github.com/koding/terraform@v0.6.4-0.20170608090606-5d7e0339779d/website/source/docs/providers/google/d/signed_url.html.markdown (about) 1 --- 2 layout: "google" 3 page_title: "Google: google_storage_object_signed_url" 4 sidebar_current: "docs-google-datasource-signed_url" 5 description: |- 6 Provides signed URL to Google Cloud Storage object. 7 --- 8 9 # google\_storage\_object\_signed_url 10 11 The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account. 12 13 For more info about signed URL's is available [here](https://cloud.google.com/storage/docs/access-control/signed-urls). 14 15 ## Example Usage 16 17 ```hcl 18 data "google_storage_object_signed_url" "artifact" { 19 bucket = "install_binaries" 20 path = "path/to/install_file.bin" 21 22 } 23 24 resource "google_compute_instance" "vm" { 25 name = "vm" 26 ... 27 28 provisioner "remote-exec" { 29 inline = [ 30 "wget '${data.google_storage_object_signed_url.artifact.signed_url}' -O install_file.bin", 31 "chmod +x install_file.bin", 32 "./install_file.bin" 33 ] 34 } 35 } 36 ``` 37 38 ## Full Example 39 40 ```hcl 41 data "google_storage_object_signed_url" "get_url" { 42 bucket = "fried_chicken" 43 path = "path/to/file" 44 content_md5 = "pRviqwS4c4OTJRTe03FD1w==" 45 content_type = "text/plain" 46 duration = "2d" 47 credentials = "${file("path/to/credentials.json")}" 48 49 extension_headers { 50 x-goog-if-generation-match = 1 51 } 52 } 53 ``` 54 55 ## Argument Reference 56 57 The following arguments are supported: 58 59 * `bucket` - (Required) The name of the bucket to read the object from 60 * `path` - (Required) The full path to the object inside the bucket 61 * `http_method` - (Optional) What HTTP Method will the signed URL allow (defaults to `GET`) 62 * `duration` - (Optional) For how long shall the signed URL be valid (defaults to 1 hour - i.e. `1h`). 63 See [here](https://golang.org/pkg/time/#ParseDuration) for info on valid duration formats. 64 * `credentials` - (Optional) What Google service account credentials json should be used to sign the URL. 65 This data source checks the following locations for credentials, in order of preference: data source `credentials` attribute, provider `credentials` attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable. 66 67 > **NOTE** the default google credentials configured by `gcloud` sdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A valid `json` service account credentials key file must be used, as generated via Google cloud console. 68 69 * `content_type` - (Optional) If you specify this in the datasource, the client must provide the `Content-Type` HTTP header with the same value in its request. 70 * `content_md5` - (Optional) The [MD5 digest](https://cloud.google.com/storage/docs/hashes-etags#_MD5) value in Base64. 71 Typically retrieved from `google_storage_bucket_object.object.md5hash` attribute. 72 If you provide this in the datasource, the client (e.g. browser, curl) must provide the `Content-MD5` HTTP header with this same value in its request. 73 * `extension_headers` - (Optional) As needed. The server checks to make sure that the client provides matching values in requests using the signed URL. 74 Any header starting with `x-goog-` is accepted but see the [Google Docs](https://cloud.google.com/storage/docs/xml-api/reference-headers) for list of headers that are supported by Google. 75 76 77 ## Attributes Reference 78 79 The following attributes are exported: 80 81 * `signed_url` - The signed URL that can be used to access the storage object without authentication.