Add service_account_credentials for Google Cloud and Drive

This commit is contained in:
Matt Holt 2018-04-27 09:07:37 -06:00 committed by Nick Craig-Wood
parent d8e88f10cd
commit b78af517de
4 changed files with 38 additions and 22 deletions

View file

@ -446,12 +446,8 @@ func newPacer() *pacer.Pacer {
return pacer.New().SetMinSleep(minSleep).SetPacer(pacer.GoogleDrivePacer) return pacer.New().SetMinSleep(minSleep).SetPacer(pacer.GoogleDrivePacer)
} }
func getServiceAccountClient(keyJsonfilePath string) (*http.Client, error) { func getServiceAccountClient(credentialsData []byte) (*http.Client, error) {
data, err := ioutil.ReadFile(os.ExpandEnv(keyJsonfilePath)) conf, err := google.JWTConfigFromJSON(credentialsData, driveConfig.Scopes...)
if err != nil {
return nil, errors.Wrap(err, "error opening credentials file")
}
conf, err := google.JWTConfigFromJSON(data, driveConfig.Scopes...)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "error processing credentials") return nil, errors.Wrap(err, "error processing credentials")
} }
@ -466,9 +462,18 @@ func createOAuthClient(name string) (*http.Client, error) {
var oAuthClient *http.Client var oAuthClient *http.Client
var err error var err error
// try loading service account credentials from env variable, then from a file
serviceAccountCreds := []byte(config.FileGet(name, "service_account_credentials"))
if len(serviceAccountCreds) == 0 {
serviceAccountPath := config.FileGet(name, "service_account_file") serviceAccountPath := config.FileGet(name, "service_account_file")
if serviceAccountPath != "" { loadedCreds, err := ioutil.ReadFile(os.ExpandEnv(serviceAccountPath))
oAuthClient, err = getServiceAccountClient(serviceAccountPath) if err != nil {
return nil, errors.Wrap(err, "error opening service account credentials file")
}
serviceAccountCreds = loadedCreds
}
if len(serviceAccountCreds) > 0 {
oAuthClient, err = getServiceAccountClient(serviceAccountCreds)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "failed to create oauth client from service account") return nil, errors.Wrap(err, "failed to create oauth client from service account")
} }

View file

@ -277,12 +277,8 @@ func parsePath(path string) (bucket, directory string, err error) {
return return
} }
func getServiceAccountClient(keyJsonfilePath string) (*http.Client, error) { func getServiceAccountClient(credentialsData []byte) (*http.Client, error) {
data, err := ioutil.ReadFile(os.ExpandEnv(keyJsonfilePath)) conf, err := google.JWTConfigFromJSON(credentialsData, storageConfig.Scopes...)
if err != nil {
return nil, errors.Wrap(err, "error opening credentials file")
}
conf, err := google.JWTConfigFromJSON(data, storageConfig.Scopes...)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "error processing credentials") return nil, errors.Wrap(err, "error processing credentials")
} }
@ -295,16 +291,25 @@ func NewFs(name, root string) (fs.Fs, error) {
var oAuthClient *http.Client var oAuthClient *http.Client
var err error var err error
// try loading service account credentials from env variable, then from a file
serviceAccountCreds := []byte(config.FileGet(name, "service_account_credentials"))
if len(serviceAccountCreds) == 0 {
serviceAccountPath := config.FileGet(name, "service_account_file") serviceAccountPath := config.FileGet(name, "service_account_file")
if serviceAccountPath != "" { loadedCreds, err := ioutil.ReadFile(os.ExpandEnv(serviceAccountPath))
oAuthClient, err = getServiceAccountClient(serviceAccountPath)
if err != nil { if err != nil {
log.Fatalf("Failed configuring Google Cloud Storage Service Account: %v", err) return nil, errors.Wrap(err, "error opening service account credentials file")
}
serviceAccountCreds = loadedCreds
}
if len(serviceAccountCreds) > 0 {
oAuthClient, err = getServiceAccountClient(serviceAccountCreds)
if err != nil {
return nil, errors.Wrap(err, "failed configuring Google Cloud Storage Service Account")
} }
} else { } else {
oAuthClient, _, err = oauthutil.NewClient(name, storageConfig) oAuthClient, _, err = oauthutil.NewClient(name, storageConfig)
if err != nil { if err != nil {
log.Fatalf("Failed to configure Google Cloud Storage: %v", err) return nil, errors.Wrap(err, "failed to configure Google Cloud Storage")
} }
} }

View file

@ -202,7 +202,10 @@ actively logged-in users, for example build machines.
To use a Service Account instead of OAuth2 token flow, enter the path To use a Service Account instead of OAuth2 token flow, enter the path
to your Service Account credentials at the `service_account_file` to your Service Account credentials at the `service_account_file`
prompt during `rclone config` and rclone won't use the browser based prompt during `rclone config` and rclone won't use the browser based
authentication flow. authentication flow. If you'd rather stuff the contents of the
credentials file into the rclone config file, you can set
`service_account_credentials` with the actual contents of the file
instead, or set the equivalent environment variable.
#### Use case - Google Apps/G-suite account and individual Drive #### #### Use case - Google Apps/G-suite account and individual Drive ####

View file

@ -212,7 +212,10 @@ are what rclone will use for authentication.
To use a Service Account instead of OAuth2 token flow, enter the path To use a Service Account instead of OAuth2 token flow, enter the path
to your Service Account credentials at the `service_account_file` to your Service Account credentials at the `service_account_file`
prompt and rclone won't use the browser based authentication prompt and rclone won't use the browser based authentication
flow. flow. If you'd rather stuff the contents of the credentials file into
the rclone config file, you can set `service_account_credentials` with
the actual contents of the file instead, or set the equivalent
environment variable.
### --fast-list ### ### --fast-list ###