https://cloud.google.com/storage/docs/access-control/signing-urls-with-helpers?hl=ja
https://cloud.google.com/storage/docs/access-control/signed-urls?hl=ja
https://dev.to/suavebajaj/using-gsutil-signed-url-3pnj
-- 1. 前作業
gcloud init
gcloud auth list
gcloud --version
gcloud projects create project01-9999999 \
--name="project01"
gcloud config list
gcloud config set project project01-9999999
gcloud config set compute/region asia-northeast1 --quiet
gcloud config set compute/zone asia-northeast1-a --quiet
gcloud beta billing accounts list
gcloud beta billing projects link project01-9999999 --billing-account=111111-111111-111111
gcloud services enable compute.googleapis.com --project project01-9999999
gcloud components update
-- 2. バケットの作成
gsutil mb -c standard -l asia-northeast1 gs://bucket123
gsutil ls
-- 3. テストファイルのアップロード
echo test > test.txt
gsutil cp test.txt gs://bucket123
gsutil ls -r gs://bucket123
-- 4. サービス アカウント キーを作成する
gcloud iam service-accounts create sa123 \
--description="sa123" \
--display-name="sa123"
gcloud iam service-accounts list
gcloud projects add-iam-policy-binding project01-9999999 \
--member="serviceAccount:sa123@project01-9999999.iam.gserviceaccount.com" \
--role="roles/storage.admin"
gcloud projects get-iam-policy project01-9999999
gcloud iam service-accounts keys create ~/key01.json \
--iam-account=sa123@project01-9999999.iam.gserviceaccount.com
cat ~/key01.json
gcloud iam service-accounts keys list \
--iam-account=sa123@project01-9999999.iam.gserviceaccount.com
-- 5. オブジェクトをダウンロードする署名付き URL の作成
※下記エラー発生。参考サイトに従い環境変数セットでエラー解消
CommandException: The signurl command requires the pyopenssl library (try pip install pyopenssl or easy_install pyopenssl)
pip3 install pyopenssl
gcloud info --format="text(basic.python_location)"
export CLOUDSDK_PYTHON=python3
export CLOUDSDK_PYTHON_SITEPACKAGES=1
gsutil signurl -d 3m ~/key01.json gs://bucket123/test.txt
生成されたURLで3分間のみアクセス可能
-- 6. クリーンアップ
gsutil rm -r gs://bucket123
gsutil ls
gcloud projects list
gcloud projects delete project01-9999999 \
--quiet
