google-cloud-storage 1.25.1 → 1.28.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -230,11 +230,12 @@ module Google
230
230
  ##
231
231
  # @private
232
232
  def to_gapi
233
- Google::Apis::StorageV1::Policy::Binding.new({
233
+ params = {
234
234
  role: @role,
235
235
  members: @members,
236
236
  condition: @condition&.to_gapi
237
- }.delete_if { |_, v| v.nil? })
237
+ }.delete_if { |_, v| v.nil? }
238
+ Google::Apis::StorageV1::Policy::Binding.new(**params)
238
239
  end
239
240
  end
240
241
  end
@@ -27,7 +27,7 @@ module Google
27
27
  # form. Each key/value pair should be set as an input tag's name and
28
28
  # value.
29
29
  #
30
- # @example
30
+ # @example Using Bucket#post_object (V2):
31
31
  # require "google/cloud/storage"
32
32
  #
33
33
  # storage = Google::Cloud::Storage.new
@@ -41,6 +41,23 @@ module Google
41
41
  # post.fields[:signature] #=> "ABC...XYZ="
42
42
  # post.fields[:policy] #=> "ABC...XYZ="
43
43
  #
44
+ # @example Using Bucket#generate_signed_post_policy_v4 (V4):
45
+ # require "google/cloud/storage"
46
+ #
47
+ # storage = Google::Cloud::Storage.new
48
+ #
49
+ # bucket = storage.bucket "my-todo-app"
50
+ # conditions = [["starts-with","$acl","public"]]
51
+ # post = bucket.generate_signed_post_policy_v4 "avatars/heidi/400x400.png", expires: 10, conditions: conditions
52
+ #
53
+ # post.url #=> "https://storage.googleapis.com/my-todo-app/"
54
+ # post.fields["key"] #=> "my-todo-app/avatars/heidi/400x400.png"
55
+ # post.fields["policy"] #=> "ABC...XYZ"
56
+ # post.fields["x-goog-algorithm"] #=> "GOOG4-RSA-SHA256"
57
+ # post.fields["x-goog-credential"] #=> "cred@pid.iam.gserviceaccount.com/20200123/auto/storage/goog4_request"
58
+ # post.fields["x-goog-date"] #=> "20200128T000000Z"
59
+ # post.fields["x-goog-signature"] #=> "4893a0e...cd82"
60
+ #
44
61
  class PostObject
45
62
  attr_reader :url, :fields
46
63
 
@@ -357,10 +357,11 @@ module Google
357
357
  logging_bucket: nil, logging_prefix: nil,
358
358
  website_main: nil, website_404: nil, versioning: nil,
359
359
  requester_pays: nil, user_project: nil
360
- new_bucket = Google::Apis::StorageV1::Bucket.new({
360
+ params = {
361
361
  name: bucket_name,
362
362
  location: location
363
- }.delete_if { |_, v| v.nil? })
363
+ }.delete_if { |_, v| v.nil? }
364
+ new_bucket = Google::Apis::StorageV1::Bucket.new(**params)
364
365
  storage_class = storage_class_for storage_class
365
366
  updater = Bucket::Updater.new(new_bucket).tap do |b|
366
367
  b.logging_bucket = logging_bucket unless logging_bucket.nil?
@@ -482,7 +483,7 @@ module Google
482
483
  # A {SignedUrlUnavailable} is raised if the service account credentials
483
484
  # are missing. Service account credentials are acquired by following the
484
485
  # steps in [Service Account Authentication](
485
- # https://cloud.google.com/storage/docs/authentication#service_accounts).
486
+ # https://cloud.google.com/iam/docs/service-accounts).
486
487
  #
487
488
  # @see https://cloud.google.com/storage/docs/access-control/signed-urls
488
489
  # Signed URLs guide
@@ -510,10 +511,22 @@ module Google
510
511
  # use the signed URL.
511
512
  # @param [String] issuer Service Account's Client Email.
512
513
  # @param [String] client_email Service Account's Client Email.
513
- # @param [OpenSSL::PKey::RSA, String] signing_key Service Account's
514
- # Private Key.
515
- # @param [OpenSSL::PKey::RSA, String] private_key Service Account's
516
- # Private Key.
