google-cloud-storage 1.25.0 → 1.27.0

data/lib/google/cloud/storage/policy/binding.rb

@@ -230,11 +230,12 @@ module Google
           ##
           # @private
           def to_gapi
-            Google::Apis::StorageV1::Policy::Binding.new({
+            params = {
               role: @role,
               members: @members,
               condition: @condition&.to_gapi
-            }.delete_if { |_, v| v.nil? })
+            }.delete_if { |_, v| v.nil? }
+            Google::Apis::StorageV1::Policy::Binding.new(**params)
           end
         end
       end

data/lib/google/cloud/storage/post_object.rb

@@ -27,7 +27,7 @@ module Google
       #   form. Each key/value pair should be set as an input tag's name and
       #   value.
       #
-      # @example
+      # @example Using Bucket#post_object (V2):
       #   require "google/cloud/storage"
       #
       #   storage = Google::Cloud::Storage.new
@@ -41,6 +41,23 @@ module Google
       #   post.fields[:signature] #=> "ABC...XYZ="
       #   post.fields[:policy] #=> "ABC...XYZ="
       #
+      # @example Using Bucket#generate_signed_post_policy_v4 (V4):
+      #   require "google/cloud/storage"
+      #
+      #   storage = Google::Cloud::Storage.new
+      #
+      #   bucket = storage.bucket "my-todo-app"
+      #   conditions = [["starts-with","$acl","public"]]
+      #   post = bucket.generate_signed_post_policy_v4 "avatars/heidi/400x400.png", expires: 10, conditions: conditions
+      #
+      #   post.url #=> "https://storage.googleapis.com/my-todo-app/"
+      #   post.fields["key"] #=> "my-todo-app/avatars/heidi/400x400.png"
+      #   post.fields["policy"] #=> "ABC...XYZ"
+      #   post.fields["x-goog-algorithm"] #=> "GOOG4-RSA-SHA256"
+      #   post.fields["x-goog-credential"] #=> "cred@pid.iam.gserviceaccount.com/20200123/auto/storage/goog4_request"
+      #   post.fields["x-goog-date"] #=> "20200128T000000Z"
+      #   post.fields["x-goog-signature"] #=> "4893a0e...cd82"
+      #
       class PostObject
         attr_reader :url, :fields
 

