如何在Google Cloud Run中生成Blob签名的URL？_随笔

如何在Google Cloud Run中生成Blob签名的URL？

是的，您可以，但是我必须深入研究以找到方法（如果您不关心细节，请跳到最后）

如果您进入

_signing.py file

623行，则可以看到

if access_token and service_account_email:   signature = _sign_message(string_to_sign, access_token, service_account_email)...

如果提供

access_token

和

service_account_email

，则可以使用

_sign_message

方法。此方法在此行使用IAM服务SignBlob
API

这很重要，因为您现在可以在本地没有私钥的情况下对Blob进行签名！！因此，这解决了问题，并且以下代码可在Cloud Run上运行（而且我敢肯定，在Cloud
Function上）

def sign_url():    from google.cloud import storage    from datetime import datetime, timedelta    import google.auth    credentials, project_id = google.auth.default()    # Perform a refresh request to get the access token of the current credentials (Else, it's None)    from google.auth.transport import requests    r = requests.Request()    credentials.refresh(r)    client = storage.Client()    bucket = client.get_bucket('EXAMPLE_BUCKET')    blob = bucket.get_blob('libraries/image_1.png')    expires = datetime.now() + timedelta(seconds=86400)    # In case of user credential use, define manually the service account to use (for development purpose only)    service_account_email = "YOUR DEV SERVICE ACCOUNT"    # If you use a service account credential, you can use the embedded email    if hasattr(credentials, "service_account_email"):        service_account_email = credentials.service_account_email    url = blob.generate_signed_url(expiration=expires,service_account_email=service_account_email, access_token=credentials.token)    return url, 200

让我知道是否不清楚

欢迎分享，转载请注明来源：内存溢出

原文地址:https://54852.com/zaji/5661992.html

如何在Google Cloud Run中生成Blob签名的URL？

发表评论

评论列表（0条）