514
+ # @param [OpenSSL::PKey::RSA, String, Proc] signing_key Service Account's
515
+ # Private Key or a Proc that accepts a single String parameter and returns a
516
+ # RSA SHA256 signature using a valid Google Service Account Private Key.
517
+ # @param [OpenSSL::PKey::RSA, String, Proc] private_key Service Account's
518
+ # Private Key or a Proc that accepts a single String parameter and returns a
519
+ # RSA SHA256 signature using a valid Google Service Account Private Key.
520
+ # @param [OpenSSL::PKey::RSA, String, Proc] signer Service Account's
521
+ # Private Key or a Proc that accepts a single String parameter and returns a
522
+ # RSA SHA256 signature using a valid Google Service Account Private Key.
523
+ #
524
+ # When using this method in environments such as GAE Flexible Environment,
525
+ # GKE, or Cloud Functions where the private key is unavailable, it may be
526
+ # necessary to provide a Proc (or lambda) via the signer parameter. This
527
+ # Proc should return a signature created using a RPC call to the
528
+ # [Service Account Credentials signBlob](https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob)
529
+ # method as shown in the example below.
517
530
  # @param [Hash] query Query string parameters to include in the signed
518
531
  # URL. The given parameters are not verified by the signature.
519
532
  #
@@ -522,11 +535,29 @@ module Google
522
535
  # using the URL, but only when the file resource is missing the
523
536
  # corresponding values. (These values can be permanently set using
524
537
  # {File#content_disposition=} and {File#content_type=}.)
538
+ # @param [String] scheme The URL scheme. The default value is `HTTPS`.
539
+ # @param [Boolean] virtual_hosted_style Whether to use a virtual hosted-style
540
+ # hostname, which adds the bucket into the host portion of the URI rather
541
+ # than the path, e.g. `https://mybucket.storage.googleapis.com/...`.
542
+ # For V4 signing, this also sets the `host` header in the canonicalized
543
+ # extension headers to the virtual hosted-style host, unless that header is
544
+ # supplied via the `headers` param. The default value of `false` uses the
545
+ # form of `https://storage.googleapis.com/mybucket`.
546
+ # @param [String] bucket_bound_hostname Use a bucket-bound hostname, which
547
+ # replaces the `storage.googleapis.com` host with the name of a `CNAME`
548
+ # bucket, e.g. a bucket named `gcs-subdomain.my.domain.tld`, or a Google
549
+ # Cloud Load Balancer which routes to a bucket you own, e.g.
550
+ # `my-load-balancer-domain.tld`.
525
551
  # @param [Symbol, String] version The version of the signed credential
526
552
  # to create. Must be one of `:v2` or `:v4`. The default value is
527
553
  # `:v2`.
528
554
  #
529
- # @return [String]
555
+ # @return [String] The signed URL.
556
+ #
557
+ # @raise [SignedUrlUnavailable] If the service account credentials
558
+ # are missing. Service account credentials are acquired by following the
559
+ # steps in [Service Account Authentication](
560
+ # https://cloud.google.com/iam/docs/service-accounts).
530
561
  #
531
562
  # @example
532
563
  # require "google/cloud/storage"
@@ -561,6 +592,41 @@ module Google
561
592
  # issuer: issuer_email,
562
593
  # signing_key: key
563
594
  #
595
+ # @example Using Cloud IAMCredentials signBlob to create the signature:
596
+ # require "google/cloud/storage"
597
+ # require "google/apis/iamcredentials_v1"
598
+ # require "googleauth"
599
+ #
600
+ # # Issuer is the service account email that the Signed URL will be signed with
601
+ # # and any permission granted in the Signed URL must be granted to the
602
+ # # Google Service Account.