data/lib/google/cloud/storage/project.rb

@@ -294,8 +294,8 @@ module Google
         #   Logs](https://cloud.google.com/storage/docs/access-logs).
         # @param [Symbol, String] storage_class Defines how objects in the
         #   bucket are stored and determines the SLA and the cost of storage.
-        #   Accepted values include `:standard`, `:nearline`, and `:coldline`,
-        #   as well as the equivalent strings returned by
+        #   Accepted values include `:standard`, `:nearline`, `:coldline`, and
+        #   `:archive`, as well as the equivalent strings returned by
         #   {Bucket#storage_class}. For more information, see [Storage
         #   Classes](https://cloud.google.com/storage/docs/storage-classes). The
         #   default value is the `:standard` storage class.
@@ -357,10 +357,11 @@ module Google
                           logging_bucket: nil, logging_prefix: nil,
                           website_main: nil, website_404: nil, versioning: nil,
                           requester_pays: nil, user_project: nil
-          new_bucket = Google::Apis::StorageV1::Bucket.new({
+          params = {
             name: bucket_name,
             location: location
-          }.delete_if { |_, v| v.nil? })
+          }.delete_if { |_, v| v.nil? }
+          new_bucket = Google::Apis::StorageV1::Bucket.new(**params)
           storage_class = storage_class_for storage_class
           updater = Bucket::Updater.new(new_bucket).tap do |b|
             b.logging_bucket = logging_bucket unless logging_bucket.nil?
@@ -482,7 +483,7 @@ module Google
         # A {SignedUrlUnavailable} is raised if the service account credentials
         # are missing. Service account credentials are acquired by following the
         # steps in [Service Account Authentication](
-        # https://cloud.google.com/storage/docs/authentication#service_accounts).
+        # https://cloud.google.com/iam/docs/service-accounts).
         #
         # @see https://cloud.google.com/storage/docs/access-control/signed-urls
         #   Signed URLs guide
@@ -510,10 +511,22 @@ module Google
         #   use the signed URL.
         # @param [String] issuer Service Account's Client Email.
         # @param [String] client_email Service Account's Client Email.
-        # @param [OpenSSL::PKey::RSA, String] signing_key Service Account's
-        #   Private Key.
-        # @param [OpenSSL::PKey::RSA, String] private_key Service Account's
-        #   Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] signing_key Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] private_key Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] signer Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        #
+        #   When using this method in environments such as GAE Flexible Environment,
+        #   GKE, or Cloud Functions where the private key is unavailable, it may be
+        #   necessary to provide a Proc (or lambda) via the signer parameter. This
+        #   Proc should return a signature created using a RPC call to the
+        #   [Service Account Credentials signBlob](https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob)
+        #   method as shown in the example below.
         # @param [Hash] query Query string parameters to include in the signed
         #   URL. The given parameters are not verified by the signature.
         #
@@ -522,11 +535,29 @@ module Google
         #   using the URL, but only when the file resource is missing the
         #   corresponding values. (These values can be permanently set using
         #   {File#content_disposition=} and {File#content_type=}.)
+        # @param [String] scheme The URL scheme. The default value is `HTTPS`.
+        # @param [Boolean] virtual_hosted_style Whether to use a virtual hosted-style
+        #   hostname, which adds the bucket into the host portion of the URI rather
+        #   than the path, e.g. `https://mybucket.storage.googleapis.com/...`.
+        #   For V4 signing, this also sets the `host` header in the canonicalized
+        #   extension headers to the virtual hosted-style host, unless that header is
+        #   supplied via the `headers` param. The default value of `false` uses the
+        #   form of `https://storage.googleapis.com/mybucket`.
+        # @param [String] bucket_bound_hostname Use a bucket-bound hostname, which
+        #   replaces the `storage.googleapis.com` host with the name of a `CNAME`
+        #   bucket, e.g. a bucket named `gcs-subdomain.my.domain.tld`, or a Google
+        #   Cloud Load Balancer which routes to a bucket you own, e.g.
+        #   `my-load-balancer-domain.tld`.
         # @param [Symbol, String] version The version of the signed credential
         #   to create. Must be one of `:v2` or `:v4`. The default value is
         #   `:v2`.
         #
-        # @return [String]
+        # @return [String] The signed URL.
+        #
+        # @raise [SignedUrlUnavailable] If the service account credentials
+        #   are missing. Service account credentials are acquired by following the
+        #   steps in [Service Account Authentication](
+        #   https://cloud.google.com/iam/docs/service-accounts).
         #
         # @example
         #   require "google/cloud/storage"
@@ -561,6 +592,41 @@ module Google
         #                                   issuer: issuer_email,
         #                                   signing_key: key
         #
+        # @example Using Cloud IAMCredentials signBlob to create the signature:
+        #   require "google/cloud/storage"
+        #   require "google/apis/iamcredentials_v1"
+        #   require "googleauth"
+        #
+        #   # Issuer is the service account email that the Signed URL will be signed with
+        #   # and any permission granted in the Signed URL must be granted to the
+        #   # Google Service Account.
+        #   issuer = "service-account@project-id.iam.gserviceaccount.com"
+        #
+        #   # Create a lambda that accepts the string_to_sign
+        #   signer = lambda do |string_to_sign|
+        #     IAMCredentials = Google::Apis::IamcredentialsV1
+        #     iam_client = IAMCredentials::IAMCredentialsService.new
+        #
+        #     # Get the environment configured authorization
+        #     scopes = ["https://www.googleapis.com/auth/iam"]
+        #     iam_client.authorization = Google::Auth.get_application_default scopes
+        #
+        #     request = {
+        #       "payload": string_to_sign,
+        #     }
+        #     resource = "projects/-/serviceAccounts/#{issuer}"
+        #     response = iam_client.sign_service_account_blob resource, request, {}
+        #     response.signed_blob
+        #   end
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket_name = "my-todo-app"
+        #   file_path = "avatars/heidi/400x400.png"
+        #   url = storage.signed_url bucket_name, file_path,
+        #                            method: "GET", issuer: issuer,
+        #                            signer: signer
+        #
         # @example Using the `headers` option:
         #   require "google/cloud/storage"
         #
@@ -591,28 +657,52 @@ module Google
         #   # Send the `x-goog-resumable:start` header and the content type
         #   # with the resumable upload POST request.
         #
-        def signed_url bucket, path, method: nil, expires: nil,
-                       content_type: nil, content_md5: nil, headers: nil,
-                       issuer: nil, client_email: nil, signing_key: nil,
-                       private_key: nil, query: nil, version: nil
+        def signed_url bucket,
+                       path,
+                       method: "GET",
+                       expires: nil,
+                       content_type: nil,
+                       content_md5: nil,
+                       headers: nil,
+                       issuer: nil,
+                       client_email: nil,
+                       signing_key: nil,
+                       private_key: nil,
+                       signer: nil,
+                       query: nil,
+                       scheme: "HTTPS",
+                       virtual_hosted_style: nil,
+                       bucket_bound_hostname: nil,
+                       version: nil
           version ||= :v2
           case version.to_sym
           when :v2
-            signer = File::SignerV2.new bucket, path, service
-
-            signer.signed_url method: method, expires: expires,
-                              headers: headers, content_type: content_type,
-                              content_md5: content_md5, issuer: issuer,
-                              client_email: client_email,
-                              signing_key: signing_key,
-                              private_key: private_key, query: query
+            sign = File::SignerV2.new bucket, path, service
+            sign.signed_url method: method,
+                            expires: expires,
+                            headers: headers,
+                            content_type: content_type,
+                            content_md5: content_md5,
+                            issuer: issuer,
+                            client_email: client_email,
+                            signing_key: signing_key,
+                            private_key: private_key,
+                            signer: signer,
+                            query: query
           when :v4
-            signer = File::SignerV4.new bucket, path, service
-            signer.signed_url method: method, expires: expires,
-                              headers: headers, issuer: issuer,
-                              client_email: client_email,
-                              signing_key: signing_key,
-                              private_key: private_key, query: query
+            sign = File::SignerV4.new bucket, path, service
+            sign.signed_url method: method,
+                            expires: expires,
+                            headers: headers,
+                            issuer: issuer,
+                            client_email: client_email,
+                            signing_key: signing_key,
+                            private_key: private_key,
+                            signer: signer,
+                            query: query,
+                            scheme: scheme,
+                            virtual_hosted_style: virtual_hosted_style,
+                            bucket_bound_hostname: bucket_bound_hostname
           else
             raise ArgumentError, "version '#{version}' not supported"
           end

