Docs Home
gcp.storage.getObjectSignedUrl
Explore with Pulumi AI
The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.
For more info about signed URL’s is available here.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const artifact = gcp.storage.getObjectSignedUrl({
bucket: "install_binaries",
path: "path/to/install_file.bin",
});
const vm = new gcp.compute.Instance("vm", {name: "vm"});
import pulumi
import pulumi_gcp as gcp
artifact = gcp.storage.get_object_signed_url(bucket="install_binaries",
path="path/to/install_file.bin")
vm = gcp.compute.Instance("vm", name="vm")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.GetObjectSignedUrl(ctx, &storage.GetObjectSignedUrlArgs{
Bucket: "install_binaries",
Path: "path/to/install_file.bin",
}, nil)
if err != nil {
return err
}
_, err = compute.NewInstance(ctx, "vm", &compute.InstanceArgs{
Name: pulumi.String("vm"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var artifact = Gcp.Storage.GetObjectSignedUrl.Invoke(new()
{
Bucket = "install_binaries",
Path = "path/to/install_file.bin",
});
var vm = new Gcp.Compute.Instance("vm", new()
{
Name = "vm",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;
import com.pulumi.gcp.compute.Instance;
import com.pulumi.gcp.compute.InstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var artifact = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()
.bucket("install_binaries")
.path("path/to/install_file.bin")
.build());
var vm = new Instance("vm", InstanceArgs.builder()
.name("vm")
.build());
}
}
resources:
vm:
type: gcp:compute:Instance
properties:
name: vm
variables:
artifact:
fn::invoke:
function: gcp:storage:getObjectSignedUrl
arguments:
bucket: install_binaries
path: path/to/install_file.bin
Full Example
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const getUrl = std.file({
input: "path/to/credentials.json",
}).then(invoke => gcp.storage.getObjectSignedUrl({
bucket: "fried_chicken",
path: "path/to/file",
contentMd5: "pRviqwS4c4OTJRTe03FD1w==",
contentType: "text/plain",
duration: "2d",
credentials: invoke.result,
extensionHeaders: {
"x-goog-if-generation-match": "1",
},
}));
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
get_url = gcp.storage.get_object_signed_url(bucket="fried_chicken",
path="path/to/file",
content_md5="pRviqwS4c4OTJRTe03FD1w==",
content_type="text/plain",
duration="2d",
credentials=std.file(input="path/to/credentials.json").result,
extension_headers={
"x-goog-if-generation-match": "1",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/storage"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := storage.GetObjectSignedUrl(ctx, &storage.GetObjectSignedUrlArgs{
Bucket: "fried_chicken",
Path: "path/to/file",
ContentMd5: pulumi.StringRef("pRviqwS4c4OTJRTe03FD1w=="),
ContentType: pulumi.StringRef("text/plain"),
Duration: pulumi.StringRef("2d"),
Credentials: pulumi.StringRef(std.File(ctx, &std.FileArgs{
Input: "path/to/credentials.json",
}, nil).Result),
ExtensionHeaders: map[string]interface{}{
"x-goog-if-generation-match": "1",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var getUrl = Gcp.Storage.GetObjectSignedUrl.Invoke(new()
{
Bucket = "fried_chicken",
Path = "path/to/file",
ContentMd5 = "pRviqwS4c4OTJRTe03FD1w==",
ContentType = "text/plain",
Duration = "2d",
Credentials = Std.File.Invoke(new()
{
Input = "path/to/credentials.json",
}).Result,
ExtensionHeaders =
{
{ "x-goog-if-generation-match", "1" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.storage.StorageFunctions;
import com.pulumi.gcp.storage.inputs.GetObjectSignedUrlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var getUrl = StorageFunctions.getObjectSignedUrl(GetObjectSignedUrlArgs.builder()
.bucket("fried_chicken")
.path("path/to/file")
.contentMd5("pRviqwS4c4OTJRTe03FD1w==")
.contentType("text/plain")
.duration("2d")
.credentials(StdFunctions.file(FileArgs.builder()
.input("path/to/credentials.json")
.build()).result())
.extensionHeaders(Map.of("x-goog-if-generation-match", 1))
.build());
}
}
variables:
getUrl:
fn::invoke:
function: gcp:storage:getObjectSignedUrl
arguments:
bucket: fried_chicken
path: path/to/file
contentMd5: pRviqwS4c4OTJRTe03FD1w==
contentType: text/plain
duration: 2d
credentials:
fn::invoke:
function: std:file
arguments:
input: path/to/credentials.json
return: result
extensionHeaders:
x-goog-if-generation-match: 1
Using getObjectSignedUrl
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getObjectSignedUrl(args: GetObjectSignedUrlArgs, opts?: InvokeOptions): Promise<GetObjectSignedUrlResult>
function getObjectSignedUrlOutput(args: GetObjectSignedUrlOutputArgs, opts?: InvokeOptions): Output<GetObjectSignedUrlResult>def get_object_signed_url(bucket: Optional[str] = None,
