google-cloud-storage 1.26.0 → 1.29.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a69b7d03384d604c8b96548b952b6894af09ee7cef01845fe92b998ea77bcc8
-  data.tar.gz: 9fd54043ddab11b2284c73b17e780877b795a59593943deef43b9d14fbb4da1e
+  metadata.gz: fe9e2b825a237558161e2fa35c196f56342b43ea1119c15b527fdd1b26445711
+  data.tar.gz: 2c76342e276c10250c9ddcbf14edfc143474ccf4b29e1d869bc3a8a639d4f608
 SHA512:
-  metadata.gz: 36d6b3d59ab2655020f97e7d15a33a35b48a541632e03a6a8aa01f20289c821b9582cf21fdea2799cad8111c8208bd866154246a8ec69fb33102fd78853bc49f
-  data.tar.gz: 8d59996b1108a4c44e074e9762e48ad4a1f93c8dfd07efa11b77472a3b2285be52ce1486afa76b5301de683cf918c23d41d1d0dd877cd4bbaf0ab3d1cc91e405
+  metadata.gz: a9ff8d6eb43731e588b0b32df5bb093dc042443543cc63d3e1f060bffd09d011180085254c849ef0393b27447550bb01690b129255e0c02a3e657e8e73e1bd4e
+  data.tar.gz: 991a423b8db899c16adeeb93d095ec9f3176a32cae5d78ab459c9b2bc7f07a52398f7387a7a89336dd2d86e9aeb1beb067853a2b474042b2740333bc6ff3daf7

data/AUTHENTICATION.md

@@ -102,8 +102,14 @@ To configure your system for this, simply:
 2. Authenticate using OAuth 2.0 `$ gcloud auth login`
 3. Write code as if already authenticated.
 
-**NOTE:** This is _not_ recommended for running in production. The Cloud SDK
-*should* only be used during development.
+**NOTE:** The use of Cloud SDK credentials is _not_ recommended for running in
+production. The Cloud SDK *should* only be used during development.
+
+**NOTE:** The use of Cloud SDK credentials may not support certain methods such as
+those that produce
+[signed URLs](https://cloud.google.com/storage/docs/access-control/signed-urls) and
+post objects. For these methods, authentication using a service account JSON key file
+is required.
 
 [gce-how-to]: https://cloud.google.com/compute/docs/authentication#using
 [dev-console]: https://console.cloud.google.com/project

data/CHANGELOG.md

@@ -1,5 +1,59 @@
 # Release History
 
+### 1.29.0 / 2020-09-22
+
+#### Features
+
+* quota_project can be set via library configuration ([#7656](https://www.github.com/googleapis/google-cloud-ruby/issues/7656))
+
+#### Bug Fixes
+
+* Fix encoding of space characters in #signed_url version: :v4
+  * Fix encoding of space characters to use percent encoding (%20) instead of plus sign (+).
+
+#### Documentation
+
+* Add custom time to file metadata sample
+
+### 1.28.0 / 2020-08-26
+
+* Add Object Lifecycle Management fields
+  * Add custom_time_before to Lifecycle::Rule
+  * Add days_since_custom_time to Lifecycle::Rule
+  * Add days_since_noncurrent_time to Lifecycle::Rule
+  * Add noncurrent_time_before to Lifecycle::Rule
+  * Add File#custom_time and #custom_time=
+
+### 1.27.0 / 2020-07-29
+
+#### Features
+
+* Add support for signing URLs with IAMCredentials SignBlob API
+  * Add signer parameter accepting Procs to the following methods:
+    * Project#signed_url
+    * Bucket#generate_signed_post_policy_v4
+    * Bucket#post_object
+    * Bucket#signed_url
+    * File#signed_url
+  * Update signer aliases signing_key and private_key to similarly support Procs
+
+#### Documentation
+
+* Update documentation of SignedUrlUnavailable
+
+### 1.26.2 / 2020-05-28
+
+#### Documentation
+
+* Fix a few broken links
+
+### 1.26.1 / 2020-05-06
+
+#### Bug Fixes
+
+* Add missing bucket condition in SignerV4#post_object
+* Ensure bucket is not returned in PostObject fields
+
 ### 1.26.0 / 2020-04-06
 
 #### Features

data/TROUBLESHOOTING.md

@@ -24,14 +24,8 @@ improved, *please* create a new issue on GitHub so we can talk about it.
 
