Google Cloud Storage – 最佳方式是让客户上传数据到他们自己的存储桶是什么?

huangapple go评论70阅读模式
英文:

Google Cloud Storage - What is the best way to let a customer upload data to their own bucket?

问题

我们想要让客户将他们的文档上传到他们具有独占访问权限的存储桶。我们考虑过:

  1. 服务帐户:我们向他们发送JSON文件,并设置他们的存储桶,以便该服务帐户可以访问。
  2. 带有写入权限的已签名URL:设置更复杂,客户会访问一个端点,每次获取一个已签名的URL,然后可以使用它进行POST请求。
  3. 自定义帐户:我们是否可以为他们创建一个合法的Google Cloud帐户,具有极窄的权限?

我们不知道针对这个问题的推荐解决方案。

我们已经开始实施服务帐户,但我们担心权限升级。

通常,他们会使用现有的SDK之一将数据上传到存储桶。

英文:

We would like to let a customer upload their docs to a bucket they have exclusive access to. We have considered:

  1. A service account: we send them the json file and we set up their bucket so that that service account can access it.
  2. A signed url with write auths: more complex to set-up, customers would hit an endpoint, get a signed url each time, and they can use it to POST
  3. A custom account: could we create a legit google cloud account for them with super-narrow permissions?

We don't know what's the recommended go-to solution for that problem.

We have started implementing a service account, but we fear privilege escalation

Typically, they would be uploading data to the bucket using one of the available SDKs

答案1

得分: 3

将此发布为社区维基,以便其他人从中受益。


如@John Hanley所提到的:

如果他们正在使用SDK,您可以将他们的电子邮件地址添加到存储桶的IAM中,然后他们可以使用gcloud auth application-default login 进行身份验证。查看Google Cloud ADC的工作原理。


参考链接:

英文:

Posting this as a community wiki so that others can benefit from it.
<hr>
As mentioned by @John Hanley:

> If they are using the SDK, you can add their email address to the bucket's IAM and they can authenticate using gcloud auth application-default login. Review how Google Cloud ADC works
<hr>
Reference:

答案2

得分: -1

在Cloud Storage中存储的所有内容都必须包含在一个存储桶中。您可以使用存储桶来组织数据并控制对数据的访问。
了解有关在GCP中使用存储桶的更多信息https://googlecloudtutorials.com/google-cloud-storage-free/。

一旦存储桶准备好,数据对象和文件就可以上传。
可以使用经过身份验证的URL访问和修改对象。

英文:

Everything that you store in Cloud Storage must be contained in a bucket. You can use buckets to organize your data and control access to your data.
Learn more how to work with storage buckets in GCP https://googlecloudtutorials.com/google-cloud-storage-free/.

Once storage bucket is ready data objects and files can be uploaded.
Object can be accessed and modified using Authenticated URL.

huangapple
  • 本文由 发表于 2023年6月2日 00:32:59
  • 转载请务必保留本文链接:https://go.coder-hub.com/76383991.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定