Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cli: Allow Application Default Credentials discovery for GCP #1207

Merged
merged 2 commits into from
Nov 26, 2024
Merged

cli: Allow Application Default Credentials discovery for GCP #1207

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f9847ef
fix: allow default credentials to work for GCP
xytis Oct 13, 2024
b01f913
Apply suggestions from code review
Acconut Nov 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 2 additions & 5 deletions cmd/tusd/cli/composer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,12 +76,9 @@ func CreateComposer() {
"Please remove underscore from the value", Flags.GCSObjectPrefix)
}

// Derivce credentials from service account file path passed in
// GCS_SERVICE_ACCOUNT_FILE environment variable.
// Application Default Credentials discovery mechanism is attempted to fetch credentials,
// but an account file can be provided through the GCS_SERVICE_ACCOUNT_FILE environment variable.
gcsSAF := os.Getenv("GCS_SERVICE_ACCOUNT_FILE")
if gcsSAF == "" {
stderr.Fatalf("No service account file provided for Google Cloud Storage using the GCS_SERVICE_ACCOUNT_FILE environment variable.\n")
}

service, err := gcsstore.NewGCSService(gcsSAF)
if err != nil {
Expand Down
14 changes: 12 additions & 2 deletions docs/_storage-backends/google-cloud-storage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,21 @@ nav_order: 5

# Google Cloud Storage

Tusd can store files directly on Google Cloud Storage. The uploaded file is directly transferred to S3 while the user is performing the upload without storing the entire file on disk first.
Tusd can store files directly on Google Cloud Storage. The uploaded file is directly transferred to Storage Bucket while the user is performing the upload without storing the entire file on disk first.

## Configuration

To enable this backend, you must supply the path to the corresponding account file using environment variables and specify the bucket name using `-gcs-bucket`, for example:
To enable this backend, you must specify the bucket name using `-gcs-bucket`, for example:

```bash
$ tusd -gcs-bucket=my-test-bucket.com
[tusd] Using 'gcs://my-test-bucket.com' as GCS bucket for storage.
...
```

By default, [Application Default Credentials discovery mechanism](https://cloud.google.com/docs/authentication/external/set-up-adc) will be attempted.

If `GCS_SERVICE_ACCOUNT_FILE` environment variable is provided, that account will be used instead:

```bash
$ export GCS_SERVICE_ACCOUNT_FILE=./account.json
Expand Down
7 changes: 6 additions & 1 deletion pkg/gcsstore/gcsservice.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,12 @@ type GCSService struct {
// NewGCSService returns a GCSService object given a GCloud service account file path.
func NewGCSService(filename string) (*GCSService, error) {
ctx := context.Background()
client, err := storage.NewClient(ctx, option.WithCredentialsFile(filename))
var opts []option.ClientOption
if filename != "" {
opts = append(opts, option.WithCredentialsFile(filename))
}
client, err := storage.NewClient(ctx, opts...)

if err != nil {
return nil, err
}
Expand Down