12

I am using Google Cloud Storage to store images for my Google App Engine application and I'm trying to access the images like so:

<img src="https://storage.googleapis.com/BUCKET_NAME/IMAGE_NAME">

However, this displays "Access Denied" or presents me with a Google login prompt. Then I tried using Signed URLs to grant the client access.

I generated the URL to be signed like so:

String HTTP_Verb = "GET";
String Expiration = "1361993085";
String Canonicalized_Resource = "/bucket_name/sub_directory";
String stringToSign = HTTP_Verb + "\n" + Expiration + "\n" + Canonicalized_Resource;

And then generated Base64 with the p12 file and compiled using Java, but I got this error:

The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.

What am I doing wrong here? Is there way I can access images from GCS without authentication?

Bardi Harborow
  • 1,803
  • 1
  • 28
  • 41
Abraham K
  • 624
  • 1
  • 8
  • 24

4 Answers4

20

And finally after 2 days, got it working.here is the answer: My approach for this is wrong, no need for signed URL. i need to just add my bucket as public-read so that i can read it from browser request. thats all. open gsutil, type this:

gsutil -m acl -r set public-read gs://BUCKET_NAME

and set this as default for all future uploads

gsutil -m defacl set public-read gs://BUCKET_NAME

hope it helps someone !

Thanks to @kctang !

Mild Fuzz
  • 29,463
  • 31
  • 100
  • 148
Abraham K
  • 624
  • 1
  • 8
  • 24
  • No need `.py` if gsutll is set on PATH: => `gsutil -m defacl set public-read gs://BUCKET_NAME` => `gsutil -m acl set -R -a public-read gs://BUCKET_NAME` – eQ19 Apr 01 '15 at 07:54
  • We need also to enter an authorized id or email for the groups and users and a domain for the domains for the [bucket permission](https://cloud.google.com/storage/docs/cloud-console#_bucketpermission) otherwise you will get an error message like: `'DefAclCommand' object has no attribute 'continue_on_error'` – eQ19 Apr 02 '15 at 03:18
9

gsutil has been updated and you now need to do:

gsutil -m acl -r set public-read gs://bucket-name
gsutil -m defacl set public-read gs://bucket-name

P.S. For people unfamiliar with gsutil, here is how to install it.

Bardi Harborow
  • 1,803
  • 1
  • 28
  • 41
7

For a more general answer, the way to access an gs:// url is to use this format:

https://console.cloud.google.com/storage/browser/[BUCKET_NAME]/

For example, if the bucket you're trying to access is the Landsat public dataset,gs://gcp-public-data-landsat/ then you'd access the bucket with this url: https://console.cloud.google.com/storage/gcp-public-data-landsat/

Here's the documentation related to accessing a bucket:

  1. https://cloud.google.com/storage/docs/access-public-data
  2. https://cloud.google.com/storage/docs/cloud-console

Hope this helps!

Ryan Chase
  • 2,384
  • 4
  • 24
  • 33
1

You're missing the content-md5 and content-type fields in the string to be signed. They can be blank, but you still need \n separators. See this question for a working example of constructing the string to sign.

Community
  • 1
  • 1
jterrace
  • 64,866
  • 22
  • 157
  • 202