nodejs-storage icon indicating copy to clipboard operation
nodejs-storage copied to clipboard
verified publisher icon googleapis

"Could not load the default credentials" when using custom apiEndpoint with `getSignedUrl.`

Open psigen opened this issue 2 years ago • 4 comments

Environment details

  • OS: Ubuntu 22.04
  • Node.js version: v18.15.0
  • npm version: 9.5.0
  • @google-cloud/storage version: 6.10.0

Steps to reproduce

Run the following code when using a storage emulator such as fake-gcs-server or firebase storage emulator:

import { Storage } from "@google-cloud/storage";

const storage = new Storage({
  apiEndpoint: 'http://localhost:9199',
  projectId: 'random-fake-proj-id',
  useAuthWithCustomEndpoint: false,
});

const expiration = new Date();
const expirationSecs = 60 * 10; // 10 minutes
expiration.setSeconds(expirationSecs);

const options = {
  version: "v4" as const,
  action: "read" as const,
  expires: expiration,
};

const [url] = await storage.bucket(BUCKET_NAME)
  .file(path)
  .getSignedUrl(options);

This will return the following error about credentials, even though the emulator doesn't use credentials, so they aren't needed to sign the URL:

Error: Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information.
    at GoogleAuth.getApplicationDefaultAsync (/app/api/index.js:65733:15)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async GoogleAuth.getClient (/app/api/index.js:66050:20)
    at async GoogleAuth.getCredentialsAsync (/app/api/index.js:66009:24)
    at async sign (/app/api/index.js:93784:33)

This was previously mentioned in a comment on this previous ticket: https://github.com/googleapis/nodejs-storage/issues/1373#issuecomment-1140351554

psigen avatar May 13 '23 18:05 psigen

@danielbankhead I poked into this a bit and it appears that the problem comes in that there doesn't appear to be a way to tell the auth library to "faux" sign a request. Is there a clean way we can bypass this in storage when the user does not want to use authentication?

ddelgrosso1 avatar May 18 '23 16:05 ddelgrosso1

[discussed offline, sharing here] We may need to take a similar approach as https://github.com/googleapis/gcs-resumable-upload/pull/416 for this issue.

danielbankhead avatar Jun 01 '23 03:06 danielbankhead

Hijacking this issue to track the implementation of this feature:

When a custom endpoint is set on the client, Sign URLs and Post Policies should automatically use that domain.

Optional: allow users to set a custom hostname for Sign URL and Post policy methods

See: go/signurl-custom-endpoint-gcs

BrennaEpp avatar Nov 03 '23 16:11 BrennaEpp

Related:

  • https://github.com/googleapis/nodejs-storage/issues/2092

danielbankhead avatar Dec 13 '23 22:12 danielbankhead