From bc234c790e1e29740a7fa7ad350bf20420001ba2 Mon Sep 17 00:00:00 2001
From: Haifeng Chen <haifeng.chen@intel.com>
Date: Wed, 14 Sep 2022 19:20:30 +0800
Subject: [PATCH] Add doc for GCP user account crednetial configuraiton

---
 README.md                                 |  4 ++-
 docs/source/GettingStarted/quick-start.md |  4 ++-
 docs/source/UserGuide/login-to-cloud.md   | 40 ++++++++++++++++++++++-
 3 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 75fcc53e1..aa523e551 100644
--- a/README.md
+++ b/README.md
@@ -80,13 +80,15 @@ Refer to [Sign in with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/aut
 
 #### GCP
 
-First, follow [Creating a service account](https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account)
+If you use service account authentication, follow [Creating a service account](https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account)
 to create a service account on Google Cloud. 
 
 A JSON file should be safely downloaded to your local computer, and then set the `GOOGLE_APPLICATION_CREDENTIALS` environment
 variable as described in the [Setting the environment variable](https://cloud.google.com/docs/authentication/getting-started#setting_the_environment_variable)
 on your working machine.
 
+If you are using user account authentication, refer to [User Guide: Login to Cloud](https://cloudtik.readthedocs.io/en/latest/UserGuide/login-to-cloud.html#gcp) for details.
+
 ### 4. Creating a Workspace for Clusters.
 Once you authenticated with your cloud provider, you can start to create a Workspace.
 
diff --git a/docs/source/GettingStarted/quick-start.md b/docs/source/GettingStarted/quick-start.md
index d2ba60130..10c72fb45 100644
--- a/docs/source/GettingStarted/quick-start.md
+++ b/docs/source/GettingStarted/quick-start.md
@@ -60,13 +60,15 @@ Refer to [Sign in with Azure CLI](https://docs.microsoft.com/en-us/cli/azure/aut
 
 #### GCP
 
-First, follow [Creating a service account](https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account)
+If you use service account authentication, follow [Creating a service account](https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account)
 to create a service account on Google Cloud. 
 
 A JSON file should be safely downloaded to your local computer, and then set the `GOOGLE_APPLICATION_CREDENTIALS` environment
 variable as described in the [Setting the environment variable](https://cloud.google.com/docs/authentication/getting-started#setting_the_environment_variable)
 on your working machine.
 
+If you use user account authentication, refer to [User Guide: Login to Cloud](../UserGuide/login-to-cloud.md#gcp) for details.
+
 ### 4. Creating a Workspace for Clusters.
 Once you authenticated with your cloud provider, you can start to create a Workspace.
 
diff --git a/docs/source/UserGuide/login-to-cloud.md b/docs/source/UserGuide/login-to-cloud.md
index 7646251a0..bc7bda4b5 100644
--- a/docs/source/UserGuide/login-to-cloud.md
+++ b/docs/source/UserGuide/login-to-cloud.md
@@ -58,8 +58,15 @@ Create a project within your Google Cloud account.
 
 Please refer to [Creating projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) for instructions.
 
-### Authentication calls to Google Cloud APIs.
+### Authentication calls to Google Cloud APIs
+User have two options to authenticate to Google Cloud.
+- Authenticate with service account
+- Authenticate with user account
 
+Please refer to [Authentication Principal](https://cloud.google.com/docs/authentication#principal)
+for detailed information as to these two methods.
+
+#### Authenticate with Service Account
 First, follow [Creating a service account](https://cloud.google.com/docs/authentication/getting-started#creating_a_service_account)
 to create a service account on Google Cloud. 
 
@@ -68,3 +75,34 @@ To use the service account through API, you need a service account key. Refer to
 A JSON key file should be safely downloaded to your local computer, and then set the `GOOGLE_APPLICATION_CREDENTIALS` environment
 variable as described in the [Setting the environment variable](https://cloud.google.com/docs/authentication/getting-started#setting_the_environment_variable)
 on your working machine.
+
+#### Authenticate with user account
+If you have a user account with the right permissions,
+You can authenticate using gcloud command. After you have authenticated,
+You need to configure credentials in the workspace configuration file
+or cluster configuration file with OAuth token information.
+
+After you authenticated using gcloud, you can find a file named "adc.json"
+in ~/.config/gcloud/legacy_credentials/your_account_name folder.
+Using the information from this file, you can configure workspace configuration file
+or cluster configuration file as following:
+
+```
+# Cloud-provider specific configuration.
+provider:
+    type: gcp
+    region: us-central1
+    availability_zone: us-central1-a
+    project_id: your_project_id
+    # Use allowed_ssh_sources to allow SSH access from your client machine
+    allowed_ssh_sources:
+      - 0.0.0.0/0
+    gcp_credentials:
+        type: oauth_token
+        credentials:
+            token: nil
+            client_id: "your_client_id"
+            client_secret: "your_client_secret"
+            token_uri: https://oauth2.googleapis.com/token
+            refresh_token: "your_refresh_token"
+```