A crazy note when I transferred the infrastructure running Django from GKE to GAE
I used a module called django-storages to upload to GCS and get the URL via imageField. https://django-storages.readthedocs.io/en/latest/backends/gcloud.html?highlight=GS_DEFAULT_ACL#settings
However, when I moved to GAE, imageField came back blank. upload works fine, and when running Django on localhost or GKE it works.
If you don't need the URL validity period All you have to do is add the following to settings
DEFAULT_FILE_STORAGE = 'storages.backends.gcloud.GoogleCloudStorage'
GS_BUCKET_NAME = 'yourbacketname'
GS_DEFAULT_ACL = 'publicRead' <=add to
GAE didn't even throw an error log to the stack driver Because the status itself was 200
Since the authentication system is GAE, I thought that there would be no problem by giving the default service account administrator privileges for storage. But it doesn't work
I can't help it, so I followed the source of django-storage
python3.6/site-packages/storages/backends/gcloud.py
def url(self, name):
"""
Return public url or a signed url for the Blob.
This DOES NOT check for existance of Blob - that makes codes too slow
for many use cases.
"""
name = self._normalize_name(clean_name(name))
blob = self.bucket.blob(self._encode_name(name))
if not self.custom_endpoint and self.default_acl == 'publicRead':
return blob.public_url
elif self.default_acl == 'publicRead':
return '{storage_base_url}/{quoted_name}'.format(
storage_base_url=self.custom_endpoint,
quoted_name=_quote(name, safe=b"/~"),
)
elif not self.custom_endpoint:
return blob.generate_signed_url(self.expiration)
else:
return blob.generate_signed_url(
expiration=self.expiration,
api_access_endpoint=self.custom_endpoint,
)
If you use GAE's debug function and repeat deployment & debugging in the browser
blob.generate_signed_url(self.expiration)
This function seems to be a villain
Actually I was throwing an error, but since it was crushed, I finally found the cause with try except in GAE debugging
"you need a private key to sign credentials.the credentials you are currently using <class 'google.auth.compute_engine.credentials.Credentials'> just contains a token.
It was an authentication error
It's annoying, so I don't need authentication information in the URL self.default_acl =='publicRead': It feels like I added a constant to settings to put it in the branch.
tired···
If you ask the representative later I was told, "It's cool to remake the bucket."
Cried
Recommended Posts