gcp.storage.getObjectSignedUrl
The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.
For more info about signed URL’s is available here.
Full Example
import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as gcp from "@pulumi/gcp";
const getUrl = gcp.storage.getObjectSignedUrl({
bucket: "fried_chicken",
path: "path/to/file",
contentMd5: "pRviqwS4c4OTJRTe03FD1w==",
contentType: "text/plain",
duration: "2d",
credentials: fs.readFileSync("path/to/credentials.json"),
extensionHeaders: {
"x-goog-if-generation-match": "1",
},
});
import pulumi
import pulumi_gcp as gcp
get_url = gcp.storage.get_object_signed_url(bucket="fried_chicken",
path="path/to/file",
content_md5="pRviqwS4c4OTJRTe03FD1w==",
content_type="text/plain",
duration="2d",
credentials=(lambda path: open(path).read())("path/to/credentials.json"),
extension_headers={
"x-goog-if-generation-match": "1",
})
using System.Collections.Generic;
using System.IO;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var getUrl = Gcp.Storage.GetObjectSignedUrl.Invoke(new()
{
Bucket = "fried_chicken",
Path = "path/to/file",
ContentMd5 = "pRviqwS4c4OTJRTe03FD1w==",
ContentType = "text/plain",
Duration = "2d",
Credentials = File.ReadAllText("path/to/credentials.json"),
ExtensionHeaders =
{
{ "x-goog-if-generation-match", "1" },
},
});
});
package main
import (
"os"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := os.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.GetObjectSignedUrl(ctx, &storage.GetObjectSignedUrlArgs{
Bucket: "fried_chicken",
Path: "path/to/file",
ContentMd5: pulumi.StringRef("pRviqwS4c4OTJRTe03FD1w=="),
ContentType: pulumi.StringRef("text/plain"),
Duration: pulumi.StringRef("2d"),
Credentials: pulumi.StringRef(readFileOrPanic("path/to/credentials.json")),
ExtensionHeaders: map[string]interface{}{
"x-goog-if-generation-match": "1",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var getUrl = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()
.bucket("fried_chicken")
.path("path/to/file")
.contentMd5("pRviqwS4c4OTJRTe03FD1w==")
.contentType("text/plain")
.duration("2d")
.credentials(Files.readString(Paths.get("path/to/credentials.json")))
.extensionHeaders(Map.of("x-goog-if-generation-match", 1))
.build());
}
}
variables:
getUrl:
fn::invoke:
Function: gcp:storage:getObjectSignedUrl
Arguments:
bucket: fried_chicken
path: path/to/file
contentMd5: pRviqwS4c4OTJRTe03FD1w==
contentType: text/plain
duration: 2d
credentials:
fn::readFile: path/to/credentials.json
extensionHeaders:
x-goog-if-generation-match: 1
Example Usage
using System.Collections.Generic;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var artifact = Gcp.Storage.GetObjectSignedUrl.Invoke(new()
{
Bucket = "install_binaries",
Path = "path/to/install_file.bin",
});
var vm = new Gcp.Compute.Instance("vm");
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.GetObjectSignedUrl(ctx, &storage.GetObjectSignedUrlArgs{
Bucket: "install_binaries",
Path: "path/to/install_file.bin",
}, nil)
if err != nil {
return err
}
_, err = compute.NewInstance(ctx, "vm", nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;
import com.pulumi.gcp.compute.Instance;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var artifact = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()
.bucket("install_binaries")
.path("path/to/install_file.bin")
.build());
var vm = new Instance("vm");
}
}
import pulumi
import pulumi_gcp as gcp
artifact = gcp.storage.get_object_signed_url(bucket="install_binaries",
path="path/to/install_file.bin")
vm = gcp.compute.Instance("vm")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const artifact = gcp.storage.getObjectSignedUrl({
bucket: "install_binaries",
path: "path/to/install_file.bin",
});
const vm = new gcp.compute.Instance("vm", {});
resources:
vm:
type: gcp:compute:Instance
variables:
artifact:
fn::invoke:
Function: gcp:storage:getObjectSignedUrl
Arguments:
