예제 #1
0
파일: gcs.go 프로젝트: tv42/pachyderm
// URLFor returns a URL which may be used to retrieve the content stored at
// the given path, possibly using the given options.
// Returns ErrUnsupportedMethod if this driver has no privateKey
func (d *driver) URLFor(context ctx.Context, path string, options map[string]interface{}) (string, error) {
	if d.privateKey == nil {
		return "", storagedriver.ErrUnsupportedMethod{}
	}

	name := d.pathToKey(path)
	methodString := "GET"
	method, ok := options["method"]
	if ok {
		methodString, ok = method.(string)
		if !ok || (methodString != "GET" && methodString != "HEAD") {
			return "", storagedriver.ErrUnsupportedMethod{}
		}
	}

	expiresTime := time.Now().Add(20 * time.Minute)
	expires, ok := options["expiry"]
	if ok {
		et, ok := expires.(time.Time)
		if ok {
			expiresTime = et
		}
	}

	opts := &storage.SignedURLOptions{
		GoogleAccessID: d.email,
		PrivateKey:     d.privateKey,
		Method:         methodString,
		Expires:        expiresTime,
	}
	return storage.SignedURL(d.bucket, name, opts)
}
예제 #2
0
func (p Publisher) Publish(o option.Options) (urlSet URLSet, err error) {
	if len(o.PrivateKey) == 0 {
		err = fmt.Errorf("requires private key bytes")
		return
	}
	if !o.Buckets.Contains(p.Bucket) {
		err = fmt.Errorf("bucket '%s' is not allowed", p.Bucket)
		return
	}

	expiration := time.Now().Add(o.Duration)
	key := uuid.NewV4().String()

	opts := storage.SignedURLOptions{
		GoogleAccessID: o.GoogleAccessID,
		PrivateKey:     o.PrivateKey,
		Method:         "PUT",
		Expires:        expiration,
		ContentType:    p.ContentType,
		Headers:        p.Headers,
	}
	if p.MD5 != "" {
		opts.MD5 = []byte(p.MD5)
	}

	url, err := storage.SignedURL(p.Bucket, key, &opts)
	if err != nil {
		return
	}

	urlSet.SignedURL = url
	urlSet.FileURL = fmt.Sprintf("https://storage.googleapis.com/%s/%s", p.Bucket, key)
	return
}
예제 #3
0
func downloadFile(
	wri http.ResponseWriter,
	req *http.Request,
) {
	var gae = appengine.NewContext(req)
	var bucket = util.GetBucketName()
	var vars = mux.Vars(req)
	log.Infof(gae, "download file %s from bucket %s", vars["key"], bucket)
	var cloudCtx = getCloudContext(gae)
	rc, err := storage.NewReader(cloudCtx, bucket, vars["key"])
	if err != nil {
		log.Infof(gae, "unable to open file %q from bucket %q", vars["key"], bucket)
		wri.WriteHeader(http.StatusNotFound)
		return
	}
	defer rc.Close()
	// Return an signed URL from which the client can download a file
	accessIdFile := os.Getenv("GOOGLE_ACCESS_ID")
	if accessIdFile == "" {
		log.Errorf(gae, "Missing GOOGLE_ACCESS_ID from app.yaml")
		wri.WriteHeader(http.StatusInternalServerError)
		return
	}
	accessId, err := ioutil.ReadFile(accessIdFile)
	if err != nil {
		log.Errorf(gae, "Cannot read service account access id from %s", accessIdFile)
		wri.WriteHeader(http.StatusInternalServerError)
	}
	privateKeyFile := os.Getenv("GOOGLE_PRIVATE_KEY")
	if privateKeyFile == "" {
		log.Errorf(gae, "Missing GOOGLE_PRIVATE_KEY from app.yaml")
		wri.WriteHeader(http.StatusInternalServerError)
		return
	}
	log.Infof(gae, "Private key file %s", privateKeyFile)
	privateKey, err := ioutil.ReadFile(privateKeyFile)
	if err != nil {
		log.Errorf(gae, "Cannot read service account private key from %s", privateKeyFile)
		wri.WriteHeader(http.StatusInternalServerError)
		return
	}
	var opts = storage.SignedURLOptions{
		GoogleAccessID: string(accessId),
		PrivateKey:     privateKey,
		Method:         "GET",
		Expires:        time.Now().UTC().Add(300 * time.Second),
	}
	signedURL, err := storage.SignedURL(bucket, vars["key"], &opts)
	if err != nil {
		log.Errorf(gae, "Unable to generate a signedURL: %s", err)
		wri.WriteHeader(http.StatusInternalServerError)
	}
	http.Redirect(wri, req, signedURL, http.StatusTemporaryRedirect)
}
예제 #4
0
func (this *StorageClient) GetNewSignedURL(name string, expire time.Time) (string, error) {
	opt := storage.SignedURLOptions{
		GoogleAccessID: public.StorageServiceAccountEmail,
		PrivateKey:     public.StoragePrivateKey,
		Method:         "GET",
		Expires:        expire,
	}
	//public.LogD.Printf("AccessID: %v", (&opt).GoogleAccessID)
	//public.LogD.Printf("PrivateKey: %v", (&opt).PrivateKey)
	return storage.SignedURL(public.MAIN_STORAGE_BUCKET, name, &opt)
}
예제 #5
0
func Expose(bucket, name string, expiry time.Time) (string, error) {
	if jwtc == nil {
		return "", errors.New("JWT configuration invalid")
	}
	opts := &storage.SignedURLOptions{
		GoogleAccessID: jwtc.Email,
		PrivateKey:     jwtc.PrivateKey,
		Method:         "GET",
		Expires:        expiry,
	}
	return storage.SignedURL(bucket, name, opts)
}