data/lib/google/cloud/storage/service.rb

@@ -152,9 +152,8 @@ module Google
         ##
         # Creates a new bucket ACL.
         def insert_bucket_acl bucket_name, entity, role, user_project: nil
-          new_acl = Google::Apis::StorageV1::BucketAccessControl.new(
-            { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
-          )
+          params = { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
+          new_acl = Google::Apis::StorageV1::BucketAccessControl.new(**params)
           execute do
             service.insert_bucket_access_control \
               bucket_name, new_acl, user_project: user_project(user_project)
@@ -182,9 +181,8 @@ module Google
         ##
         # Creates a new default ACL.
         def insert_default_acl bucket_name, entity, role, user_project: nil
-          new_acl = Google::Apis::StorageV1::ObjectAccessControl.new(
-            { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
-          )
+          param = { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
+          new_acl = Google::Apis::StorageV1::ObjectAccessControl.new(**param)
           execute do
             service.insert_default_object_access_control \
               bucket_name, new_acl, user_project: user_project(user_project)
@@ -243,13 +241,13 @@ module Google
         def insert_notification bucket_name, topic_name, custom_attrs: nil,
                                 event_types: nil, prefix: nil, payload: nil,
                                 user_project: nil
-          new_notification = Google::Apis::StorageV1::Notification.new(
+          params =
             { custom_attributes: custom_attrs,
               event_types: event_types(event_types),
               object_name_prefix: prefix,
               payload_format: payload_format(payload),
               topic: topic_path(topic_name) }.delete_if { |_k, v| v.nil? }
-          )
+          new_notification = Google::Apis::StorageV1::Notification.new(**params)
 
           execute do
             service.insert_notification \
@@ -298,14 +296,14 @@ module Google
                         storage_class: nil, key: nil, kms_key: nil,
                         temporary_hold: nil, event_based_hold: nil,
                         user_project: nil
-          file_obj = Google::Apis::StorageV1::Object.new(
+          params =
             { cache_control: cache_control, content_type: content_type,
               content_disposition: content_disposition, md5_hash: md5,
               content_encoding: content_encoding, crc32c: crc32c,
               content_language: content_language, metadata: metadata,
               storage_class: storage_class, temporary_hold: temporary_hold,
               event_based_hold: event_based_hold }.delete_if { |_k, v| v.nil? }
-          )
+          file_obj = Google::Apis::StorageV1::Object.new(**params)
           content_type ||= mime_type_for(path || Pathname(source).to_path)
 
           execute do
@@ -432,9 +430,8 @@ module Google
         # Creates a new file ACL.
         def insert_file_acl bucket_name, file_name, entity, role,
                             generation: nil, user_project: nil
-          new_acl = Google::Apis::StorageV1::ObjectAccessControl.new(
-            { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
-          )
+          params = { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
+          new_acl = Google::Apis::StorageV1::ObjectAccessControl.new(**params)
           execute do
             service.insert_object_access_control \
               bucket_name, file_name, new_acl,

data/lib/google/cloud/storage/version.rb

@@ -16,7 +16,7 @@
 module Google
   module Cloud
     module Storage
-      VERSION = "1.25.0".freeze
+      VERSION = "1.27.0".freeze
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-storage
 version: !ruby/object:Gem::Version
-  version: 1.25.0
+  version: 1.27.0
 platform: ruby
 authors:
 - Mike Moore
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-12 00:00:00.000000000 Z
+date: 2020-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-cloud-core
@@ -298,7 +298,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.1.3
 signing_key: 
 specification_version: 4
 summary: API Client library for Google Cloud Storage