   - [New issue][gh-ruby]
 
-Or, you can ask questions on the [Google Cloud Platform Slack][slack-ruby]. You
-can use the "ruby" channel for general Ruby questions, or use the
-"google-cloud-ruby" channel if you have questions about this gem in particular.
-
 [so-ruby]: http://stackoverflow.com/questions/tagged/google-cloud-platform+ruby+storage
 
-[gh-search-ruby]: https://github.com/googlecloudplatform/google-cloud-ruby/issues?q=label%3A%22api%3A+storage%22
-
-[gh-ruby]: https://github.com/googlecloudplatform/google-cloud-ruby/issues/new
+[gh-search-ruby]: https://github.com/googleapis/google-cloud-ruby/issues?q=label%3A%22api%3A+storage%22
 
-[slack-ruby]: https://gcp-slack.appspot.com/
+[gh-ruby]: https://github.com/googleapis/google-cloud-ruby/issues/new

data/lib/google-cloud-storage.rb

@@ -136,6 +136,7 @@ Google::Cloud.configure.add_config! :storage do |config|
                     allow_nil: true
   config.add_alias! :keyfile, :credentials
   config.add_field! :scope, nil, match: [String, Array]
+  config.add_field! :quota_project, nil, match: String
   config.add_field! :retries, nil, match: Integer
   config.add_field! :timeout, nil, match: Integer
   # TODO: Remove once discovery document is updated.

data/lib/google/cloud/storage.rb

@@ -93,7 +93,8 @@ module Google
         Storage::Project.new(
           Storage::Service.new(
             project_id, credentials,
-            retries: retries, timeout: timeout, host: endpoint
+            retries: retries, timeout: timeout, host: endpoint,
+            quota_project: configure.quota_project
           )
         )
       end

