commit 26624077f86cfac48e5559c3ea7d00d442d636af
author Alexander Schulze <alexschulze@chromium.org> Thu Apr 07 13:29:49 2022
committer Devtools-frontend LUCI CQ <devtools-frontend-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Apr 07 13:41:25 2022
tree ccb35b892e44c858bb392aef7b3e058557701a55
parent 41f67cf0ea3763f31a34f8347dcecbe7b3288bfb

Use authenticated bucket requests

By default, storage clients are authenticated. In the past, we used an
anonymous client when the staging IAM did not have permissions to access
the production bucket (which was publicly accessible after all).

In the future, all requests to buckets should be authenticated so that
we can restrict public access to all project buckets.

Bug: 1257945
Change-Id: I2f872de05f83972cde5b9b5c62341c0b330c1977
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/tools/chrome-devtools-frontend/+/3576123
Auto-Submit: Alexander Schulze <alexschulze@chromium.org>
Reviewed-by: Tamer Tas <tmrts@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>

gae_py3/files.py

diff --git a/gae_py3/files.py b/gae_py3/files.py
index bdb28b8..905eb7f 100644
--- a/gae_py3/files.py
+++ b/gae_py3/files.py
@@ -31,11 +31,8 @@
   def get_bucketname(self):
     pass
 
-  def get_storage_client(self):
-    return storage.Client()
-
   def __init__(self):
-    self.bucket = self.get_storage_client().bucket(self.get_bucketname())
+    self.bucket = storage.Client().bucket(self.get_bucketname())
 
 
 class LocalBucketProvider(BaseFileProvider):
@@ -232,9 +229,6 @@
 
 class LegacyBucketMixin:
 
-  def get_storage_client(self):
-    return storage.Client.create_anonymous_client()
-
   def get_bucketname(self):
     return LEGACY_BUCKET