603
+ # issuer = "service-account@project-id.iam.gserviceaccount.com"
604
+ #
605
+ # # Create a lambda that accepts the string_to_sign
606
+ # signer = lambda do |string_to_sign|
607
+ # IAMCredentials = Google::Apis::IamcredentialsV1
608
+ # iam_client = IAMCredentials::IAMCredentialsService.new
609
+ #
610
+ # # Get the environment configured authorization
611
+ # scopes = ["https://www.googleapis.com/auth/iam"]
612
+ # iam_client.authorization = Google::Auth.get_application_default scopes
613
+ #
614
+ # request = {
615
+ # "payload": string_to_sign,
616
+ # }
617
+ # resource = "projects/-/serviceAccounts/#{issuer}"
618
+ # response = iam_client.sign_service_account_blob resource, request, {}
619
+ # response.signed_blob
620
+ # end
621
+ #
622
+ # storage = Google::Cloud::Storage.new
623
+ #
624
+ # bucket_name = "my-todo-app"
625
+ # file_path = "avatars/heidi/400x400.png"
626
+ # url = storage.signed_url bucket_name, file_path,
627
+ # method: "GET", issuer: issuer,
628
+ # signer: signer
629
+ #
564
630
  # @example Using the `headers` option:
565
631
  # require "google/cloud/storage"
566
632
  #
@@ -591,28 +657,52 @@ module Google
591
657
  # # Send the `x-goog-resumable:start` header and the content type
592
658
  # # with the resumable upload POST request.
593
659
  #
594
- def signed_url bucket, path, method: nil, expires: nil,
595
- content_type: nil, content_md5: nil, headers: nil,
596
- issuer: nil, client_email: nil, signing_key: nil,
597
- private_key: nil, query: nil, version: nil
660
+ def signed_url bucket,
661
+ path,
662
+ method: "GET",
663
+ expires: nil,
664
+ content_type: nil,
665
+ content_md5: nil,
666
+ headers: nil,
667
+ issuer: nil,
668
+ client_email: nil,
669
+ signing_key: nil,
670
+ private_key: nil,
671
+ signer: nil,
672
+ query: nil,
673
+ scheme: "HTTPS",
674
+ virtual_hosted_style: nil,
675
+ bucket_bound_hostname: nil,
676
+ version: nil
598
677
  version ||= :v2
599
678
  case version.to_sym
600
679
  when :v2
601
- signer = File::SignerV2.new bucket, path, service
602
-
603
- signer.signed_url method: method, expires: expires,
604
- headers: headers, content_type: content_type,
605
- content_md5: content_md5, issuer: issuer,
606
- client_email: client_email,
607
- signing_key: signing_key,
608
- private_key: private_key, query: query
680
+ sign = File::SignerV2.new bucket, path, service
681
+ sign.signed_url method: method,
682
+ expires: expires,
683
+ headers: headers,
684
+ content_type: content_type,
685
+ content_md5: content_md5,
686
+ issuer: issuer,
687
+ client_email: client_email,
688
+ signing_key: signing_key,
689
+ private_key: private_key,
690
+ signer: signer,
691
+ query: query
609
692
  when :v4
610
- signer = File::SignerV4.new bucket, path, service
611
- signer.signed_url method: method, expires: expires,
612
- headers: headers, issuer: issuer,
613
- client_email: client_email,
614
- signing_key: signing_key,
615
- private_key: private_key, query: query
693
+ sign = File::SignerV4.new bucket, path, service
694
+ sign.signed_url method: method,
695
+ expires: expires,
696
+ headers: headers,
697
+ issuer: issuer,
698
+ client_email: client_email,
699
+ signing_key: signing_key,
700
+ private_key: private_key,
701
+ signer: signer,
702
+ query: query,
703
+ scheme: scheme,
704
+ virtual_hosted_style: virtual_hosted_style,
705
+ bucket_bound_hostname: bucket_bound_hostname
616
706
  else
617
707
  raise ArgumentError, "version '#{version}' not supported"
618
708
  end
@@ -152,9 +152,8 @@ module Google
152
152
  ##
153
153
  # Creates a new bucket ACL.
154
154
  def insert_bucket_acl bucket_name, entity, role, user_project: nil
155
- new_acl = Google::Apis::StorageV1::BucketAccessControl.new(
156
- { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
157
- )
155
+ params = { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
156
+ new_acl = Google::Apis::StorageV1::BucketAccessControl.new(**params)
158
157
  execute do
159
158
  service.insert_bucket_access_control \
160
159
  bucket_name, new_acl, user_project: user_project(user_project)
