Search code examples
google-cloud-storagegoogle-cloud-iamgoogle-cloud-api-gateway

How can a Google Cloud API Gateway endpoint deliver data from a Cloud Storage file?

I'm in the process of building a large API that will use Google Cloud API Gateway to route various endpoints to different services – some may be serverless Cloud Functions, others will be served by a Rails app in our Kubernetes clusters, and so on.

We will have a selection of informational endpoints that require unauthenticated access from the client, where the information will rarely change – once every few months as a ballpark. I was hoping to write the contents of those endpoints out to Google Cloud Storage (in a bucket that isn't world-readable), then allow the API Gateway config to point specific endpoints to them (a world-readable bucket wouldn't meet the security criteria for this project).

I've created a custom service account for the API gateway and given it a Storage Object Viewer role for the bucket concerned.

However, after creating the API config using that service account and requesting the endpoint in Postman, instead of getting the JSON output that I expected I see the HTML of a Google sign-in page.

The endpoint definition in my OpenAPI configuration:

paths:
  /products:
    get:
      x-google-backend:
        address: https://storage.cloud.google.com/<BUCKET_NAME>/products.json
      summary: List of products in JSON format
      operationId: listProductsJson
      produces:
        - application/json
      responses:
        "200":
          description: a product list
          schema:
            type: array
            items:
              $ref: '#/definitions/Product'

And this is the Postman response:

Postman screen grab showing Google login HTML

Are there ways to get this set up working, or even to debug what's going on here? I've seen people have similar woes around Cloud Functions and the JWT aud value, but following what worked for them doesn't seem to have any effect on Cloud Storage.

Any help would be much appreciated! (I'm a newbie to GCloud world, so if anybody has alternative implementations for these kinds of mostly static endpoints, that'd be cool too.)

Solution

  • You aren't using the correct URL. Use https://storage.googleapis.com/<BUCKET_NAME>/products.json instead of https://storage.cloud.google.com/<BUCKET_NAME>/products.json