Skip to content

Commit

Permalink
GoogleCloud: Use V4 signed URLs (#994)
Browse files Browse the repository at this point in the history 
Update URL signing version from v2 to v4. Increase minimum
google-cloud-storage library version so that custom endpoints work
properly.
  • Loading branch information
@martey
martey authored Oct 1, 2021
1 parent c99f8ca commit 7ecaf37
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 8 deletions.
2 changes: 1 addition & 1 deletion setup.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ boto3 =
dropbox =
dropbox >= 7.2.1
google =
google-cloud-storage >= 1.15.0
google-cloud-storage >= 1.27.0
libcloud =
apache-libcloud
sftp =
Expand Down
7 changes: 5 additions & 2 deletions storages/backends/gcloud.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,11 +282,14 @@ def url(self, name):
quoted_name=_quote(name, safe=b"/~"),
)
elif not self.custom_endpoint:
return blob.generate_signed_url(self.expiration)
return blob.generate_signed_url(
expiration=self.expiration, version="v4"
)
else:
return blob.generate_signed_url(
bucket_bound_hostname=self.custom_endpoint,
expiration=self.expiration,
api_access_endpoint=self.custom_endpoint,
version="v4",
)

def get_available_name(self, name, max_length=None):
Expand Down
21 changes: 16 additions & 5 deletions tests/test_gcloud.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,9 @@ def test_url_not_public_file(self):
url = self.storage.url(secret_filename)
self.storage._bucket.blob.assert_called_with(secret_filename)
self.assertEqual(url, 'http://signed_url')
blob.generate_signed_url.assert_called_with(timedelta(seconds=86400))
blob.generate_signed_url.assert_called_with(
expiration=timedelta(seconds=86400), version="v4"
)

def test_url_not_public_file_with_custom_expires(self):
secret_filename = 'secret_file.txt'
Expand All @@ -344,7 +346,9 @@ def test_url_not_public_file_with_custom_expires(self):
url = self.storage.url(secret_filename)
self.storage._bucket.blob.assert_called_with(secret_filename)
self.assertEqual(url, 'http://signed_url')
blob.generate_signed_url.assert_called_with(timedelta(seconds=3600))
blob.generate_signed_url.assert_called_with(
expiration=timedelta(seconds=3600), version="v4"
)

def test_custom_endpoint(self):
self.storage.custom_endpoint = "https://example.com"
Expand All @@ -353,14 +357,21 @@ def test_custom_endpoint(self):
url = "{}/{}".format(self.storage.custom_endpoint, self.filename)
self.assertEqual(self.storage.url(self.filename), url)

signed_url = 'https://signed_url'
bucket_name = "hyacinth"
self.storage.default_acl = 'projectPrivate'
self.storage._bucket = mock.MagicMock()
blob = mock.MagicMock()
generate_signed_url = mock.MagicMock(return_value=signed_url)
generate_signed_url = mock.MagicMock()
blob.bucket = mock.MagicMock()
type(blob.bucket).name = mock.PropertyMock(return_value=bucket_name)
blob.generate_signed_url = generate_signed_url
self.storage._bucket.blob.return_value = blob
self.assertEqual(self.storage.url(self.filename), signed_url)
self.storage.url(self.filename)
blob.generate_signed_url.assert_called_with(
bucket_bound_hostname=self.storage.custom_endpoint,
expiration=timedelta(seconds=86400),
version="v4",
)

def test_get_available_name(self):
self.storage.file_overwrite = True
Expand Down

0 comments on commit 7ecaf37

Please sign in to comment.