gcp.storage.getObjectSignedUrl

The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.

For more info about signed URL’s is available here.

Full Example

import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as gcp from "@pulumi/gcp";

const getUrl = gcp.storage.getObjectSignedUrl({
    bucket: "fried_chicken",
    path: "path/to/file",
    contentMd5: "pRviqwS4c4OTJRTe03FD1w==",
    contentType: "text/plain",
    duration: "2d",
    credentials: fs.readFileSync("path/to/credentials.json"),
    extensionHeaders: {
        "x-goog-if-generation-match": "1",
    },
});
import pulumi
import pulumi_gcp as gcp

get_url = gcp.storage.get_object_signed_url(bucket="fried_chicken",
    path="path/to/file",
    content_md5="pRviqwS4c4OTJRTe03FD1w==",
    content_type="text/plain",
    duration="2d",
    credentials=(lambda path: open(path).read())("path/to/credentials.json"),
    extension_headers={
        "x-goog-if-generation-match": "1",
    })
using System.Collections.Generic;
using System.IO;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var getUrl = Gcp.Storage.GetObjectSignedUrl.Invoke(new()
    {
        Bucket = "fried_chicken",
        Path = "path/to/file",
        ContentMd5 = "pRviqwS4c4OTJRTe03FD1w==",
        ContentType = "text/plain",
        Duration = "2d",
        Credentials = File.ReadAllText("path/to/credentials.json"),
        ExtensionHeaders = 
        {
            { "x-goog-if-generation-match", "1" },
        },
    });

});
package main

import (
	"os"

	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := storage.GetObjectSignedUrl(ctx, &storage.GetObjectSignedUrlArgs{
			Bucket:      "fried_chicken",
			Path:        "path/to/file",
			ContentMd5:  pulumi.StringRef("pRviqwS4c4OTJRTe03FD1w=="),
			ContentType: pulumi.StringRef("text/plain"),
			Duration:    pulumi.StringRef("2d"),
			Credentials: pulumi.StringRef(readFileOrPanic("path/to/credentials.json")),
			ExtensionHeaders: map[string]interface{}{
				"x-goog-if-generation-match": "1",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var getUrl = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()
            .bucket("fried_chicken")
            .path("path/to/file")
            .contentMd5("pRviqwS4c4OTJRTe03FD1w==")
            .contentType("text/plain")
            .duration("2d")
            .credentials(Files.readString(Paths.get("path/to/credentials.json")))
            .extensionHeaders(Map.of("x-goog-if-generation-match", 1))
            .build());

    }
}
variables:
  getUrl:
    fn::invoke:
      Function: gcp:storage:getObjectSignedUrl
      Arguments:
        bucket: fried_chicken
        path: path/to/file
        contentMd5: pRviqwS4c4OTJRTe03FD1w==
        contentType: text/plain
        duration: 2d
        credentials:
          fn::readFile: path/to/credentials.json
        extensionHeaders:
          x-goog-if-generation-match: 1

Example Usage

using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var artifact = Gcp.Storage.GetObjectSignedUrl.Invoke(new()
    {
        Bucket = "install_binaries",
        Path = "path/to/install_file.bin",
    });

    var vm = new Gcp.Compute.Instance("vm");

});
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := storage.GetObjectSignedUrl(ctx, &storage.GetObjectSignedUrlArgs{
			Bucket: "install_binaries",
			Path:   "path/to/install_file.bin",
		}, nil)
		if err != nil {
			return err
		}
		_, err = compute.NewInstance(ctx, "vm", nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;
import com.pulumi.gcp.compute.Instance;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var artifact = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()
            .bucket("install_binaries")
            .path("path/to/install_file.bin")
            .build());

        var vm = new Instance("vm");

