Allow GCS client to use credentials from the environment if needed #58
Conversation
When running in GCP environment, the credentials can be fetched automatically by the GCP SDK, and there is no need to specify any additional JSON/env variables (https://cloud.google.com/docs/authentication/production#automatically).
|
diff check failed, use |
| @@ -111,20 +109,25 @@ func newServicer(pairs ...typ.Pair) (srv *Service, err error) { | |||
| if err != nil { | |||
| return nil, err | |||
| } | |||
| case credential.ProtocolEnv: | |||
There was a problem hiding this comment.
We need to support both env and other ways.
How about using google.FindDefaultCredentials instead?
ref: https://pkg.go.dev/golang.org/x/oauth2/google#FindDefaultCredentials
There was a problem hiding this comment.
FindDefaultCredentials gets called automatically by the GCS client if no credentials are provided (e.g. if you don't use the WithCredentialsJSON).
So, if you pass env as credential type, the client will just fetch them all at runtime.
This happens here: https://github.com/googleapis/google-api-go-client/blob/master/internal/creds.go#L50
There was a problem hiding this comment.
gets called automatically by the GCS client if no credentials are provided
Yep, I know about this logic here.
But I don't want to depend on this behavior. I prefer to control them by ourselves.
- If the user uses
base64orfile, it's OK, read them and useWithCredentialsJSONto construct the client. - If the user uses
env, we useFindDefaultCredentialsto read default credentials from the env.
Everything is clear, no need to read the code provided by deps.
What do you think?
There was a problem hiding this comment.
Absolutely got your point :) I cleaned up the code
Ran and diff is fine now :) |
|
Thanks for your contributions! |
When running in GCP environment, the credentials can be fetched automatically by the GCP SDK, and there is no need to specify any additional JSON/env variables (https://cloud.google.com/docs/authentication/production#automatically).