Struct tame_gcs::signed_url::UrlSigner
source · pub struct UrlSigner<D, S> { /* private fields */ }Expand description
A generator for signed URLs, which can be used to grant temporary access to specific storage resources even if the client making the request is not otherwise logged in or normally able to access to the storage resources in question.
This implements the V4 signing process
Implementations§
source§impl<D, S> UrlSigner<D, S>where
D: DigestCalulator,
S: Signer,
impl<D, S> UrlSigner<D, S>where
D: DigestCalulator,
S: Signer,
sourcepub fn new(digester: D, signer: S) -> Self
pub fn new(digester: D, signer: S) -> Self
Creates a new UrlSigner from a [DigestCalculator] implementation
capable of generating SHA256 digests of buffers, and a Signer
capable of doing RSA-SHA256 encryption. You may implement these
on your own using whatever crates you prefer, or you can use the
signing feature which will use the excellent ring crate
to provide implementations.
sourcepub fn generate<'a, K, OID>(
&self,
key_provider: &K,
id: &OID,
optional: SignedUrlOptional<'_>
) -> Result<Url, Error>where
K: KeyProvider,
OID: ObjectIdentifier<'a>,
pub fn generate<'a, K, OID>(
&self,
key_provider: &K,
id: &OID,
optional: SignedUrlOptional<'_>
) -> Result<Url, Error>where
K: KeyProvider,
OID: ObjectIdentifier<'a>,
Generates a new signed url for the specified resource, using a key
provider. Note that this operation is entirely local, so though this
may succeed in generating a url, the actual operation using it may fail
if the account used to sign the URL does not have sufficient permissions
for the resource. For example, if you provided a GCP service account
that had devstorage.read_only permissions for the bucket/object, this method
would succeed in generating a signed url for a POST operation, but the actual
POST using that url would fail as the account does not itself have permissions
for the POST operation.