    }
}
import pulumi
import pulumi_gcp as gcp

artifact = gcp.storage.get_object_signed_url(bucket="install_binaries",
    path="path/to/install_file.bin")
vm = gcp.compute.Instance("vm")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const artifact = gcp.storage.getObjectSignedUrl({
    bucket: "install_binaries",
    path: "path/to/install_file.bin",
});
const vm = new gcp.compute.Instance("vm", {});
resources:
  vm:
    type: gcp:compute:Instance
variables:
  artifact:
    fn::invoke:
      Function: gcp:storage:getObjectSignedUrl
      Arguments:
        bucket: install_binaries
        path: path/to/install_file.bin
using System.Collections.Generic;
using System.IO;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var getUrl = Gcp.Storage.GetObjectSignedUrl.Invoke(new()
    {
        Bucket = "fried_chicken",
        Path = "path/to/file",
        ContentMd5 = "pRviqwS4c4OTJRTe03FD1w==",
        ContentType = "text/plain",
        Duration = "2d",
        Credentials = File.ReadAllText("path/to/credentials.json"),
        ExtensionHeaders = 
        {
            { "x-goog-if-generation-match", "1" },
        },
    });

});
package main

import (
	"os"

	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := os.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := storage.GetObjectSignedUrl(ctx, &storage.GetObjectSignedUrlArgs{
			Bucket:      "fried_chicken",
			Path:        "path/to/file",
			ContentMd5:  pulumi.StringRef("pRviqwS4c4OTJRTe03FD1w=="),
			ContentType: pulumi.StringRef("text/plain"),
			Duration:    pulumi.StringRef("2d"),
			Credentials: pulumi.StringRef(readFileOrPanic("path/to/credentials.json")),
			ExtensionHeaders: map[string]interface{}{
				"x-goog-if-generation-match": "1",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var getUrl = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()
            .bucket("fried_chicken")
            .path("path/to/file")
            .contentMd5("pRviqwS4c4OTJRTe03FD1w==")
            .contentType("text/plain")
            .duration("2d")
            .credentials(Files.readString(Paths.get("path/to/credentials.json")))
            .extensionHeaders(Map.of("x-goog-if-generation-match", 1))
            .build());

    }
}
import pulumi
import pulumi_gcp as gcp

get_url = gcp.storage.get_object_signed_url(bucket="fried_chicken",
    path="path/to/file",
    content_md5="pRviqwS4c4OTJRTe03FD1w==",
    content_type="text/plain",
    duration="2d",
    credentials=(lambda path: open(path).read())("path/to/credentials.json"),
    extension_headers={
        "x-goog-if-generation-match": "1",
    })
import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as gcp from "@pulumi/gcp";

const getUrl = gcp.storage.getObjectSignedUrl({
    bucket: "fried_chicken",
    path: "path/to/file",
    contentMd5: "pRviqwS4c4OTJRTe03FD1w==",
    contentType: "text/plain",
    duration: "2d",
    credentials: fs.readFileSync("path/to/credentials.json"),
    extensionHeaders: {
        "x-goog-if-generation-match": "1",
    },
});
variables:
  getUrl:
    fn::invoke:
      Function: gcp:storage:getObjectSignedUrl
      Arguments:
        bucket: fried_chicken
        path: path/to/file
        contentMd5: pRviqwS4c4OTJRTe03FD1w==
        contentType: text/plain
        duration: 2d
        credentials:
          fn::readFile: path/to/credentials.json
        extensionHeaders:
          x-goog-if-generation-match: 1

Using getObjectSignedUrl

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getObjectSignedUrl(args: GetObjectSignedUrlArgs, opts?: InvokeOptions): Promise<GetObjectSignedUrlResult>
function getObjectSignedUrlOutput(args: GetObjectSignedUrlOutputArgs, opts?: InvokeOptions): Output<GetObjectSignedUrlResult>
def get_object_signed_url(bucket: Optional[str] = None,
                          content_md5: Optional[str] = None,
                          content_type: Optional[str] = None,
                          credentials: Optional[str] = None,
                          duration: Optional[str] = None,
                          extension_headers: Optional[Mapping[str, str]] = None,
                          http_method: Optional[str] = None,
                          path: Optional[str] = None,
                          opts: Optional[InvokeOptions] = None) -> GetObjectSignedUrlResult
def get_object_signed_url_output(bucket: Optional[pulumi.Input[str]] = None,
                          content_md5: Optional[pulumi.Input[str]] = None,
                          content_type: Optional[pulumi.Input[str]] = None,
                          credentials: Optional[pulumi.Input[str]] = None,
                          duration: Optional[pulumi.Input[str]] = None,
                          extension_headers: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                          http_method: Optional[pulumi.Input[str]] = None,
                          path: Optional[pulumi.Input[str]] = None,
                          opts: Optional[InvokeOptions] = None) -> Output[GetObjectSignedUrlResult]
func GetObjectSignedUrl(ctx *Context, args *GetObjectSignedUrlArgs, opts ...InvokeOption) (*GetObjectSignedUrlResult, error)
func GetObjectSignedUrlOutput(ctx *Context, args *GetObjectSignedUrlOutputArgs, opts ...InvokeOption) GetObjectSignedUrlResultOutput

> Note: This function is named GetObjectSignedUrl in the Go SDK.

public static class GetObjectSignedUrl 
{
    public static Task<GetObjectSignedUrlResult> InvokeAsync(GetObjectSignedUrlArgs args, InvokeOptions? opts = null)
    public static Output<GetObjectSignedUrlResult> Invoke(GetObjectSignedUrlInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetObjectSignedUrlResult> getObjectSignedUrl(GetObjectSignedUrlArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: gcp:storage/getObjectSignedUrl:getObjectSignedUrl
  arguments:
    # arguments dictionary

The following arguments are supported:

Bucket string

The name of the bucket to read the object from

Path string

The full path to the object inside the bucket

ContentMd5 string

The MD5 digest value in Base64. Typically retrieved from google_storage_bucket_object.object.md5hash attribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide the Content-MD5 HTTP header with this same value in its request.

ContentType string

If you specify this in the datasource, the client must provide the Content-Type HTTP header with the same value in its request.

Credentials string

What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source credentials attribute, provider credentials attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.

Duration string

For how long shall the signed URL be valid (defaults to 1 hour - i.e. 1h). See here for info on valid duration formats.

ExtensionHeaders Dictionary<string, string>

As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with x-goog- is accepted but see the Google Docs for list of headers that are supported by Google.

HttpMethod string

What HTTP Method will the signed URL allow (defaults to GET)

Bucket string

The name of the bucket to read the object from

Path string

The full path to the object inside the bucket

ContentMd5 string

The MD5 digest value in Base64. Typically retrieved from google_storage_bucket_object.object.md5hash attribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide the Content-MD5 HTTP header with this same value in its request.

ContentType string

If you specify this in the datasource, the client must provide the Content-Type HTTP header with the same value in its request.

Credentials string

What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source credentials attribute, provider credentials attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.

Duration string

For how long shall the signed URL be valid (defaults to 1 hour - i.e. 1h). See here for info on valid duration formats.

ExtensionHeaders map[string]string

As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with x-goog- is accepted but see the Google Docs for list of headers that are supported by Google.

HttpMethod string

What HTTP Method will the signed URL allow (defaults to GET)

bucket String

The name of the bucket to read the object from

path String

The full path to the object inside the bucket

contentMd5 String

The MD5 digest value in Base64. Typically retrieved from google_storage_bucket_object.object.md5hash attribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide the Content-MD5 HTTP header with this same value in its request.

contentType String

If you specify this in the datasource, the client must provide the Content-Type HTTP header with the same value in its request.

credentials String

What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source credentials attribute, provider credentials attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.

duration String

For how long shall the signed URL be valid (defaults to 1 hour - i.e. 1h). See here for info on valid duration formats.

extensionHeaders Map<String,String>

As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with x-goog- is accepted but see the Google Docs for list of headers that are supported by Google.