bucket: install_binaries
path: path/to/install_file.bin
using System.Collections.Generic;
using System.IO;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var getUrl = Gcp.Storage.GetObjectSignedUrl.Invoke(new()
{
Bucket = "fried_chicken",
Path = "path/to/file",
ContentMd5 = "pRviqwS4c4OTJRTe03FD1w==",
ContentType = "text/plain",
Duration = "2d",
Credentials = File.ReadAllText("path/to/credentials.json"),
ExtensionHeaders =
{
{ "x-goog-if-generation-match", "1" },
},
});
});
package main
import (
"os"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := os.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.GetObjectSignedUrl(ctx, &storage.GetObjectSignedUrlArgs{
Bucket: "fried_chicken",
Path: "path/to/file",
ContentMd5: pulumi.StringRef("pRviqwS4c4OTJRTe03FD1w=="),
ContentType: pulumi.StringRef("text/plain"),
Duration: pulumi.StringRef("2d"),
Credentials: pulumi.StringRef(readFileOrPanic("path/to/credentials.json")),
ExtensionHeaders: map[string]interface{}{
"x-goog-if-generation-match": "1",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var getUrl = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()
.bucket("fried_chicken")
.path("path/to/file")
.contentMd5("pRviqwS4c4OTJRTe03FD1w==")
.contentType("text/plain")
.duration("2d")
.credentials(Files.readString(Paths.get("path/to/credentials.json")))
.extensionHeaders(Map.of("x-goog-if-generation-match", 1))
.build());
}
}
import pulumi
import pulumi_gcp as gcp
get_url = gcp.storage.get_object_signed_url(bucket="fried_chicken",
path="path/to/file",
content_md5="pRviqwS4c4OTJRTe03FD1w==",
content_type="text/plain",
duration="2d",
credentials=(lambda path: open(path).read())("path/to/credentials.json"),
extension_headers={
"x-goog-if-generation-match": "1",
})
import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as gcp from "@pulumi/gcp";
const getUrl = gcp.storage.getObjectSignedUrl({
bucket: "fried_chicken",
path: "path/to/file",
contentMd5: "pRviqwS4c4OTJRTe03FD1w==",
contentType: "text/plain",
duration: "2d",
credentials: fs.readFileSync("path/to/credentials.json"),
extensionHeaders: {
"x-goog-if-generation-match": "1",
},
});
variables:
getUrl:
fn::invoke:
Function: gcp:storage:getObjectSignedUrl
Arguments:
bucket: fried_chicken
path: path/to/file
contentMd5: pRviqwS4c4OTJRTe03FD1w==
contentType: text/plain
duration: 2d
credentials:
fn::readFile: path/to/credentials.json
extensionHeaders:
x-goog-if-generation-match: 1
Using getObjectSignedUrl
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getObjectSignedUrl(args: GetObjectSignedUrlArgs, opts?: InvokeOptions): Promise<GetObjectSignedUrlResult>
function getObjectSignedUrlOutput(args: GetObjectSignedUrlOutputArgs, opts?: InvokeOptions): Output<GetObjectSignedUrlResult>def get_object_signed_url(bucket: Optional[str] = None,
content_md5: Optional[str] = None,
content_type: Optional[str] = None,
credentials: Optional[str] = None,
duration: Optional[str] = None,
extension_headers: Optional[Mapping[str, str]] = None,
http_method: Optional[str] = None,
path: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetObjectSignedUrlResult
def get_object_signed_url_output(bucket: Optional[pulumi.Input[str]] = None,
content_md5: Optional[pulumi.Input[str]] = None,
content_type: Optional[pulumi.Input[str]] = None,
credentials: Optional[pulumi.Input[str]] = None,
duration: Optional[pulumi.Input[str]] = None,
extension_headers: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
http_method: Optional[pulumi.Input[str]] = None,
path: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetObjectSignedUrlResult]func GetObjectSignedUrl(ctx *Context, args *GetObjectSignedUrlArgs, opts ...InvokeOption) (*GetObjectSignedUrlResult, error)
func GetObjectSignedUrlOutput(ctx *Context, args *GetObjectSignedUrlOutputArgs, opts ...InvokeOption) GetObjectSignedUrlResultOutput> Note: This function is named GetObjectSignedUrl in the Go SDK.
