Search code examples
google-cloud-platformurlbucketsigned

Google Signed Url Expiry issue


I am facing the issue with google signed URL expiry time. I want to signed URL expire in 5 seconds but its not expiring. here is my python code:

from datetime import datetime,timezone

                expiration_time = datetime.now(timezone.utc) + timedelta(seconds=5)
                

                bucket = client.get_bucket(settings.GS_BUCKET_NAME)
                blob = bucket.blob(object_name)
                signed_url = blob.generate_signed_url(expiration=expiration_time)

Even I have tried with this code as well getting same issue

storage_client = storage.Client()
    bucket = storage_client.bucket(bucket_name)
    blob = bucket.blob(blob_name)

    url = blob.generate_signed_url(
        version="v4",
        # This URL is valid for 5 seconds
        expiration=datetime.timedelta(seconds=5),
        # Allow GET requests using this URL.
        method="GET",
    )

    print("Generated GET signed URL:")
    print(url)
    print("You can use this URL with any user agent, for example:")
    print(f"curl '{url}'")
    return url

Thanks in advance


Solution

  • The ~code works for me.

    python3 -m venv venv
    source venv/bin/activate
    python3 -m pip install google-cloud-storage
    
    export PROJECT="..."
    export BUCKET="..."
    export BLOB="..."
    
    ACCOUNT="tester"
    EMAIL=${ACCOUNT}@${PROJECT}.iam.gserviceaccount.com
    
    gcloud iam service-accounts create ${ACCOUNT} \
    --project=${PROJECT}
    
    gcloud iam service-accounts keys create ${PWD}/${ACCOUNT}.json \
    --iam-account=${EMAIL} \
    --project=${PROJECT}
    
    # Too broad, but ...
    gcloud projects add-iam-policy-binding ${PROJECT} \
    --member=serviceAccount:${EMAIL} \
    --role=roles/storage.admin
    
    export GOOGLE_APPLICATION_CREDENTIALS=${PWD}/${ACCOUNT}.json
    
    python3 main.py
    

    main.py:

    import logging
    import os
    import requests
    import time
    
    from datetime import datetime,timedelta,timezone
    from google.cloud import storage
    
    
    logging.basicConfig(format='%(asctime)s: %(message)s', level=logging.INFO)
    
    project = os.getenv("PROJECT")
    bucket_name = os.getenv("BUCKET")
    blob_name = os.getenv("BLOB")
    
    
    duration: float = 5
    
    storage_client = storage.Client(project=project)
    bucket = storage_client.bucket(bucket_name)
    blob = bucket.blob(blob_name)
    
    url = blob.generate_signed_url(
        version="v4",
        expiration=datetime.now(timezone.utc) + timedelta(seconds=duration),
        method="GET",
    )
    logging.info("Received URL")
    
    logging.info("Calling")
    logging.info(f"Received: {requests.get(url).status_code}")
    
    logging.info(f"Sleeping: {duration}")
    time.sleep(duration)
    
    logging.info("Calling")
    logging.info(f"Received: {requests.get(url).status_code}")
    
    

    Yields:

    2024-08-16 10:25:04,374: Received URL
    2024-08-16 10:25:04,374: Calling
    2024-08-16 10:25:04,503: Received: 200
    2024-08-16 10:25:04,504: Sleeping: 5
    2024-08-16 10:25:09,504: Calling
    2024-08-16 10:25:09,590: Received: 400