forked from TrueCloudLab/rclone
gcs: add env_auth to pick up IAM credentials from env/instance
This change provides the ability to pass `env_auth` as a parameter to the google cloud storage provider. This enables the provider to pull IAM credentials from the environment or instance metadata. Previously if no auth method was given it would default to requesting oauth.
This commit is contained in:
parent
ab2cdd840f
commit
13c3f67ab0
1 changed files with 19 additions and 1 deletions
|
@ -82,7 +82,8 @@ func init() {
|
||||||
saFile, _ := m.Get("service_account_file")
|
saFile, _ := m.Get("service_account_file")
|
||||||
saCreds, _ := m.Get("service_account_credentials")
|
saCreds, _ := m.Get("service_account_credentials")
|
||||||
anonymous, _ := m.Get("anonymous")
|
anonymous, _ := m.Get("anonymous")
|
||||||
if saFile != "" || saCreds != "" || anonymous == "true" {
|
envAuth, _ := m.Get("env_auth")
|
||||||
|
if saFile != "" || saCreds != "" || anonymous == "true" || envAuth == "true" {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
return oauthutil.ConfigOut("", &oauthutil.Options{
|
return oauthutil.ConfigOut("", &oauthutil.Options{
|
||||||
|
@ -330,6 +331,17 @@ can't check the size and hash but the file contents will be decompressed.
|
||||||
Default: (encoder.Base |
|
Default: (encoder.Base |
|
||||||
encoder.EncodeCrLf |
|
encoder.EncodeCrLf |
|
||||||
encoder.EncodeInvalidUtf8),
|
encoder.EncodeInvalidUtf8),
|
||||||
|
}, {
|
||||||
|
Name: "env_auth",
|
||||||
|
Help: "Get GCP IAM credentials from runtime (environment variables or instance meta data if no env vars).\n\nOnly applies if service_account_file and service_account_credentials is blank.",
|
||||||
|
Default: false,
|
||||||
|
Examples: []fs.OptionExample{{
|
||||||
|
Value: "false",
|
||||||
|
Help: "Enter AWS credentials in the next step.",
|
||||||
|
}, {
|
||||||
|
Value: "true",
|
||||||
|
Help: "Get GCP IAM credentials from the environment (env vars or IAM).",
|
||||||
|
}},
|
||||||
}}...),
|
}}...),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
@ -349,6 +361,7 @@ type Options struct {
|
||||||
Decompress bool `config:"decompress"`
|
Decompress bool `config:"decompress"`
|
||||||
Endpoint string `config:"endpoint"`
|
Endpoint string `config:"endpoint"`
|
||||||
Enc encoder.MultiEncoder `config:"encoding"`
|
Enc encoder.MultiEncoder `config:"encoding"`
|
||||||
|
EnvAuth bool `config:"env_auth"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fs represents a remote storage server
|
// Fs represents a remote storage server
|
||||||
|
@ -500,6 +513,11 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed configuring Google Cloud Storage Service Account: %w", err)
|
return nil, fmt.Errorf("failed configuring Google Cloud Storage Service Account: %w", err)
|
||||||
}
|
}
|
||||||
|
} else if opt.EnvAuth {
|
||||||
|
oAuthClient, err = google.DefaultClient(ctx, storage.DevstorageFullControlScope)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to configure Google Cloud Storage: %w", err)
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
oAuthClient, _, err = oauthutil.NewClient(ctx, name, m, storageConfig)
|
oAuthClient, _, err = oauthutil.NewClient(ctx, name, m, storageConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in a new issue