google-cloud-storage 1.25.1 → 1.28.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/AUTHENTICATION.md +8 -2
- data/CHANGELOG.md +56 -0
- data/TROUBLESHOOTING.md +2 -8
- data/lib/google/cloud/storage/bucket.rb +378 -63
- data/lib/google/cloud/storage/bucket/lifecycle.rb +160 -26
- data/lib/google/cloud/storage/errors.rb +7 -2
- data/lib/google/cloud/storage/file.rb +141 -29
- data/lib/google/cloud/storage/file/list.rb +7 -5
- data/lib/google/cloud/storage/file/signer_v2.rb +21 -12
- data/lib/google/cloud/storage/file/signer_v4.rb +245 -60
- data/lib/google/cloud/storage/policy/binding.rb +3 -2
- data/lib/google/cloud/storage/post_object.rb +18 -1
- data/lib/google/cloud/storage/project.rb +116 -26
- data/lib/google/cloud/storage/service.rb +12 -15
- data/lib/google/cloud/storage/version.rb +1 -1
- metadata +4 -3
@@ -230,11 +230,12 @@ module Google
|
|
230
230
|
##
|
231
231
|
# @private
|
232
232
|
def to_gapi
|
233
|
-
|
233
|
+
params = {
|
234
234
|
role: @role,
|
235
235
|
members: @members,
|
236
236
|
condition: @condition&.to_gapi
|
237
|
-
}.delete_if { |_, v| v.nil? }
|
237
|
+
}.delete_if { |_, v| v.nil? }
|
238
|
+
Google::Apis::StorageV1::Policy::Binding.new(**params)
|
238
239
|
end
|
239
240
|
end
|
240
241
|
end
|
@@ -27,7 +27,7 @@ module Google
|
|
27
27
|
# form. Each key/value pair should be set as an input tag's name and
|
28
28
|
# value.
|
29
29
|
#
|
30
|
-
# @example
|
30
|
+
# @example Using Bucket#post_object (V2):
|
31
31
|
# require "google/cloud/storage"
|
32
32
|
#
|
33
33
|
# storage = Google::Cloud::Storage.new
|
@@ -41,6 +41,23 @@ module Google
|
|
41
41
|
# post.fields[:signature] #=> "ABC...XYZ="
|
42
42
|
# post.fields[:policy] #=> "ABC...XYZ="
|
43
43
|
#
|
44
|
+
# @example Using Bucket#generate_signed_post_policy_v4 (V4):
|
45
|
+
# require "google/cloud/storage"
|
46
|
+
#
|
47
|
+
# storage = Google::Cloud::Storage.new
|
48
|
+
#
|
49
|
+
# bucket = storage.bucket "my-todo-app"
|
50
|
+
# conditions = [["starts-with","$acl","public"]]
|
51
|
+
# post = bucket.generate_signed_post_policy_v4 "avatars/heidi/400x400.png", expires: 10, conditions: conditions
|
52
|
+
#
|
53
|
+
# post.url #=> "https://storage.googleapis.com/my-todo-app/"
|
54
|
+
# post.fields["key"] #=> "my-todo-app/avatars/heidi/400x400.png"
|
55
|
+
# post.fields["policy"] #=> "ABC...XYZ"
|
56
|
+
# post.fields["x-goog-algorithm"] #=> "GOOG4-RSA-SHA256"
|
57
|
+
# post.fields["x-goog-credential"] #=> "cred@pid.iam.gserviceaccount.com/20200123/auto/storage/goog4_request"
|
58
|
+
# post.fields["x-goog-date"] #=> "20200128T000000Z"
|
59
|
+
# post.fields["x-goog-signature"] #=> "4893a0e...cd82"
|
60
|
+
#
|
44
61
|
class PostObject
|
45
62
|
attr_reader :url, :fields
|
46
63
|
|
@@ -357,10 +357,11 @@ module Google
|
|
357
357
|
logging_bucket: nil, logging_prefix: nil,
|
358
358
|
website_main: nil, website_404: nil, versioning: nil,
|
359
359
|
requester_pays: nil, user_project: nil
|
360
|
-
|
360
|
+
params = {
|
361
361
|
name: bucket_name,
|
362
362
|
location: location
|
363
|
-
}.delete_if { |_, v| v.nil? }
|
363
|
+
}.delete_if { |_, v| v.nil? }
|
364
|
+
new_bucket = Google::Apis::StorageV1::Bucket.new(**params)
|
364
365
|
storage_class = storage_class_for storage_class
|
365
366
|
updater = Bucket::Updater.new(new_bucket).tap do |b|
|
366
367
|
b.logging_bucket = logging_bucket unless logging_bucket.nil?
|
@@ -482,7 +483,7 @@ module Google
|
|
482
483
|
# A {SignedUrlUnavailable} is raised if the service account credentials
|
483
484
|
# are missing. Service account credentials are acquired by following the
|
484
485
|
# steps in [Service Account Authentication](
|
485
|
-
# https://cloud.google.com/
|
486
|
+
# https://cloud.google.com/iam/docs/service-accounts).
|
486
487
|
#
|
487
488
|
# @see https://cloud.google.com/storage/docs/access-control/signed-urls
|
488
489
|
# Signed URLs guide
|
@@ -510,10 +511,22 @@ module Google
|
|
510
511
|
# use the signed URL.
|
511
512
|
# @param [String] issuer Service Account's Client Email.
|
512
513
|
# @param [String] client_email Service Account's Client Email.
|
513
|
-
# @param [OpenSSL::PKey::RSA, String] signing_key Service Account's
|
514
|
-
# Private Key
|
515
|
-
#
|
516
|
-
#
|
514
|
+
# @param [OpenSSL::PKey::RSA, String, Proc] signing_key Service Account's
|
515
|
+
# Private Key or a Proc that accepts a single String parameter and returns a
|
516
|
+
# RSA SHA256 signature using a valid Google Service Account Private Key.
|
517
|
+
# @param [OpenSSL::PKey::RSA, String, Proc] private_key Service Account's
|
518
|
+
# Private Key or a Proc that accepts a single String parameter and returns a
|
519
|
+
# RSA SHA256 signature using a valid Google Service Account Private Key.
|
520
|
+
# @param [OpenSSL::PKey::RSA, String, Proc] signer Service Account's
|
521
|
+
# Private Key or a Proc that accepts a single String parameter and returns a
|
522
|
+
# RSA SHA256 signature using a valid Google Service Account Private Key.
|
523
|
+
#
|
524
|
+
# When using this method in environments such as GAE Flexible Environment,
|
525
|
+
# GKE, or Cloud Functions where the private key is unavailable, it may be
|
526
|
+
# necessary to provide a Proc (or lambda) via the signer parameter. This
|
527
|
+
# Proc should return a signature created using a RPC call to the
|
528
|
+
# [Service Account Credentials signBlob](https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob)
|
529
|
+
# method as shown in the example below.
|
517
530
|
# @param [Hash] query Query string parameters to include in the signed
|
518
531
|
# URL. The given parameters are not verified by the signature.
|
519
532
|
#
|
@@ -522,11 +535,29 @@ module Google
|
|
522
535
|
# using the URL, but only when the file resource is missing the
|
523
536
|
# corresponding values. (These values can be permanently set using
|
524
537
|
# {File#content_disposition=} and {File#content_type=}.)
|
538
|
+
# @param [String] scheme The URL scheme. The default value is `HTTPS`.
|
539
|
+
# @param [Boolean] virtual_hosted_style Whether to use a virtual hosted-style
|
540
|
+
# hostname, which adds the bucket into the host portion of the URI rather
|
541
|
+
# than the path, e.g. `https://mybucket.storage.googleapis.com/...`.
|
542
|
+
# For V4 signing, this also sets the `host` header in the canonicalized
|
543
|
+
# extension headers to the virtual hosted-style host, unless that header is
|
544
|
+
# supplied via the `headers` param. The default value of `false` uses the
|
545
|
+
# form of `https://storage.googleapis.com/mybucket`.
|
546
|
+
# @param [String] bucket_bound_hostname Use a bucket-bound hostname, which
|
547
|
+
# replaces the `storage.googleapis.com` host with the name of a `CNAME`
|
548
|
+
# bucket, e.g. a bucket named `gcs-subdomain.my.domain.tld`, or a Google
|
549
|
+
# Cloud Load Balancer which routes to a bucket you own, e.g.
|
550
|
+
# `my-load-balancer-domain.tld`.
|
525
551
|
# @param [Symbol, String] version The version of the signed credential
|
526
552
|
# to create. Must be one of `:v2` or `:v4`. The default value is
|
527
553
|
# `:v2`.
|
528
554
|
#
|
529
|
-
# @return [String]
|
555
|
+
# @return [String] The signed URL.
|
556
|
+
#
|
557
|
+
# @raise [SignedUrlUnavailable] If the service account credentials
|
558
|
+
# are missing. Service account credentials are acquired by following the
|
