Django 与谷歌云存储

Question

I have been trying to implement Google Cloud Storage (media file uploads) for my Django app on Google App Engine using the django-storages package. I have followed all the specification given by the package. I also set the relevant policies and roles for the service account to access the storage bucket but I keep getting the error " anonymous caller does not have storage.objects.get access to the google cloud storage object ." when trying to view the images in my html template.

I can only view the images in the template when I include the permission for allUsers in storage bucket settings. Does anybody know how to fix this issue without making your bucket publicly accessible.

This is the screenshot of my configuration for django-storages in the settings.py file

Answer 1

1. Please check that your credentials are correct. If you are using gsutil, check that the credentials stored in your.boto file are accurate. Also, confirm that gsutil is using the.boto file you expect by using the command gsutil version -l and checking the config path(s) entry.

2. And if you are using the correct credentials, are your requests being routed through a proxy, using HTTP (instead of HTTPS)? If so, check whether your proxy is configured to remove the Authorization header from such requests. If so, make sure you are using HTTPS instead of HTTP for your requests.
   

   You can refer the Document for storage authentication
   

You can also validate with below points additionally:

1. In most cases, the default service accounts are not sufficient to read/write and sign files in GCS, so you will need to create a dedicated service account.

2. Create a service account.

3. Make sure your service account has access to the bucket and appropriate permissions.

4. Ensure this service account is associated to the type of compute being used (Google Compute Engine (GCE), Google Kubernetes Engine (GKE), Google Cloud Run (GCR), etc)

For development use cases, or other instances outside Google infrastructure:

-Create the key and download abc.json file.
-Ensure the key is mounted/available to your running Django app.
-Set an environment variable of GOOGLE_APPLICATION_CREDENTIALS to the
path of the json file.

Alternatively, you can use the setting GS_CREDENTIALS as described in document

django-storages
IAM permissions

Answer 2

I rechecked my settings and bucket policy configs and they are all correct.I realized that by setting the bucket policy to not public accessible and to be accessed via the custom service account, I was not able to display the file on to the html (via iframe tags) using the source url "https://storage.cloud.google.com/{}/'.format(GS_BUCKET_NAME)" . However, I was getting the file object in return. I read the contents of the file and base64 encoded it then rendered the files/images onto the html page and this works.Perhaps if the bucket policy is not set to public, the source url is not meant to be accessed directly or in this case only through the authorized service account.