I created a Google Compute Engine (GCE) instance with service account enabled for cloud storage. I have a php app running on that instance which needs to transfer uploaded files to a specific bucket I have in Google Cloud Storage.
The client ID credentials were created with the application type as "Service Account". After that, a json file was automatically generated and downloaded to my pc. The file contains the following:
{
"private_key_id": "111111111111111111111111111111111",
"private_key": "111111111111111111111111111111111",
"client_email": "111111111111111111111111111111111",
"client_id": "111111111111111111111111111111111",
"type": "service_account"
}
I replaced the actual values with 1s. What I am trying to find out is how to use the above json key file to authenticate my php app for accessing google cloud storage ?
The example provided at this link
https://github.com/google/google-api-php-client/blob/master/examples/service-account.php
utilizes a key file of a different format (key.p12). Any hints on how to use the json key file that was generated above instead ?
Is there any specific reason why you prefer to use JSON key instead of the P12 key?
If not, when you create the client ID credentials you should be able to download the P12 key.
Please visit https://developers.google.com/storage/docs/authentication#about-the-client-ID to see how the section related to that client ID looks like, there you can download that key clicking on "Generate new P12 key".
Related
I want to retrieve value from the arn(AWS Resource Names) using aws secret manager in php. I already had the arn(arn:aws:secretsmanager:Regionxxx:xxxxx:secret:xxxxx). I get aws credentials exception when I implement in the program. I don’t have aws credentials. In Java, aws credentials are not required to retrieve value using aws secrets manager. Is there a way to be able to retrieve the secrets value without aws credentials in php?
I'm developing a feature in my web app to convert some .dwg stored in an s3 bucket to pdf with AutoDesk Forge API.
This is the documentation that I'm following
With GDrive I can make it work, but I can't if I use S3 as Output
I think it's because I need the signature token of AWS
The easiest way with S3 would be signed URL so our service can have anonymous access temporarily w/o a token to upload the outputs - see details here.
And see here to obtain an access token for your S3 buckets to put in the header authorization option of your workitem payload.
I have a google cloud storage bucket and I want to access it only using Cloud CDN.
I have created load balancer, created signing key and added service account to it almost all permissions like Storage Admin, Storage Bucket Admin, Storage Legacy Bucket Owner etc.
Now I'm trying to access bucket content using SignedUrl with Php. it generates the signedURL but it gives
403. That’s an error.
Your client does not have permission to get URL
I have even tried it through gcloud compute sign-url. it does generate a signed url but it also gives same error.
Reprocuction steps:
gcloud sign-url from cmd:
gcloud compute sign-url URL --expires-in=1566561600 --key-file=KEY_FILE --key-name=SIGNING_KEY
where URL is generated IP from load balancer, expire time is of course future timestamp, key--file is generated json key file from service account, --key-name is signing key from origin details details
Same thing I've applied to php code where I'm generating signed url, I've taken reference from https://github.com/GoogleCloudPlatform/php-docs-samples
Service account seems to works perfectly when I'm not using CDN, If I access bucket without CDN it works as expected
Is there something wrong with the process I've followed?
Cloud Storage has a built-in CDN, so using Cloud Storage signed URL for your use case should suffice. In regards to using signed URLs, internally they work approximately the same, and generate the URL almost the same way.
I could be able to upload the file from my server using the cloud storage php API(objects->insert).
Is there a way to do the same from the user end to the Google cloud storage using the same? or only App Engine is best available way?
Users can upload files directly to Google Cloud Storage. There is no need to go through your App Engine instance.
Edit 2021:
New documentation for uploading files to Google Cloud Storage:
https://cloud.google.com/storage/docs/uploading-objects#storage-upload-object-php
An old question, but since one of the few Google results for how to do this is that php example, thought I'd answer this. You can generate a signed link without the App Engine API, as detailed here, but since "you must have an OAuth client ID and private keys for a service account type application" you'd need to do it from a server (or Cloud Function) that you control rather than 'from the user end'.
Where do I get the Amazon API Key and Amazon Secret Key to use in the Zend framework?
Does keys from Amazon S3 work there?
Infact, I am confused where to signup.
Could you give me the link to signup?
Thanks
You can register your AWS account here: https://aws-portal.amazon.com/gp/aws/developer/registration/index.html
After that you need the Access Credentials, which you get on the AWS Security Credentials page. Go there, log in (if needed) and take a look at the "Access Key"-tab. Copy the Access Key ID (Amazon API Key) and the Secret Access Key (Amazon Secret Key) to your Zend application.
for starters check out the ZF issue tracker for the Amazon services patch and if you need to you can sign up for the Amazon affiliate key