public static class GetObjectSignedUrl
{
public static Task<GetObjectSignedUrlResult> InvokeAsync(GetObjectSignedUrlArgs args, InvokeOptions? opts = null)
public static Output<GetObjectSignedUrlResult> Invoke(GetObjectSignedUrlInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetObjectSignedUrlResult> getObjectSignedUrl(GetObjectSignedUrlArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: gcp:storage/getObjectSignedUrl:getObjectSignedUrl
arguments:
# arguments dictionaryThe following arguments are supported:
- Bucket string
The name of the bucket to read the object from
- Path string
The full path to the object inside the bucket
- Content
Md5 string The MD5 digest value in Base64. Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request.- Content
Type string If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request.- Credentials string
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.- Duration string
For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats.- Extension
Headers Dictionary<string, string> As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google.- Http
Method string What HTTP Method will the signed URL allow (defaults to
GET)
- Bucket string
The name of the bucket to read the object from
- Path string
The full path to the object inside the bucket
- Content
Md5 string The MD5 digest value in Base64. Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request.- Content
Type string If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request.- Credentials string
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.- Duration string
For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats.- Extension
Headers map[string]string As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google.- Http
Method string What HTTP Method will the signed URL allow (defaults to
GET)
- bucket String
The name of the bucket to read the object from
- path String
The full path to the object inside the bucket
- content
Md5 String The MD5 digest value in Base64. Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request.- content
Type String If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request.- credentials String
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.- duration String
For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats.- extension
Headers Map<String,String> As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google.- http
Method String What HTTP Method will the signed URL allow (defaults to
GET)
- bucket string
The name of the bucket to read the object from
- path string
The full path to the object inside the bucket
- content
Md5 string The MD5 digest value in Base64. Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request.- content
Type string If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request.- credentials string
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.- duration string
For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats.- extension
Headers {[key: string]: string} As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google.- http
Method string What HTTP Method will the signed URL allow (defaults to
GET)
- bucket str
The name of the bucket to read the object from
- path str
The full path to the object inside the bucket
- content_
md5 str The MD5 digest value in Base64. Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request.- content_
type str If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request.- credentials str
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.- duration str
For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats.- extension_
headers Mapping[str, str] As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google.- http_
method str What HTTP Method will the signed URL allow (defaults to
GET)
- bucket String
The name of the bucket to read the object from
- path String
The full path to the object inside the bucket
- content
Md5 String The MD5 digest value in Base64. Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request.- content
Type String If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request.- credentials String
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.- duration String
For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats.- extension
Headers Map<String> As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google.- http
Method String What HTTP Method will the signed URL allow (defaults to
GET)
getObjectSignedUrl Result
The following output properties are available:
- Bucket string
- Id string
The provider-assigned unique ID for this managed resource.
- Path string
- Signed
Url string The signed URL that can be used to access the storage object without authentication.
- Content
Md5 string - Content
Type string - Credentials string
- Duration string
- Extension
Headers Dictionary<string, string> - Http
Method string
- Bucket string
- Id string
The provider-assigned unique ID for this managed resource.
- Path string
- Signed
Url string The signed URL that can be used to access the storage object without authentication.
- Content
Md5 string - Content
Type string - Credentials string
- Duration string
- Extension
Headers map[string]string - Http
Method string
- bucket String
- id String
The provider-assigned unique ID for this managed resource.
- path String
- signed
Url String The signed URL that can be used to access the storage object without authentication.
- content
Md5 String - content
Type String - credentials String
- duration String
- extension
Headers Map<String,String> - http
Method String
- bucket string
- id string
The provider-assigned unique ID for this managed resource.
- path string
- signed
Url string The signed URL that can be used to access the storage object without authentication.
- content
Md5 string - content
Type string - credentials string
- duration string
- extension
Headers {[key: string]: string} - http
Method string
- bucket str
- id str
The provider-assigned unique ID for this managed resource.
- path str
- signed_
url str The signed URL that can be used to access the storage object without authentication.
- content_
md5 str - content_
type str - credentials str
- duration str
- extension_
headers Mapping[str, str] - http_
method str
- bucket String
- id String
The provider-assigned unique ID for this managed resource.
- path String
- signed
Url String The signed URL that can be used to access the storage object without authentication.
- content
Md5 String - content
Type String - credentials String
- duration String
- extension
Headers Map<String> - http
Method String
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-betaTerraform Provider.