6

I have created a service using :

storage.Client(project='project_name', credentials=credentials)

https://googleapis.dev/python/storage/latest/client.html

And I'm able to upload, delete and list the files in a users Google Cloud bucket. I've seen an option to download the file to a server, but is there any option to get a downloadable link?

Marco
  • 1,709
  • 3
  • 17
  • 31
subin_john_
  • 61
  • 1
  • 1
  • 3

2 Answers2

4

You can get the downloadable link replacing the values of the following string:

https://storage.googleapis.com/{bucket.name}/{blob.name}

If you need to limit permissions or time to make the request, you can generate a Signed URL

A signed URL is a URL that provides limited permission and time to make a request. Signed URLs contain authentication information in their query string, allowing users without credentials to perform specific actions on a resource. When you generate a signed URL, you specify a user or service account which must have sufficient permission to make the request that the signed URL will make. After you generate a signed URL, anyone who possesses it can use the signed URL to perform specified actions, such as reading an object, within a specified period of time.

Jose V
  • 153
  • 2
  • What I want is to get downloadURL for files(type-not public) in a users Google Cloud bucket using the credentials got after the user authentication. I am able to create a signed url for files in my bucket using the service account file created in the same account. Is there any option similar to AWS where we can create a signed url for files in a another persons bucket using the authentication token. – subin_john_ Feb 03 '20 at 04:15
  • As I understand you want to get object link to download it in web browser? – Jaroslav Feb 03 '20 at 11:50
  • yes , but not for the files in my Google Cloud Storage. For the files in a users account using the token got after user authentication – subin_john_ Feb 05 '20 at 09:10
  • Seems this feature is not available in Google Cloud https://cloud.google.com/storage/docs/access-control/index – Jaroslav Feb 05 '20 at 14:09
  • I will recommend you create Feature Request in GCP here https://cloud.google.com/support/docs/issue-trackers – Jaroslav Feb 05 '20 at 14:10
  • ok will do that – subin_john_ Mar 03 '20 at 06:59
  • Any luck with this feature request? – vitooh Feb 19 '21 at 14:19
  • @subin_john_ Please could you share the Feature Request about downloading the file through a link after being authenticated ? – Pit Jun 28 '21 at 08:51
  • Hi Guys! I just found the FR regarding this functionality. Please keep in mind that there is no ETA for the functionality. I suggest to star the issue in order to be notified if there is any updates: https://issuetracker.google.com/issues/150633508 – drauedo Jul 06 '21 at 14:56
0

You cannot use an access token to sign a URL because access tokens are time limited (about an hour). An alternative to using the private key file to sign a url, is to use IAM's SignBlob functionality. You can use it with “gsutil” by the command ”gsutil signurl -u --” as mentioned in documentation. Note that with this method, the signed url is only valid for 12 hours, as compared to the maximum of 7 days as mentioned in the documentation

The signBlob service regularly rotates the private key that it uses. Signed URLs generated are usable for at least 12 hours, but may stop working prior to your set expiration time if the expiration time is greater 12 hours. Given this, signed URLs generated from signBlob are best used for short-lived access to resources.

Divyani Yadav
  • 176
  • 4