data/lib/google/cloud/storage/bucket.rb

@@ -1128,6 +1128,11 @@ module Google
         # @param [String] content_type The
         #   [Content-Type](https://tools.ietf.org/html/rfc2616#section-14.17)
         #   response header to be returned when the file is downloaded.
+        # @param [DateTime] custom_time A custom time specified by the user for
+        #   the file. Once set, custom_time can't be unset, and it can only be
+        #   changed to a time in the future. If custom_time must be unset, you
+        #   must either perform a rewrite operation, or upload the data again
+        #   and create a new file.
         # @param [String] crc32c The CRC32c checksum of the file data, as
         #   described in [RFC 4960, Appendix
         #   B](http://tools.ietf.org/html/rfc4960#appendix-B).
@@ -1249,7 +1254,7 @@ module Google
         #
         def create_file file, path = nil, acl: nil, cache_control: nil,
                         content_disposition: nil, content_encoding: nil,
-                        content_language: nil, content_type: nil,
+                        content_language: nil, content_type: nil, custom_time: nil,
                         crc32c: nil, md5: nil, metadata: nil,
                         storage_class: nil, encryption_key: nil, kms_key: nil,
                         temporary_hold: nil, event_based_hold: nil
@@ -1264,6 +1269,7 @@ module Google
                                                        md5: md5,
                                                        cache_control: cache_control,
                                                        content_type: content_type,
+                                                       custom_time: custom_time,
                                                        content_disposition: content_disposition,
                                                        crc32c: crc32c,
                                                        content_encoding: content_encoding,
@@ -1406,7 +1412,7 @@ module Google
         # A {SignedUrlUnavailable} is raised if the service account credentials
         # are missing. Service account credentials are acquired by following the
         # steps in [Service Account Authentication](
-        # https://cloud.google.com/storage/docs/authentication#service_accounts).
+        # https://cloud.google.com/iam/docs/service-accounts).
         #
         # @see https://cloud.google.com/storage/docs/access-control/signed-urls
         #   Signed URLs guide
@@ -1433,10 +1439,22 @@ module Google
         #   use the signed URL.
         # @param [String] issuer Service Account's Client Email.
         # @param [String] client_email Service Account's Client Email.
-        # @param [OpenSSL::PKey::RSA, String] signing_key Service Account's
-        #   Private Key.
-        # @param [OpenSSL::PKey::RSA, String] private_key Service Account's
-        #   Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] signing_key Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] private_key Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] signer Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        #
+        #   When using this method in environments such as GAE Flexible Environment,
+        #   GKE, or Cloud Functions where the private key is unavailable, it may be
+        #   necessary to provide a Proc (or lambda) via the signer parameter. This
+        #   Proc should return a signature created using a RPC call to the
+        #   [Service Account Credentials signBlob](https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob)
+        #   method as shown in the example below.
         # @param [Hash] query Query string parameters to include in the signed
         #   URL. The given parameters are not verified by the signature.
         #
@@ -1462,7 +1480,12 @@ module Google
         #   to create. Must be one of `:v2` or `:v4`. The default value is
         #   `:v2`.
         #
-        # @return [String]
+        # @return [String] The signed URL.
+        #
+        # @raise [SignedUrlUnavailable] If the service account credentials
+        #   are missing. Service account credentials are acquired by following the
+        #   steps in [Service Account Authentication](
+        #   https://cloud.google.com/iam/docs/service-accounts).
         #
         # @example
         #   require "google/cloud/storage"
@@ -1493,6 +1516,40 @@ module Google
         #                                  issuer: "service-account@gcloud.com",
         #                                  signing_key: key
         #
+        # @example Using Cloud IAMCredentials signBlob to create the signature:
+        #   require "google/cloud/storage"
+        #   require "google/apis/iamcredentials_v1"
+        #   require "googleauth"
+        #
+        #   # Issuer is the service account email that the Signed URL will be signed with