@@ -182,9 +181,8 @@ module Google
182
181
  ##
183
182
  # Creates a new default ACL.
184
183
  def insert_default_acl bucket_name, entity, role, user_project: nil
185
- new_acl = Google::Apis::StorageV1::ObjectAccessControl.new(
186
- { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
187
- )
184
+ param = { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
185
+ new_acl = Google::Apis::StorageV1::ObjectAccessControl.new(**param)
188
186
  execute do
189
187
  service.insert_default_object_access_control \
190
188
  bucket_name, new_acl, user_project: user_project(user_project)
@@ -243,13 +241,13 @@ module Google
243
241
  def insert_notification bucket_name, topic_name, custom_attrs: nil,
244
242
  event_types: nil, prefix: nil, payload: nil,
245
243
  user_project: nil
246
- new_notification = Google::Apis::StorageV1::Notification.new(
244
+ params =
247
245
  { custom_attributes: custom_attrs,
248
246
  event_types: event_types(event_types),
249
247
  object_name_prefix: prefix,
250
248
  payload_format: payload_format(payload),
251
249
  topic: topic_path(topic_name) }.delete_if { |_k, v| v.nil? }
252
- )
250
+ new_notification = Google::Apis::StorageV1::Notification.new(**params)
253
251
 
254
252
  execute do
255
253
  service.insert_notification \
@@ -294,18 +292,18 @@ module Google
294
292
  def insert_file bucket_name, source, path = nil, acl: nil,
295
293
  cache_control: nil, content_disposition: nil,
296
294
  content_encoding: nil, content_language: nil,
297
- content_type: nil, crc32c: nil, md5: nil, metadata: nil,
295
+ content_type: nil, custom_time: nil, crc32c: nil, md5: nil, metadata: nil,
298
296
  storage_class: nil, key: nil, kms_key: nil,
299
297
  temporary_hold: nil, event_based_hold: nil,
300
298
  user_project: nil
301
- file_obj = Google::Apis::StorageV1::Object.new(
302
- { cache_control: cache_control, content_type: content_type,
299
+ params =
300
+ { cache_control: cache_control, content_type: content_type, custom_time: custom_time,
303
301
  content_disposition: content_disposition, md5_hash: md5,
304
302
  content_encoding: content_encoding, crc32c: crc32c,
305
303
  content_language: content_language, metadata: metadata,
306
304
  storage_class: storage_class, temporary_hold: temporary_hold,
307
305
  event_based_hold: event_based_hold }.delete_if { |_k, v| v.nil? }
308
- )
306
+ file_obj = Google::Apis::StorageV1::Object.new(**params)
309
307
  content_type ||= mime_type_for(path || Pathname(source).to_path)
310
308
 
311
309
  execute do
@@ -432,9 +430,8 @@ module Google
432
430
  # Creates a new file ACL.
433
431
  def insert_file_acl bucket_name, file_name, entity, role,
434
432
  generation: nil, user_project: nil
435
- new_acl = Google::Apis::StorageV1::ObjectAccessControl.new(
436
- { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
437
- )
433
+ params = { entity: entity, role: role }.delete_if { |_k, v| v.nil? }
434
+ new_acl = Google::Apis::StorageV1::ObjectAccessControl.new(**params)
438
435
  execute do
439
436
  service.insert_object_access_control \
440
437
  bucket_name, file_name, new_acl,
@@ -16,7 +16,7 @@
16
16
  module Google
17
17
  module Cloud
18
18
  module Storage
19
- VERSION = "1.25.1".freeze
19
+ VERSION = "1.28.0".freeze
20
20
  end
21
21
  end
22
22
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-storage
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.25.1
4
+ version: 1.28.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Moore
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2020-01-06 00:00:00.000000000 Z
12
+ date: 2020-08-26 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: google-cloud-core
@@ -298,7 +298,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
298
298
  - !ruby/object:Gem::Version
299
299
  version: '0'
300
300
  requirements: []
301
- rubygems_version: 3.0.6
301
+ rubyforge_project:
302
+ rubygems_version: 2.6.14.4
302
303
  signing_key:
303
304
  specification_version: 4
304
305
  summary: API Client library for Google Cloud Storage