Firebase 存储模拟器不支持 getSignedUrl
[英]Firebase Storage emulator does't support getSignedUrl
问题描述
I have the line
我有线
onst [url] = await blob.getSignedUrl({ action: 'read', expires: Date.now() + 60 * 1000, contentType: mimetype })
When I run my unit-tests with the Firebase storage emulator I got the error:当我使用 Firebase 存储模拟器运行单元测试时,出现错误:
Could not load the default credentials.
How can I use getSignedUrl with Firebase emulator?如何将getSignedUrl与 Firebase 模拟器一起使用?
1 个解决方案
解决方案1
1 已采纳 2021-09-24 06:13:11
When using a blob signed url, use service account credentials instead of the default ADC.使用签名为 url 的 blob 时,请使用服务帐户凭据而不是默认的 ADC。 Having been said that, you have two options:话虽如此,您有两种选择:
- You can create a service account that will use the command using the Cloud SDK:
gcloud iam service-accounts keys create FILE_NAME.json --iam-account=NAME@PROJECT_ID.iam.gserviceaccount.com;您可以创建一个服务帐户,该帐户将使用 Cloud SDK 命令: gcloud iam service-accounts keys create FILE_NAME.json --iam-account=NAME@PROJECT_ID.iam.gserviceaccount.com; which you can use to call Firebase server APIs from your app server or trusted environment.您可以使用它从您的应用程序服务器或受信任的环境调用 Firebase 服务器 API。 After creating your service account, you must initialize with a service account key file .创建服务帐户后,您必须使用服务帐户密钥文件进行初始化。
Here's an example java code for initializing:这是用于初始化的示例 java 代码:
FileInputStream serviceAccount = new FileInputStream("path/to/serviceAccountKey.json");
FirebaseOptions options = FirebaseOptions.builder()
.setCredentials(GoogleCredentials.fromStream(serviceAccount))
.setDatabaseUrl("https://<DATABASE_NAME>.firebaseio.com/")
.build();
FirebaseApp.initializeApp(options);
You can also check the Firebase Service Accounts to help you identify which service account you will use in your project.
- Another option is to set the service account key in an environment variables .另一种选择是在环境变量中设置服务帐户密钥。
For Linux or macOS: export GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"对于 Linux 或 macOS:export GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
Example is: export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"示例是:export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"
For Windows (using powershell): $env:GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"对于 Windows(使用 powershell):$env:GOOGLE_APPLICATION_CREDENTIALS="KEY_PATH"
Example is: $env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\service-account-file.json"示例是:$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\service-account-file.json"
Just note that this variable only applies to your current shell session, so if you open a new session, set the variable again.
Update:更新:
In Google Cloud Platform environments, such as Cloud Functions and App Engine, you usually don't provide a keyFilename or credentials during instantiation.在 Google Cloud Platform 环境中,例如 Cloud Functions 和 App Engine,您通常不会在实例化期间提供 keyFilename 或凭据。 In those environments, we call the signBlob API to create a signed URL. As was stated here .在那些环境中,我们调用 signBlob API 来创建一个签名的 URL。如这里所述。 In that case, the service account used must have Service Account Token Creator Role .在这种情况下,使用的服务帐户必须具有Service Account Token Creator Role 。
The Service Account Token Creator Role enables impersonation of service accounts to create OAuth2 access tokens, sign blobs, or sign JWTs. Service Account Token Creator Role允许模拟服务帐户以创建 OAuth2 访问令牌、签署 blob 或签署 JWT。 Provide your service account when initializing the client.初始化客户端时提供您的服务帐户。 If using default credentials, then make sure that the Cloud Functions service account must have Service Account Token Creator Role , as it is required when calling the signBlob API if the app is deployed within GCP.如果使用默认凭据,请确保 Cloud Functions 服务帐户必须具有Service Account Token Creator Role ,因为如果应用程序部署在 GCP 中,则在调用 signBlob API 时需要它。
You can further check this github issues comment .
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.