+        #   # and any permission granted in the Signed URL must be granted to the
+        #   # Google Service Account.
+        #   issuer = "service-account@project-id.iam.gserviceaccount.com"
+        #
+        #   # Create a lambda that accepts the string_to_sign
+        #   signer = lambda do |string_to_sign|
+        #     IAMCredentials = Google::Apis::IamcredentialsV1
+        #     iam_client = IAMCredentials::IAMCredentialsService.new
+        #
+        #     # Get the environment configured authorization
+        #     scopes = ["https://www.googleapis.com/auth/iam"]
+        #     iam_client.authorization = Google::Auth.get_application_default scopes
+        #
+        #     request = {
+        #       "payload": string_to_sign,
+        #     }
+        #     resource = "projects/-/serviceAccounts/#{issuer}"
+        #     response = iam_client.sign_service_account_blob resource, request, {}
+        #     response.signed_blob
+        #   end
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket_name = "my-todo-app"
+        #   file_path = "avatars/heidi/400x400.png"
+        #   url = storage.signed_url bucket_name, file_path,
+        #                            method: "GET", issuer: issuer,
+        #                            signer: signer
         # @example Using the `headers` option:
         #   require "google/cloud/storage"
         #
@@ -1538,6 +1595,7 @@ module Google
                        client_email: nil,
                        signing_key: nil,
                        private_key: nil,
+                       signer: nil,
                        query: nil,
                        scheme: "HTTPS",
                        virtual_hosted_style: nil,
@@ -1547,30 +1605,32 @@ module Google
           version ||= :v2
           case version.to_sym
           when :v2
-            signer = File::SignerV2.from_bucket self, path
-            signer.signed_url method: method,
-                              expires: expires,
-                              headers: headers,
-                              content_type: content_type,
-                              content_md5: content_md5,
-                              issuer: issuer,
-                              client_email: client_email,
-                              signing_key: signing_key,
-                              private_key: private_key,
-                              query: query
+            sign = File::SignerV2.from_bucket self, path
+            sign.signed_url method: method,
+                            expires: expires,
+                            headers: headers,
+                            content_type: content_type,
+                            content_md5: content_md5,
+                            issuer: issuer,
+                            client_email: client_email,
+                            signing_key: signing_key,
+                            private_key: private_key,
+                            signer: signer,
+                            query: query
           when :v4
-            signer = File::SignerV4.from_bucket self, path
-            signer.signed_url method: method,
-                              expires: expires,
-                              headers: headers,
-                              issuer: issuer,
-                              client_email: client_email,
-                              signing_key: signing_key,
-                              private_key: private_key,
-                              query: query,
-                              scheme: scheme,
-                              virtual_hosted_style: virtual_hosted_style,
-                              bucket_bound_hostname: bucket_bound_hostname
+            sign = File::SignerV4.from_bucket self, path
+            sign.signed_url method: method,
+                            expires: expires,
+                            headers: headers,
+                            issuer: issuer,
+                            client_email: client_email,
+                            signing_key: signing_key,
+                            private_key: private_key,
+                            signer: signer,
+                            query: query,
+                            scheme: scheme,
+                            virtual_hosted_style: virtual_hosted_style,
+                            bucket_bound_hostname: bucket_bound_hostname
           else
             raise ArgumentError, "version '#{version}' not supported"
           end
@@ -1591,7 +1651,7 @@ module Google
         # A {SignedUrlUnavailable} is raised if the service account credentials
         # are missing. Service account credentials are acquired by following the
         # steps in [Service Account Authentication](
-        # https://cloud.google.com/storage/docs/authentication#service_accounts).
