feat(storage): better error messages in signed URLs #11741
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The error messages for signed URL functions (`CreateV2SignedUrl()`, `CreateV4SignedUrl()` and `CreatedSignedPolicyDocument()`) were not helpful when the signing account is missing.
product-auto-label
bot
added
the
api: storage
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #11741 +/- ##
=======================================
Coverage 93.76% 93.76%
=======================================
Files 1831 1831
Lines 165012 165033 +21
=======================================
+ Hits 154729 154749 +20
- Misses 10283 10284 +1
☔ View full report in Codecov by Sentry. |
dbolduc
approved these changes
May 27, 2023
There was a problem hiding this comment.
Reviewed 3 of 3 files at r1, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @coryan)
google/cloud/storage/client.cc line 361 at r1 (raw file):
std::string signing_account_email = SigningEmail(signing_account);
Looks like we should move this after the "sign locally" attempt.
// First try to sign locally.
auto signed_blob = credentials->SignBlob(signing_account, string_to_sign);
if (signed_blob) {
return SignBlobResponseRaw{credentials->KeyId(), *std::move(signed_blob)};
}
// If signing locally fails that may be because the credentials do not
// support signing, or because the signing account is different than the
// credentials account. In either case, try to sign using the API.
std::string signing_account_email = SigningEmail(signing_account);
if (signing_account_email.empty()) {
return google::cloud::internal::InvalidArgumentError(
"signing account cannot be empty."
" The client library was unable to fetch a valid signing email from"
" the configured credentials, and the application did not provide"
" a value in the `google::cloud::storage::SigningAccount` option.",
GCP_ERROR_INFO());
}
internal::SignBlobRequest sign_request(
signing_account_email, internal::Base64Encode(string_to_sign), {});
coryan
commented
May 27, 2023
There was a problem hiding this comment.
Reviewable status: 2 of 3 files reviewed, 1 unresolved discussion (waiting on @dbolduc)
google/cloud/storage/client.cc line 361 at r1 (raw file):
Previously, dbolduc (Darren Bolduc) wrote…
Looks like we should move this after the "sign locally" attempt.
// First try to sign locally. auto signed_blob = credentials->SignBlob(signing_account, string_to_sign); if (signed_blob) { return SignBlobResponseRaw{credentials->KeyId(), *std::move(signed_blob)}; } // If signing locally fails that may be because the credentials do not // support signing, or because the signing account is different than the // credentials account. In either case, try to sign using the API. std::string signing_account_email = SigningEmail(signing_account); if (signing_account_email.empty()) { return google::cloud::internal::InvalidArgumentError( "signing account cannot be empty." " The client library was unable to fetch a valid signing email from" " the configured credentials, and the application did not provide" " a value in the `google::cloud::storage::SigningAccount` option.", GCP_ERROR_INFO()); } internal::SignBlobRequest sign_request( signing_account_email, internal::Base64Encode(string_to_sign), {});
Done.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The error messages for signed URL functions (
CreateV2SignedUrl(),CreateV4SignedUrl()andCreatedSignedPolicyDocument()) were not helpful when the signing account is missing.Fixes #11740
This change is