search

googleapis / nodejs-storage

Node.js client for Google Cloud Storage: unified object storage for developers and enterprises, from live data serving to data analytics/ML to data archiving.
https://cloud.google.com/storage/
Apache License 2.0
896 stars 370 forks source link

how to access storage with impersonated token? #2427

Closed da1z closed 6 months ago

da1z commented 6 months ago

Hello, I am trying to create signed url by using impersonated account token but I am getting error: Error: Cannot sign data without client_email.

how i create impersonated token:

  const googleAuth = new GoogleAuth({
    keyFilename: 'key.json',
    scopes: ['https://www.googleapis.com/auth/cloud-platform'],
  });
  const client = await googleAuth.getClient();
  let targetClient = new Impersonated({
    sourceClient: client,
    targetPrincipal:
      'impersonated-account@*.iam.gserviceaccount.com',
    lifetime: 300,
    delegates: [],
    targetScopes: ['https://www.googleapis.com/auth/cloud-platform'],
  });
  const token = await targetClient.getAccessToken();

then I am creating storage client and trying to get signed url:

  const storage = new Storage({
    token: token.token!,
  });

  const options = {
    version: 'v4',
    action: 'read',
    expires: Date.now() + 15 * 60 * 1000, // 15 minutes
  } satisfies GetSignedUrlConfig;

  const [url] = await storage
    .bucket('local-art-publisher')
    .file('test.txt')
    .getSignedUrl(options);
ddelgrosso1 commented 6 months ago

Hi @da1z please see https://github.com/googleapis/nodejs-storage/issues/2381 which may be of assistance.

ddelgrosso1 commented 6 months ago

Wanted to check if you were able to resolve this issue @da1z?

ddelgrosso1 commented 6 months ago

Going to close this out. If there are additional questions, please feel free to reopen.