+        # https://cloud.google.com/iam/docs/service-accounts).
         #
         # @see https://cloud.google.com/storage/docs/xml-api/post-object
         #
@@ -1608,12 +1668,28 @@ module Google
         #   for more information.
         # @param [String] issuer Service Account's Client Email.
         # @param [String] client_email Service Account's Client Email.
-        # @param [OpenSSL::PKey::RSA, String] signing_key Service Account's
-        #   Private Key.
-        # @param [OpenSSL::PKey::RSA, String] private_key Service Account's
-        #   Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] signing_key Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] private_key Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] signer Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        #
+        #   When using this method in environments such as GAE Flexible Environment,
+        #   GKE, or Cloud Functions where the private key is unavailable, it may be
+        #   necessary to provide a Proc (or lambda) via the signer parameter. This
+        #   Proc should return a signature created using a RPC call to the
+        #   [Service Account Credentials signBlob](https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob)
+        #   method as shown in the example below.
+        # @return [PostObject] An object containing the URL, fields, and values needed to upload files via html forms.
         #
-        # @return [PostObject]
+        # @raise [SignedUrlUnavailable] If the service account credentials
+        #   are missing. Service account credentials are acquired by following the
+        #   steps in [Service Account Authentication](
+        #   https://cloud.google.com/iam/docs/service-accounts).
         #
         # @example
         #   require "google/cloud/storage"
@@ -1673,19 +1749,61 @@ module Google
         #   post.fields[:signature] #=> "ABC...XYZ="
         #   post.fields[:policy] #=> "ABC...XYZ="
         #
+        # @example Using Cloud IAMCredentials signBlob to create the signature:
+        #   require "google/cloud/storage"
+        #   require "google/apis/iamcredentials_v1"
+        #   require "googleauth"
+        #
+        #   # Issuer is the service account email that the Signed URL will be signed with
+        #   # and any permission granted in the Signed URL must be granted to the
+        #   # Google Service Account.
+        #   issuer = "service-account@project-id.iam.gserviceaccount.com"
+        #
+        #   # Create a lambda that accepts the string_to_sign
+        #   signer = lambda do |string_to_sign|
+        #     IAMCredentials = Google::Apis::IamcredentialsV1
+        #     iam_client = IAMCredentials::IAMCredentialsService.new
+        #
+        #     # Get the environment configured authorization
+        #     scopes = ["https://www.googleapis.com/auth/iam"]
+        #     iam_client.authorization = Google::Auth.get_application_default scopes
+        #
+        #     request = {
+        #       "payload": string_to_sign,
+        #     }
+        #     resource = "projects/-/serviceAccounts/#{issuer}"
+        #     response = iam_client.sign_service_account_blob resource, request, {}
+        #     response.signed_blob
+        #   end
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket = storage.bucket "my-todo-app"
+        #   post = bucket.post_object "avatars/heidi/400x400.png",
+        #                             issuer: issuer,
+        #                             signer: signer
+        #
+        #   post.url #=> "https://storage.googleapis.com"
+        #   post.fields[:key] #=> "my-todo-app/avatars/heidi/400x400.png"
+        #   post.fields[:GoogleAccessId] #=> "0123456789@gserviceaccount.com"
+        #   post.fields[:signature] #=> "ABC...XYZ="
+        #   post.fields[:policy] #=> "ABC...XYZ="
+        #
         def post_object path,
                         policy: nil,
                         issuer: nil,
                         client_email: nil,
                         signing_key: nil,
-                        private_key: nil
+                        private_key: nil,
+                        signer: nil
           ensure_service!
-          signer = File::SignerV2.from_bucket self, path
-          signer.post_object issuer: issuer,
-                             client_email: client_email,
-                             signing_key: signing_key,
-                             private_key: private_key,
-                             policy: policy
+          sign = File::SignerV2.from_bucket self, path
+          sign.post_object issuer: issuer,
+                           client_email: client_email,
+                           signing_key: signing_key,
+                           private_key: private_key,
+                           signer: signer,
+                           policy: policy
         end
 
