Google Cloud Storage setup log

• Installing Google Cloud SDK
  I already installed google-appengine-python from AUR and someone commented google-appengine-python and google-cloud-sdk has conflict because both have dev_appserver.py. So I removed google-appengine-python before installing google-cloud-sdk but there is no dev_appserver.py command so I installed google-appengine-python again and dev_appserver.py works just fine.

• Using gsutil
  get help gsutil help or gsutil help cp

  • login
    gcloud auth login
  • create bucket under project
    gsutil mb -c S -l ASIA -p <project-id>
  • make directory and upload data
    gsutil can’t create empty folder except uploading empty directory.
    gsutil cp -r dir gs:<bucket-id>

Fetching data on Cloud Storage from application

We created bucket on Google Cloud Storage and upload data to that.
Now we want to use that data from our application.

There are two ways to use data on the Cloud Storage.
1. fetch data by end user app (javascript/android/ios app)
2. fetch data by app server then pass it to end user app (enduser can’t get data from Cloud Storage directory)

For 1. we need to make Cloud Storage bucket public at least for reading data. For 2. we need make our app server can authenticate to get access right by using google service account (service account is already set up automatically)

Fetching data on public bucket

Anyone on the internet can get data on GCS public bucket. To make bucket public there are several ways and here is some of them.

Make GCS Bucket and Object Public

Using acl ch

$ gsutil acl ch -u AllUsers:R gs://<bucket_name>/<obj_name>

-u AllUsers:R means “make anyone on the internet have right to read this object”

Commane below make bucket default acl public and all object uploaded to this bucket will be publicly readable.

$ gsutil defacl set public-read gs://<bucket_name>/<obj_name>

Fetch data from Public GCS Bucket

To fetch data from public bucket use Google Cloud Storage API because that does not require authentication. The link bucket or object has on the Google Cloud Console redirect to Google account login page.

Use this link

http://storage.googleapis.com/<bucket-name>/path/to/object

See https://cloud.google.com/storage/docs/access-public-data .

Cloud Storage Authentication

Currently newly created bucket is accessible via internet but users except owner get access denied because they have no right to read or write object in that bucket.
Let’s check current authentication

$ dsutil acl get gs://example

CORS - doc

See also https://cloud.google.com/storage/docs/cross-origin .
This command is supported for buckets only not object.

$ gsutil cors set cors_json_file.json gs://example

Example CORS JSON document looks like this.

[
  {
    "origin": ["http://origin1.example.com"],
    "responseHeader": ["Content-Type"],
    "method": ["GET"],
    "maxAgeSeconds": 3600
  }
]

Remove CORS

Following empty CORS JSON document removes all CORS configuration for a bucket.

[]

• ewee

Written with StackEdit.