forked from TrueCloudLab/distribution
update: support redirects in gcs storage with default credentials
Signed-off-by: Tadeusz Dudkiewicz <tadeusz.dudkiewicz@rtbhouse.com>
This commit is contained in:
parent
5c662eb1c2
commit
de450c903a
2 changed files with 4 additions and 4 deletions
|
@ -17,4 +17,8 @@ An implementation of the `storagedriver.StorageDriver` interface which uses Goog
|
|||
|
||||
{{< hint type=note >}}
|
||||
Instead of a key file you can use [Google Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials).
|
||||
|
||||
To use redirects with default credentials assigned to a virtual machine you have to enable "IAM Service Account Credentials API" and grant `iam.serviceAccounts.signBlob` permission on the used service account.
|
||||
|
||||
To use redirects with default credentials from Google Cloud CLI, in addition to the permissions mentioned above, you have to [impersonate the service account intended to be used by the registry](https://cloud.google.com/sdk/gcloud/reference#--impersonate-service-account).
|
||||
{{< /hint >}}
|
||||
|
|
|
@ -785,10 +785,6 @@ func (d *driver) Delete(ctx context.Context, path string) error {
|
|||
// RedirectURL returns a URL which may be used to retrieve the content stored at
|
||||
// the given path, possibly using the given options.
|
||||
func (d *driver) RedirectURL(r *http.Request, path string) (string, error) {
|
||||
if d.privateKey == nil {
|
||||
return "", nil
|
||||
}
|
||||
|
||||
if r.Method != http.MethodGet && r.Method != http.MethodHead {
|
||||
return "", nil
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue