import * as pulumi from "@pulumi/pulumi"; /** * The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account. * * For more info about signed URL's is available [here](https://cloud.google.com/storage/docs/access-control/signed-urls). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const artifact = gcp.storage.getObjectSignedUrl({ * bucket: "install_binaries", * path: "path/to/install_file.bin", * }); * const vm = new gcp.compute.Instance("vm", {name: "vm"}); * ``` * * ## Full Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const getUrl = std.file({ * input: "path/to/credentials.json", * }).then(invoke => gcp.storage.getObjectSignedUrl({ * bucket: "fried_chicken", * path: "path/to/file", * contentMd5: "pRviqwS4c4OTJRTe03FD1w==", * contentType: "text/plain", * duration: "2d", * credentials: invoke.result, * extensionHeaders: { * "x-goog-if-generation-match": "1", * }, * })); * ``` */ export declare function getObjectSignedUrl(args: GetObjectSignedUrlArgs, opts?: pulumi.InvokeOptions): Promise; /** * A collection of arguments for invoking getObjectSignedUrl. */ export interface GetObjectSignedUrlArgs { /** * The name of the bucket to read the object from */ bucket: string; /** * The [MD5 digest](https://cloud.google.com/storage/docs/hashes-etags#_MD5) value in Base64. * Typically retrieved from `google_storage_bucket_object.object.md5hash` attribute. * If you provide this in the datasource, the client (e.g. browser, curl) must provide the `Content-MD5` HTTP header with this same value in its request. */ contentMd5?: string; /** * If you specify this in the datasource, the client must provide the `Content-Type` HTTP header with the same value in its request. */ contentType?: string; /** * What Google service account credentials json should be used to sign the URL. * This data source checks the following locations for credentials, in order of preference: data source `credentials` attribute, provider `credentials` attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable. * * > **NOTE** the default google credentials configured by `gcloud` sdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A valid `json` service account credentials key file must be used, as generated via Google cloud console. */ credentials?: string; /** * For how long shall the signed URL be valid (defaults to 1 hour - i.e. `1h`). * See [here](https://golang.org/pkg/time/#ParseDuration) for info on valid duration formats. */ duration?: string; /** * As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. * Any header starting with `x-goog-` is accepted but see the [Google Docs](https://cloud.google.com/storage/docs/xml-api/reference-headers) for list of headers that are supported by Google. */ extensionHeaders?: { [key: string]: string; }; /** * What HTTP Method will the signed URL allow (defaults to `GET`) */ httpMethod?: string; /** * The full path to the object inside the bucket */ path: string; } /** * A collection of values returned by getObjectSignedUrl. */ export interface GetObjectSignedUrlResult { readonly bucket: string; readonly contentMd5?: string; readonly contentType?: string; readonly credentials?: string; readonly duration?: string; readonly extensionHeaders?: { [key: string]: string; }; readonly httpMethod?: string; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; readonly path: string; /** * The signed URL that can be used to access the storage object without authentication. */ readonly signedUrl: string; } /** * The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account. * * For more info about signed URL's is available [here](https://cloud.google.com/storage/docs/access-control/signed-urls). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const artifact = gcp.storage.getObjectSignedUrl({ * bucket: "install_binaries", * path: "path/to/install_file.bin", * }); * const vm = new gcp.compute.Instance("vm", {name: "vm"}); * ``` * * ## Full Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * import * as std from "@pulumi/std"; * * const getUrl = std.file({ * input: "path/to/credentials.json", * }).then(invoke => gcp.storage.getObjectSignedUrl({ * bucket: "fried_chicken", * path: "path/to/file", * contentMd5: "pRviqwS4c4OTJRTe03FD1w==", * contentType: "text/plain", * duration: "2d", * credentials: invoke.result, * extensionHeaders: { * "x-goog-if-generation-match": "1", * }, * })); * ``` */ export declare function getObjectSignedUrlOutput(args: GetObjectSignedUrlOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output; /** * A collection of arguments for invoking getObjectSignedUrl. */ export interface GetObjectSignedUrlOutputArgs { /** * The name of the bucket to read the object from */ bucket: pulumi.Input; /** * The [MD5 digest](https://cloud.google.com/storage/docs/hashes-etags#_MD5) value in Base64. * Typically retrieved from `google_storage_bucket_object.object.md5hash` attribute. * If you provide this in the datasource, the client (e.g. browser, curl) must provide the `Content-MD5` HTTP header with this same value in its request. */ contentMd5?: pulumi.Input; /** * If you specify this in the datasource, the client must provide the `Content-Type` HTTP header with the same value in its request. */ contentType?: pulumi.Input; /** * What Google service account credentials json should be used to sign the URL. * This data source checks the following locations for credentials, in order of preference: data source `credentials` attribute, provider `credentials` attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable. * * > **NOTE** the default google credentials configured by `gcloud` sdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A valid `json` service account credentials key file must be used, as generated via Google cloud console. */ credentials?: pulumi.Input; /** * For how long shall the signed URL be valid (defaults to 1 hour - i.e. `1h`). * See [here](https://golang.org/pkg/time/#ParseDuration) for info on valid duration formats. */ duration?: pulumi.Input; /** * As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. * Any header starting with `x-goog-` is accepted but see the [Google Docs](https://cloud.google.com/storage/docs/xml-api/reference-headers) for list of headers that are supported by Google. */ extensionHeaders?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * What HTTP Method will the signed URL allow (defaults to `GET`) */ httpMethod?: pulumi.Input; /** * The full path to the object inside the bucket */ path: pulumi.Input; }