httpMethod String

What HTTP Method will the signed URL allow (defaults to GET)

bucket string

The name of the bucket to read the object from

path string

The full path to the object inside the bucket

contentMd5 string

The MD5 digest value in Base64. Typically retrieved from google_storage_bucket_object.object.md5hash attribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide the Content-MD5 HTTP header with this same value in its request.

contentType string

If you specify this in the datasource, the client must provide the Content-Type HTTP header with the same value in its request.

credentials string

What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source credentials attribute, provider credentials attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.

duration string

For how long shall the signed URL be valid (defaults to 1 hour - i.e. 1h). See here for info on valid duration formats.

extensionHeaders {[key: string]: string}

As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with x-goog- is accepted but see the Google Docs for list of headers that are supported by Google.

httpMethod string

What HTTP Method will the signed URL allow (defaults to GET)

bucket str

The name of the bucket to read the object from

path str

The full path to the object inside the bucket

content_md5 str

The MD5 digest value in Base64. Typically retrieved from google_storage_bucket_object.object.md5hash attribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide the Content-MD5 HTTP header with this same value in its request.

content_type str

If you specify this in the datasource, the client must provide the Content-Type HTTP header with the same value in its request.

credentials str

What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source credentials attribute, provider credentials attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.

duration str

For how long shall the signed URL be valid (defaults to 1 hour - i.e. 1h). See here for info on valid duration formats.

extension_headers Mapping[str, str]

As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with x-goog- is accepted but see the Google Docs for list of headers that are supported by Google.

http_method str

What HTTP Method will the signed URL allow (defaults to GET)

bucket String

The name of the bucket to read the object from

path String

The full path to the object inside the bucket

contentMd5 String

The MD5 digest value in Base64. Typically retrieved from google_storage_bucket_object.object.md5hash attribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide the Content-MD5 HTTP header with this same value in its request.

contentType String

If you specify this in the datasource, the client must provide the Content-Type HTTP header with the same value in its request.

credentials String

What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source credentials attribute, provider credentials attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.

duration String

For how long shall the signed URL be valid (defaults to 1 hour - i.e. 1h). See here for info on valid duration formats.

extensionHeaders Map<String>

As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with x-goog- is accepted but see the Google Docs for list of headers that are supported by Google.

httpMethod String

What HTTP Method will the signed URL allow (defaults to GET)

getObjectSignedUrl Result

The following output properties are available:

Bucket string
Id string

The provider-assigned unique ID for this managed resource.

Path string
SignedUrl string

The signed URL that can be used to access the storage object without authentication.

ContentMd5 string
ContentType string
Credentials string
Duration string
ExtensionHeaders Dictionary<string, string>
HttpMethod string
Bucket string
Id string

The provider-assigned unique ID for this managed resource.

Path string
SignedUrl string

The signed URL that can be used to access the storage object without authentication.

ContentMd5 string
ContentType string
Credentials string
Duration string
ExtensionHeaders map[string]string
HttpMethod string
bucket String
id String

The provider-assigned unique ID for this managed resource.

path String
signedUrl String

The signed URL that can be used to access the storage object without authentication.

contentMd5 String
contentType String
credentials String
duration String
extensionHeaders Map<String,String>
httpMethod String
bucket string
id string

The provider-assigned unique ID for this managed resource.

path string
signedUrl string

The signed URL that can be used to access the storage object without authentication.

contentMd5 string
contentType string
credentials string
duration string
extensionHeaders {[key: string]: string}
httpMethod string
bucket str
id str

The provider-assigned unique ID for this managed resource.

path str
signed_url str

The signed URL that can be used to access the storage object without authentication.

content_md5 str
content_type str
credentials str
duration str
extension_headers Mapping[str, str]
http_method str
bucket String
id String

The provider-assigned unique ID for this managed resource.

path String
signedUrl String

The signed URL that can be used to access the storage object without authentication.

contentMd5 String
contentType String
credentials String
duration String
extensionHeaders Map<String>
httpMethod String

Package Details

Repository
Google Cloud (GCP) Classic pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.