gapic-showcase
gapic-showcase copied to clipboard
googleapis
Bytes fields as query parameters should be base64-encoded
Google Cloud expects query parameters of type bytes to be base64-encoded. If you do not believe me, see below.
gapic-showcase does an extra base64-encoding of these fields when returning the request, e.g. the f_bytes field in the Compliance service.
gapic-showcase should base64-decode bytes fields before re-encoding them in the response.
Repro
Here is a bytes field as a query parameter in the wild we can test with: https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles/delete#query-parameters
Create role:
PROJECT_ID= ... # e.g. my-test-project
gcloud iam roles create test_role --project ${PROJECT_ID}
Try curl request with non-base64 encoded etag:
curl -X DELETE \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
"https://content-iam.googleapis.com/v1/projects/${PROJECT_ID}/roles/test_role?etag=notbase64"
{
"error": {
"code": 400,
"message": "Invalid value at 'etag' (TYPE_BYTES), Base64 decoding failed for \"notbase64\"",
"status": "INVALID_ARGUMENT",
"details": [
{
"@type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"field": "etag",
"description": "Invalid value at 'etag' (TYPE_BYTES), Base64 decoding failed for \"notbase64\""
}
]
}
]
}
}
Try curl request with base64 encoded etag:
curl -X DELETE \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
"https://content-iam.googleapis.com/v1/projects/${PROJECT_ID}/roles/test_role?etag=AAAA"
{
"error": {
"code": 409,
"message": "There were concurrent policy changes. Please retry the whole read-modify-write with exponential backoff.",
"status": "ABORTED",
"details": [
{
"@type": "type.googleapis.com/google.rpc.DebugInfo",
"detail": "There were concurrent policy changes. Please retry the whole read-modify-write with exponential backoff."
}
]
}
}
Yay, this works. Using the real etag would lead to a successful request.
Cleanup:
gcloud iam roles delete test_role --project ${PROJECT_ID}