content_md5: Optional[str] = None,
content_type: Optional[str] = None,
credentials: Optional[str] = None,
duration: Optional[str] = None,
extension_headers: Optional[Mapping[str, str]] = None,
http_method: Optional[str] = None,
path: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetObjectSignedUrlResult
def get_object_signed_url_output(bucket: Optional[pulumi.Input[str]] = None,
content_md5: Optional[pulumi.Input[str]] = None,
content_type: Optional[pulumi.Input[str]] = None,
credentials: Optional[pulumi.Input[str]] = None,
duration: Optional[pulumi.Input[str]] = None,
extension_headers: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
http_method: Optional[pulumi.Input[str]] = None,
path: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetObjectSignedUrlResult]func GetObjectSignedUrl(ctx *Context, args *GetObjectSignedUrlArgs, opts ...InvokeOption) (*GetObjectSignedUrlResult, error)
func GetObjectSignedUrlOutput(ctx *Context, args *GetObjectSignedUrlOutputArgs, opts ...InvokeOption) GetObjectSignedUrlResultOutput> Note: This function is named GetObjectSignedUrl in the Go SDK.
public static class GetObjectSignedUrl
{
public static Task<GetObjectSignedUrlResult> InvokeAsync(GetObjectSignedUrlArgs args, InvokeOptions? opts = null)
public static Output<GetObjectSignedUrlResult> Invoke(GetObjectSignedUrlInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetObjectSignedUrlResult> getObjectSignedUrl(GetObjectSignedUrlArgs args, InvokeOptions options)
public static Output<GetObjectSignedUrlResult> getObjectSignedUrl(GetObjectSignedUrlArgs args, InvokeOptions options)
fn::invoke:
function: gcp:storage/getObjectSignedUrl:getObjectSignedUrl
arguments:
# arguments dictionaryThe following arguments are supported:
- Bucket string
- The name of the bucket to read the object from
- Path string
- The full path to the object inside the bucket
- Content
Md5 string - The MD5 digest value in Base64.
Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request. - Content
Type string - If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request. - Credentials string
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.NOTE the default google credentials configured by
gcloudsdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A validjsonservice account credentials key file must be used, as generated via Google cloud console.- Duration string
- For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats. - Extension
Headers Dictionary<string, string> - As needed. The server checks to make sure that the client provides matching values in requests using the signed URL.
Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google. - Http
Method string - What HTTP Method will the signed URL allow (defaults to
GET)
- Bucket string
- The name of the bucket to read the object from
- Path string
- The full path to the object inside the bucket
- Content
Md5 string - The MD5 digest value in Base64.
Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request. - Content
Type string - If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request. - Credentials string
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.NOTE the default google credentials configured by
gcloudsdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A validjsonservice account credentials key file must be used, as generated via Google cloud console.- Duration string
- For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats. - Extension
Headers map[string]string - As needed. The server checks to make sure that the client provides matching values in requests using the signed URL.
Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google. - Http
Method string - What HTTP Method will the signed URL allow (defaults to
GET)
- bucket String
- The name of the bucket to read the object from
- path String
- The full path to the object inside the bucket
- content
Md5 String - The MD5 digest value in Base64.
Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request. - content
Type String - If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request. - credentials String
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.NOTE the default google credentials configured by
gcloudsdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A validjsonservice account credentials key file must be used, as generated via Google cloud console.- duration String
- For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats. - extension
Headers Map<String,String> - As needed. The server checks to make sure that the client provides matching values in requests using the signed URL.
Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google. - http
Method String - What HTTP Method will the signed URL allow (defaults to
GET)
- bucket string
- The name of the bucket to read the object from
- path string
- The full path to the object inside the bucket
- content
Md5 string - The MD5 digest value in Base64.
Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request. - content
Type string - If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request. - credentials string
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.NOTE the default google credentials configured by
gcloudsdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A validjsonservice account credentials key file must be used, as generated via Google cloud console.- duration string
- For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats. - extension
Headers {[key: string]: string} - As needed. The server checks to make sure that the client provides matching values in requests using the signed URL.
Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google. - http
Method string - What HTTP Method will the signed URL allow (defaults to
GET)
- bucket str
- The name of the bucket to read the object from
- path str
- The full path to the object inside the bucket
- content_
md5 str - The MD5 digest value in Base64.
Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request. - content_
type str - If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request. - credentials str
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.NOTE the default google credentials configured by
gcloudsdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A validjsonservice account credentials key file must be used, as generated via Google cloud console.- duration str
- For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats. - extension_
headers Mapping[str, str] - As needed. The server checks to make sure that the client provides matching values in requests using the signed URL.
Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google. - http_
method str - What HTTP Method will the signed URL allow (defaults to
GET)
- bucket String
- The name of the bucket to read the object from
- path String
- The full path to the object inside the bucket
- content
Md5 String - The MD5 digest value in Base64.
Typically retrieved from
google_storage_bucket_object.object.md5hashattribute. If you provide this in the datasource, the client (e.g. browser, curl) must provide theContent-MD5HTTP header with this same value in its request. - content
Type String - If you specify this in the datasource, the client must provide the
Content-TypeHTTP header with the same value in its request. - credentials String
What Google service account credentials json should be used to sign the URL. This data source checks the following locations for credentials, in order of preference: data source
credentialsattribute, providercredentialsattribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.NOTE the default google credentials configured by
gcloudsdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A validjsonservice account credentials key file must be used, as generated via Google cloud console.- duration String
- For how long shall the signed URL be valid (defaults to 1 hour - i.e.
1h). See here for info on valid duration formats. - extension
Headers Map<String> - As needed. The server checks to make sure that the client provides matching values in requests using the signed URL.
Any header starting with
x-goog-is accepted but see the Google Docs for list of headers that are supported by Google. - http
Method String - What HTTP Method will the signed URL allow (defaults to
GET)
getObjectSignedUrl Result
The following output properties are available:
- Bucket string
- Id string
- The provider-assigned unique ID for this managed resource.
- Path string
- Signed
Url string - The signed URL that can be used to access the storage object without authentication.
- Content
Md5 string - Content
Type string - Credentials string
- Duration string
- Extension
Headers Dictionary<string, string> - Http
Method string
- Bucket string
- Id string
- The provider-assigned unique ID for this managed resource.
- Path string
- Signed
Url string - The signed URL that can be used to access the storage object without authentication.
- Content
Md5 string - Content
Type string - Credentials string
- Duration string
- Extension
Headers map[string]string - Http
Method string
- bucket String
- id String
- The provider-assigned unique ID for this managed resource.
- path String
- signed
Url String - The signed URL that can be used to access the storage object without authentication.
- content
Md5 String - content
Type String - credentials String
- duration String
- extension
Headers Map<String,String> - http
Method String
- bucket string
- id string
- The provider-assigned unique ID for this managed resource.
- path string
- signed
Url string - The signed URL that can be used to access the storage object without authentication.
- content
Md5 string - content
Type string - credentials string
- duration string
- extension
Headers {[key: string]: string} - http
Method string
- bucket str
- id str
- The provider-assigned unique ID for this managed resource.
- path str
- signed_
url str - The signed URL that can be used to access the storage object without authentication.
- content_
md5 str - content_
type str - credentials str
- duration str
- extension_
headers Mapping[str, str] - http_
method str
- bucket String
- id String
- The provider-assigned unique ID for this managed resource.
- path String
- signed
Url String - The signed URL that can be used to access the storage object without authentication.
- content
Md5 String - content
Type String - credentials String
- duration String
- extension
Headers Map<String> - http
Method String
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.