maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs: document unset GOOGLE_APPLICATION_CREDENTIALS

Browse source 
In case the `GOOGLE_APPLICATION_CREDENTIALS` environment variable is not
set, a redirect to storage.googleapis.com is issued, which means the
underlying bucket objects need to be publicly accessible.

This wasn't really obvious until now, so further clarify it.
This commit is contained in:
Florian Klink 2021-04-29 16:02:26 +02:00 committed by Vincent Ambo
parent 970f492235
commit 7e8295189b
2 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tools/nixery/storage/gcs.go
View file

@ -222,6 +222,10 @@ func signingOptsFromEnv() (*storage.SignedURLOptions, error) {
// Signing the URL allows unauthenticated clients to retrieve objects from the
// bucket.
//
// In case signing is not configured, a redirect to storage.googleapis.com is
// issued, which means the underlying bucket objects need to be publicly
// accessible.
//
// The Docker client is known to follow redirects, but this might not be true
// for all other registry clients.
func (b *GCSBackend) constructLayerUrl(digest string) (string, error) {