559
|
+
# steps in [Service Account Authentication](
|
560
|
+
# https://cloud.google.com/iam/docs/service-accounts).
|
530
561
|
#
|
531
562
|
# @example
|
532
563
|
# require "google/cloud/storage"
|
@@ -561,6 +592,41 @@ module Google
|
|
561
592
|
# issuer: issuer_email,
|
562
593
|
# signing_key: key
|
563
594
|
#
|
595
|
+
# @example Using Cloud IAMCredentials signBlob to create the signature:
|
596
|
+
# require "google/cloud/storage"
|
597
|
+
# require "google/apis/iamcredentials_v1"
|
598
|
+
# require "googleauth"
|
599
|
+
#
|
600
|
+
# # Issuer is the service account email that the Signed URL will be signed with
|
601
|
+
# # and any permission granted in the Signed URL must be granted to the
|
602
|
+
# # Google Service Account.
|
603
|
+
# issuer = "service-account@project-id.iam.gserviceaccount.com"
|
604
|
+
#
|
605
|
+
# # Create a lambda that accepts the string_to_sign
|
606
|
+
# signer = lambda do |string_to_sign|
|
607
|
+
# IAMCredentials = Google::Apis::IamcredentialsV1
|
608
|
+
# iam_client = IAMCredentials::IAMCredentialsService.new
|
609
|
+
#
|
610
|
+
# # Get the environment configured authorization
|
611
|
+
# scopes = ["https://www.googleapis.com/auth/iam"]
|
612
|
+
# iam_client.authorization = Google::Auth.get_application_default scopes
|
613
|
+
#
|
614
|
+
# request = {
|
615
|
+
# "payload": string_to_sign,
|
616
|
+
# }
|
617
|
+
# resource = "projects/-/serviceAccounts/#{issuer}"
|
618
|
+
# response = iam_client.sign_service_account_blob resource, request, {}
|
619
|
+
# response.signed_blob
|
620
|
+
# end
|
621
|
+
#
|
622
|
+
# storage = Google::Cloud::Storage.new
|
623
|
+
#
|
624
|
+
# bucket_name = "my-todo-app"
|
625
|
+
# file_path = "avatars/heidi/400x400.png"
|
626
|
+
# url = storage.signed_url bucket_name, file_path,
|
627
|
+
# method: "GET", issuer: issuer,
|
628
|
+
# signer: signer
|
629
|
+
#
|
564
630
|
# @example Using the `headers` option:
|
565
631
|
# require "google/cloud/storage"
|
566
632
|
#
|
@@ -591,28 +657,52 @@ module Google
|
|
591
657
|
# # Send the `x-goog-resumable:start` header and the content type
|
592
658
|
# # with the resumable upload POST request.
|
593
659
|
#
|
594
|
-
def signed_url bucket,
|
595
|
-
|
596
|
-
|
597
|
-
|
660
|
+
def signed_url bucket,
|
661
|
+
path,
|
662
|
+
method: "GET",
|
663
|
+
expires: nil,
|
664
|
+
content_type: nil,
|
665
|
+
content_md5: nil,
|
666
|
+
headers: nil,
|
667
|
+
issuer: nil,
|
668
|
+
client_email: nil,
|
669
|
+
signing_key: nil,
|
670
|
+
private_key: nil,
|
671
|
+
signer: nil,
|
672
|
+
query: nil,
|
673
|
+
scheme: "HTTPS",
|
674
|
+
virtual_hosted_style: nil,
|
675
|
+
bucket_bound_hostname: nil,
|
676
|
+
version: nil
|
598
677
|
version ||= :v2
|
599
678
|
case version.to_sym
|
600
679
|
when :v2
|
601
|
-
|
602
|
-
|
603
|
-
|
604
|
-
|
605
|
-
|
606
|
-
|
607
|
-
|
608
|
-
|
680
|
+
sign = File::SignerV2.new bucket, path, service
|
681
|
+
sign.signed_url method: method,
|
682
|
+
expires: expires,
|
683
|
+
headers: headers,
|
684
|
+
content_type: content_type,
|
685
|
+
content_md5: content_md5,
|
686
|
+
issuer: issuer,
|
687
|
+
client_email: client_email,
|
688
|
+
signing_key: signing_key,
|
689
|
+
private_key: private_key,
|
690
|
+
signer: signer,
|
691
|
+
query: query
|
609
692
|
when :v4
|
610
|
-
|
611
|
-
|
612
|
-
|
613
|
-
|
614
|
-
|
615
|
-
|
693
|
+
sign = File::SignerV4.new bucket, path, service
|
694
|
+
sign.signed_url method: method,
|
695
|
+
expires: expires,
|
696
|
+
headers: headers,
|
697
|
+
issuer: issuer,
|
698
|
+
client_email: client_email,
|
699
|
+
signing_key: signing_key,
|
700
|
+
private_key: private_key,
|
701
|
+
signer: signer,
|
702
|
+
query: query,
|
703
|
+
scheme: scheme,
|
704
|
+
virtual_hosted_style: virtual_hosted_style,
|
705
|
+
bucket_bound_hostname: bucket_bound_hostname
|
616
706
|
else
|
617
707
|
raise ArgumentError, "version '#{version}' not supported"
