@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
199 lines (198 loc) • 8.32 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
/**
* The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.
*
* For more info about signed URL's is available [here](https://cloud.google.com/storage/docs/access-control/signed-urls).
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const artifact = gcp.storage.getObjectSignedUrl({
* bucket: "install_binaries",
* path: "path/to/install_file.bin",
* });
* const vm = new gcp.compute.Instance("vm", {name: "vm"});
* ```
*
* ## Full Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
*
* const getUrl = std.file({
* input: "path/to/credentials.json",
* }).then(invoke => gcp.storage.getObjectSignedUrl({
* bucket: "fried_chicken",
* path: "path/to/file",
* contentMd5: "pRviqwS4c4OTJRTe03FD1w==",
* contentType: "text/plain",
* duration: "2d",
* credentials: invoke.result,
* extensionHeaders: {
* "x-goog-if-generation-match": "1",
* },
* }));
* ```
*/
export declare function getObjectSignedUrl(args: GetObjectSignedUrlArgs, opts?: pulumi.InvokeOptions): Promise<GetObjectSignedUrlResult>;
/**
* A collection of arguments for invoking getObjectSignedUrl.
*/
export interface GetObjectSignedUrlArgs {
/**
* The name of the bucket to read the object from
*/
bucket: string;
/**
* The [MD5 digest](https://cloud.google.com/storage/docs/hashes-etags#_MD5) value in Base64.
* Typically retrieved from `google_storage_bucket_object.object.md5hash` attribute.
* If you provide this in the datasource, the client (e.g. browser, curl) must provide the `Content-MD5` HTTP header with this same value in its request.
*/
contentMd5?: string;
/**
* If you specify this in the datasource, the client must provide the `Content-Type` HTTP header with the same value in its request.
*/
contentType?: string;
/**
* What Google service account credentials json should be used to sign the URL.
* This data source checks the following locations for credentials, in order of preference: data source `credentials` attribute, provider `credentials` attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.
*
* > **NOTE** the default google credentials configured by `gcloud` sdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A valid `json` service account credentials key file must be used, as generated via Google cloud console.
*/
credentials?: string;
/**
* For how long shall the signed URL be valid (defaults to 1 hour - i.e. `1h`).
* See [here](https://golang.org/pkg/time/#ParseDuration) for info on valid duration formats.
*/
duration?: string;
/**
* As needed. The server checks to make sure that the client provides matching values in requests using the signed URL.
* Any header starting with `x-goog-` is accepted but see the [Google Docs](https://cloud.google.com/storage/docs/xml-api/reference-headers) for list of headers that are supported by Google.
*/
extensionHeaders?: {
[key: string]: string;
};
/**
* What HTTP Method will the signed URL allow (defaults to `GET`)
*/
httpMethod?: string;
/**
* The full path to the object inside the bucket
*/
path: string;
}
/**
* A collection of values returned by getObjectSignedUrl.
*/
export interface GetObjectSignedUrlResult {
readonly bucket: string;
readonly contentMd5?: string;
readonly contentType?: string;
readonly credentials?: string;
readonly duration?: string;
readonly extensionHeaders?: {
[key: string]: string;
};
readonly httpMethod?: string;
/**
* The provider-assigned unique ID for this managed resource.
*/
readonly id: string;
readonly path: string;
/**
* The signed URL that can be used to access the storage object without authentication.
*/
readonly signedUrl: string;
}
/**
* The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.
*
* For more info about signed URL's is available [here](https://cloud.google.com/storage/docs/access-control/signed-urls).
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const artifact = gcp.storage.getObjectSignedUrl({
* bucket: "install_binaries",
* path: "path/to/install_file.bin",
* });
* const vm = new gcp.compute.Instance("vm", {name: "vm"});
* ```
*
* ## Full Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as std from "@pulumi/std";
*
* const getUrl = std.file({
* input: "path/to/credentials.json",
* }).then(invoke => gcp.storage.getObjectSignedUrl({
* bucket: "fried_chicken",
* path: "path/to/file",
* contentMd5: "pRviqwS4c4OTJRTe03FD1w==",
* contentType: "text/plain",
* duration: "2d",
* credentials: invoke.result,
* extensionHeaders: {
* "x-goog-if-generation-match": "1",
* },
* }));
* ```
*/
export declare function getObjectSignedUrlOutput(args: GetObjectSignedUrlOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetObjectSignedUrlResult>;
/**
* A collection of arguments for invoking getObjectSignedUrl.
*/
export interface GetObjectSignedUrlOutputArgs {
/**
* The name of the bucket to read the object from
*/
bucket: pulumi.Input<string>;
/**
* The [MD5 digest](https://cloud.google.com/storage/docs/hashes-etags#_MD5) value in Base64.
* Typically retrieved from `google_storage_bucket_object.object.md5hash` attribute.
* If you provide this in the datasource, the client (e.g. browser, curl) must provide the `Content-MD5` HTTP header with this same value in its request.
*/
contentMd5?: pulumi.Input<string>;
/**
* If you specify this in the datasource, the client must provide the `Content-Type` HTTP header with the same value in its request.
*/
contentType?: pulumi.Input<string>;
/**
* What Google service account credentials json should be used to sign the URL.
* This data source checks the following locations for credentials, in order of preference: data source `credentials` attribute, provider `credentials` attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.
*
* > **NOTE** the default google credentials configured by `gcloud` sdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A valid `json` service account credentials key file must be used, as generated via Google cloud console.
*/
credentials?: pulumi.Input<string>;
/**
* For how long shall the signed URL be valid (defaults to 1 hour - i.e. `1h`).
* See [here](https://golang.org/pkg/time/#ParseDuration) for info on valid duration formats.
*/
duration?: pulumi.Input<string>;
/**
* As needed. The server checks to make sure that the client provides matching values in requests using the signed URL.
* Any header starting with `x-goog-` is accepted but see the [Google Docs](https://cloud.google.com/storage/docs/xml-api/reference-headers) for list of headers that are supported by Google.
*/
extensionHeaders?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* What HTTP Method will the signed URL allow (defaults to `GET`)
*/
httpMethod?: pulumi.Input<string>;
/**
* The full path to the object inside the bucket
*/
path: pulumi.Input<string>;
}