Why not running a static webserver in front of blob storage (e.g. https://cloud.google.com/storage/docs/hosting-static-website) or accessing the buckets or blob storages using the default web server the service providers provide?

That would certainly be a stopgap, however it adds extra infrastructure and would not allow you to use default credentials for invisible authentication. Other workarounds could involve FUSE, or some GCS proxy, but it would be nice to have native support. Some of this desire comes out of the lack of GOAUTH support, see #26232, however it seems somewhat orthogonal.

This is something that other build systems have added support for, e.g. gradle. While it would add provider specific authentication logic and pull in external dependencies, this could be mitigated by shelling out to a binary, a la git helpers, and allow for more protocol flexibility.

Native gs:// support in the go command would require the go command to link in the various blob-storage clients for everybody, not just the folks who need it.

I agree with @hyangah that a blob-to-HTTP proxy seems like the right solution. It should be fairly trivial to write one that you can run locally on your machine.

If you really don't want to write your own, you could also consider a feature request with one of the existing private-proxy implementations.

CC @jayconrod @marwan-at-work.

Shelling out to a binary doesn't seem particularly simpler than having a long-running local proxy, and an ephemeral binary couldn't easily cache the connections to the blob-storage backend. It seems better to stick to the mechanism we already have (GOPROXY).

@bcmills, considering that work on #26232 has stalled, and custom transport providers could workaround the auth issue, is there interest in pursuing a go-proxy-<transport> helper implementation? (where transport:// is provided to GOPROXY)

Is there interest? I have no idea; that's part of why #26232 has stalled. (When we fixed the .netrc bug, there seemed to be a lot less interest in alternative auth mechanisms.)

If you want to take a stab at an alternative-transport proxy, I'd be happy to review the code.

@bcmills my 2 cents is that I still believe #26232 would be valuable to a number of use cases. Even if it's just a slimmed down version where you can tell the Go command to pass static headers. Happy to continue the conversation there and try to contribute that feature 😄