|
618
708
|
end
|
@@ -152,9 +152,8 @@ module Google
|
|
152
152
|
##
|
153
153
|
# Creates a new bucket ACL.
|
154
154
|
def insert_bucket_acl bucket_name, entity, role, user_project: nil
|
155
|
-
|
156
|
-
|
157
|
-
)
|
155
|
+
params = { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
|
156
|
+
new_acl = Google::Apis::StorageV1::BucketAccessControl.new(**params)
|
158
157
|
execute do
|
159
158
|
service.insert_bucket_access_control \
|
160
159
|
bucket_name, new_acl, user_project: user_project(user_project)
|
@@ -182,9 +181,8 @@ module Google
|
|
182
181
|
##
|
183
182
|
# Creates a new default ACL.
|
184
183
|
def insert_default_acl bucket_name, entity, role, user_project: nil
|
185
|
-
|
186
|
-
|
187
|
-
)
|
184
|
+
param = { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
|
185
|
+
new_acl = Google::Apis::StorageV1::ObjectAccessControl.new(**param)
|
188
186
|
execute do
|
189
187
|
service.insert_default_object_access_control \
|
190
188
|
bucket_name, new_acl, user_project: user_project(user_project)
|
@@ -243,13 +241,13 @@ module Google
|
|
243
241
|
def insert_notification bucket_name, topic_name, custom_attrs: nil,
|
244
242
|
event_types: nil, prefix: nil, payload: nil,
|
245
243
|
user_project: nil
|
246
|
-
|
244
|
+
params =
|
247
245
|
{ custom_attributes: custom_attrs,
|
248
246
|
event_types: event_types(event_types),
|
249
247
|
object_name_prefix: prefix,
|
250
248
|
payload_format: payload_format(payload),
|
251
249
|
topic: topic_path(topic_name) }.delete_if { |_k, v| v.nil? }
|
252
|
-
)
|
250
|
+
new_notification = Google::Apis::StorageV1::Notification.new(**params)
|
253
251
|
|
254
252
|
execute do
|
255
253
|
service.insert_notification \
|
@@ -294,18 +292,18 @@ module Google
|
|
294
292
|
def insert_file bucket_name, source, path = nil, acl: nil,
|
295
293
|
cache_control: nil, content_disposition: nil,
|
296
294
|
content_encoding: nil, content_language: nil,
|
297
|
-
content_type: nil, crc32c: nil, md5: nil, metadata: nil,
|
295
|
+
content_type: nil, custom_time: nil, crc32c: nil, md5: nil, metadata: nil,
|
298
296
|
storage_class: nil, key: nil, kms_key: nil,
|
299
297
|
temporary_hold: nil, event_based_hold: nil,
|
300
298
|
user_project: nil
|
301
|
-
|
302
|
-
{ cache_control: cache_control, content_type: content_type,
|
299
|
+
params =
|
300
|
+
{ cache_control: cache_control, content_type: content_type, custom_time: custom_time,
|
303
301
|
content_disposition: content_disposition, md5_hash: md5,
|
304
302
|
content_encoding: content_encoding, crc32c: crc32c,
|
305
303
|
content_language: content_language, metadata: metadata,
|
306
304
|
storage_class: storage_class, temporary_hold: temporary_hold,
|
307
305
|
event_based_hold: event_based_hold }.delete_if { |_k, v| v.nil? }
|
308
|
-
)
|
306
|
+
file_obj = Google::Apis::StorageV1::Object.new(**params)
|
309
307
|
content_type ||= mime_type_for(path || Pathname(source).to_path)
|
310
308
|
|
311
309
|
execute do
|
@@ -432,9 +430,8 @@ module Google
|
|
432
430
|
# Creates a new file ACL.
|
433
431
|
def insert_file_acl bucket_name, file_name, entity, role,
|
434
432
|
generation: nil, user_project: nil
|
435
|
-
|
436
|
-
|
437
|
-
)
|
433
|
+
params = { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
|
434
|
+
new_acl = Google::Apis::StorageV1::ObjectAccessControl.new(**params)
|
438
435
|
execute do
|
439
436
|
service.insert_object_access_control \
|
440
437
|
bucket_name, file_name, new_acl,
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-cloud-storage
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.28.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Moore
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-
|
12
|
+
date: 2020-08-26 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: google-cloud-core
|
@@ -298,7 +298,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
298
298
|
- !ruby/object:Gem::Version
|
299
299
|
version: '0'
|
300
300
|
requirements: []
|
301
|
-
|
301
|
+
rubyforge_project:
|
302
|
+
rubygems_version: 2.6.14.4
|
302
303
|
signing_key:
|
303
304
|
specification_version: 4
|
304
305
|
summary: API Client library for Google Cloud Storage
|