials` attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.
|
||||||
|
|
||||||
|
> **NOTE** the default google credentials configured by `gcloud` sdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A valid `json` service account credentials key file must be used, as generated via Google cloud console.
|
||||||
|
|
||||||
|
## Attributes Reference
|
||||||
|
|
||||||
|
The following attributes are exported:
|
||||||
|
|
||||||
|
* `signed_url` - The signed URL that can be used to access the storage object without authentication.
|
|
@ -10,6 +10,15 @@
|
||||||
<a href="/docs/providers/google/index.html">Google Provider</a>
|
<a href="/docs/providers/google/index.html">Google Provider</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
<li<%= sidebar_current(/^docs-google-datasource/) %>>
|
||||||
|
<a href="#">Data Sources</a>
|
||||||
|
<ul class="nav nav-visible">
|
||||||
|
<li<%= sidebar_current("docs-google-datasource-signed_url") %>>
|
||||||
|
<a href="/docs/providers/google/d/signed_url.html">google_storage_object_signed_url</a>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
<li<%= sidebar_current(/^docs-google-compute/) %>>
|
<li<%= sidebar_current(/^docs-google-compute/) %>>
|
||||||
<a href="#">Google Compute Engine Resources</a>
|
<a href="#">Google Compute Engine Resources</a>
|
||||||
<ul class="nav nav-visible">
|
<ul class="nav nav-visible">
|
||||||
|
|
Loading…
Reference in New Issue