         ##
@@ -1703,17 +1821,29 @@ module Google
         # A {SignedUrlUnavailable} is raised if the service account credentials
         # are missing. Service account credentials are acquired by following the
         # steps in [Service Account Authentication](
-        # https://cloud.google.com/storage/docs/authentication#service_accounts).
+        # https://cloud.google.com/iam/docs/service-accounts).
         #
         # @see https://cloud.google.com/storage/docs/xml-api/post-object
         #
         # @param [String] path Path to the file in Google Cloud Storage.
         # @param [String] issuer Service Account's Client Email.
         # @param [String] client_email Service Account's Client Email.
-        # @param [OpenSSL::PKey::RSA, String] signing_key Service Account's
-        #   Private Key.
-        # @param [OpenSSL::PKey::RSA, String] private_key Service Account's
-        #   Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] signing_key Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] private_key Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        # @param [OpenSSL::PKey::RSA, String, Proc] signer Service Account's
+        #   Private Key or a Proc that accepts a single String parameter and returns a
+        #   RSA SHA256 signature using a valid Google Service Account Private Key.
+        #
+        #   When using this method in environments such as GAE Flexible Environment,
+        #   GKE, or Cloud Functions where the private key is unavailable, it may be
+        #   necessary to provide a Proc (or lambda) via the signer parameter. This
+        #   Proc should return a signature created using a RPC call to the
+        #   [Service Account Credentials signBlob](https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob)
+        #   method as shown in the example below.
         # @param [Integer] expires The number of seconds until the URL expires.
         #   The default is 604800 (7 days).
         # @param [Hash] fields User-supplied form fields such as `acl`,
@@ -1733,6 +1863,11 @@ module Google
         #
         # @return [PostObject] An object containing the URL, fields, and values needed to upload files via html forms.
         #
+        # @raise [SignedUrlUnavailable] If the service account credentials
+        #   are missing. Service account credentials are acquired by following the
+        #   steps in [Service Account Authentication](
+        #   https://cloud.google.com/iam/docs/service-accounts).
+        #
         # @example
         #   require "google/cloud/storage"
         #
@@ -1752,11 +1887,56 @@ module Google
         #   post.fields["x-goog-date"] #=> "20200128T000000Z"
         #   post.fields["x-goog-signature"] #=> "4893a0e...cd82"
         #
+        # @example Using Cloud IAMCredentials signBlob to create the signature:
+        #   require "google/cloud/storage"
+        #   require "google/apis/iamcredentials_v1"
+        #   require "googleauth"
+        #
+        #   # Issuer is the service account email that the Signed URL will be signed with
+        #   # and any permission granted in the Signed URL must be granted to the
+        #   # Google Service Account.
+        #   issuer = "service-account@project-id.iam.gserviceaccount.com"
+        #
+        #   # Create a lambda that accepts the string_to_sign
+        #   signer = lambda do |string_to_sign|
+        #     IAMCredentials = Google::Apis::IamcredentialsV1
+        #     iam_client = IAMCredentials::IAMCredentialsService.new
+        #
+        #     # Get the environment configured authorization
+        #     scopes = ["https://www.googleapis.com/auth/iam"]
+        #     iam_client.authorization = Google::Auth.get_application_default scopes
+        #
+        #     request = {
+        #       "payload": string_to_sign,
+        #     }
+        #     resource = "projects/-/serviceAccounts/#{issuer}"
+        #     response = iam_client.sign_service_account_blob resource, request, {}
+        #     response.signed_blob
+        #   end
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket = storage.bucket "my-todo-app"
+        #   conditions = [["starts-with", "$acl","public"]]
+        #   post = bucket.generate_signed_post_policy_v4(
+        #     "avatars/heidi/400x400.png", expires: 10,
+        #     conditions: conditions, issuer: issuer, signer: signer
+        #   )
+        #
+        #   post.url #=> "https://storage.googleapis.com/my-todo-app/"
+        #   post.fields["key"] #=> "my-todo-app/avatars/heidi/400x400.png"
+        #   post.fields["policy"] #=> "ABC...XYZ"
+        #   post.fields["x-goog-algorithm"] #=> "GOOG4-RSA-SHA256"
+        #   post.fields["x-goog-credential"] #=> "cred@pid.iam.gserviceaccount.com/20200123/auto/storage/goog4_request"
+        #   post.fields["x-goog-date"] #=> "20200128T000000Z"
+        #   post.fields["x-goog-signature"] #=> "4893a0e...cd82"
+        #
         def generate_signed_post_policy_v4 path,
                                            issuer: nil,
                                            client_email: nil,
                                            signing_key: nil,
                                            private_key: nil,
+                                           signer: nil,
                                            expires: nil,
                                            fields: nil,
                                            conditions: nil,
@@ -1764,17 +1944,18 @@ module Google
                                            virtual_hosted_style: nil,
                                            bucket_bound_hostname: nil
           ensure_service!
-          signer = File::SignerV4.from_bucket self, path
-          signer.post_object issuer: issuer,
-                             client_email: client_email,
-                             signing_key: signing_key,
-                             private_key: private_key,
-                             expires: expires,
-                             fields: fields,
-                             conditions: conditions,
-                             scheme: scheme,
-                             virtual_hosted_style: virtual_hosted_style,
-                             bucket_bound_hostname: bucket_bound_hostname
+          sign = File::SignerV4.from_bucket self, path
+          sign.post_object issuer: issuer,
+                           client_email: client_email,
+                           signing_key: signing_key,
+                           private_key: private_key,
+                           signer: signer,
+                           expires: expires,
+                           fields: fields,
+                           conditions: conditions,
+                           scheme: scheme,
+                           virtual_hosted_style: virtual_hosted_style,
+                           bucket_bound_hostname: bucket_bound_hostname
         end
 
         ##