Use google cloud storage signed url with a gsutil rsync command issued on un-authenticated machine

0
votes

I want to perform the following:

  1. Create a signed URL using gsutil signurl. (https://cloud.google.com/storage/docs/access-control/create-signed-urls-gsutil)
  2. On a separate machine, issue the gsutil rsync command without authenticating the gsutil tool by using the secure URL generated in step 1.

Is such a thing possible?

I know that I could programatically download files as described in the answer to Google cloud storage signed url chunked download In python?, but I am wondering if it is possible to use gsutil in an un-authenticated manner using the created secure URL.

1
google-cloud-platformgoogle-cloud-storage

1 Answers

2
votes

No. The main problem with this approach is that a signed URL is only good for one operation, and rsync involves many operations (listing objects, uploading objects, downloading objects). You'd either need to create a custom rsync implementation with a remote server that vends signed URLs, or authenticate on the separate machine.

Alternatively, if you can't allow the separate machine to access your credentials, you could have it rsync to some dedicated bucket for which it has its own credentials and then have a second machine that you do trust with credentials to sync those two buckets.