diff --git a/object_store/src/gcp/credential.rs b/object_store/src/gcp/credential.rs index 988724b56734..fcd516a1bf1a 100644 --- a/object_store/src/gcp/credential.rs +++ b/object_store/src/gcp/credential.rs @@ -44,10 +44,7 @@ use std::time::{Duration, Instant}; use tracing::info; use url::Url; -pub const DEFAULT_SCOPE: [&str; 2] = [ - "https://www.googleapis.com/auth/devstorage.full_control", - "https://www.googleapis.com/auth/cloud-platform", -]; +pub const DEFAULT_SCOPE: &str = "https://www.googleapis.com/auth/cloud-platform"; pub const DEFAULT_GCS_BASE_URL: &str = "https://storage.googleapis.com"; @@ -357,7 +354,7 @@ impl ServiceAccountCredentials { self.private_key_id, self.client_email, ServiceAccountKey::from_pem(self.private_key.as_bytes())?, - DEFAULT_SCOPE.join(" ").to_string(), + DEFAULT_SCOPE.to_string(), )?) } diff --git a/object_store/src/gcp/mod.rs b/object_store/src/gcp/mod.rs index f38e5c05f131..96afa45f2b61 100644 --- a/object_store/src/gcp/mod.rs +++ b/object_store/src/gcp/mod.rs @@ -292,6 +292,36 @@ mod test { } } + #[tokio::test] + #[ignore] + async fn gcs_test_sign() { + crate::test_util::maybe_skip_integration!(); + let integration = GoogleCloudStorageBuilder::from_env().build().unwrap(); + + let client = reqwest::Client::new(); + + let path = Path::from("test_sign"); + let url = integration + .signed_url(Method::PUT, &path, Duration::from_secs(3600)) + .await + .unwrap(); + println!("PUT {url}"); + + let resp = client.put(url).body("data").send().await.unwrap(); + resp.error_for_status().unwrap(); + + let url = integration + .signed_url(Method::GET, &path, Duration::from_secs(3600)) + .await + .unwrap(); + println!("GET {url}"); + + let resp = client.get(url).send().await.unwrap(); + let resp = resp.error_for_status().unwrap(); + let data = resp.bytes().await.unwrap(); + assert_eq!(data.as_ref(), b"data"); + } + #[tokio::test] async fn gcs_test_get_nonexistent_location() { crate::test_util::maybe_skip_integration!();