From c3b6616c98982a201c1dcd6a5b1e7d3210d009d6 Mon Sep 17 00:00:00 2001 From: Marco Ziccardi Date: Mon, 9 Nov 2015 17:04:23 +0100 Subject: [PATCH 1/2] Use GOOGLE_APPLICATION_CREDENTIALS and GCLOUD_PROJECT vars in RemoteGcsHelper --- .../storage/testing/RemoteGcsHelper.java | 57 +++++++------------ utilities/integration_test_env.sh | 4 +- 2 files changed, 21 insertions(+), 40 deletions(-) diff --git a/gcloud-java-storage/src/main/java/com/google/gcloud/storage/testing/RemoteGcsHelper.java b/gcloud-java-storage/src/main/java/com/google/gcloud/storage/testing/RemoteGcsHelper.java index b15768cffa98..f5cdae83f999 100644 --- a/gcloud-java-storage/src/main/java/com/google/gcloud/storage/testing/RemoteGcsHelper.java +++ b/gcloud-java-storage/src/main/java/com/google/gcloud/storage/testing/RemoteGcsHelper.java @@ -45,8 +45,6 @@ public class RemoteGcsHelper { private static final Logger log = Logger.getLogger(RemoteGcsHelper.class.getName()); private static final String BUCKET_NAME_PREFIX = "gcloud-test-bucket-temp-"; - private static final String PROJECT_ID_ENV_VAR = "GCLOUD_TESTS_PROJECT_ID"; - private static final String PRIVATE_KEY_ENV_VAR = "GCLOUD_TESTS_KEY"; private final StorageOptions options; private RemoteGcsHelper(StorageOptions options) { @@ -107,13 +105,7 @@ public static RemoteGcsHelper create(String projectId, InputStream keyStream) StorageOptions storageOptions = StorageOptions.builder() .authCredentials(AuthCredentials.createForJson(keyStream)) .projectId(projectId) - .retryParams(RetryParams.builder() - .retryMaxAttempts(10) - .retryMinAttempts(6) - .maxRetryDelayMillis(30000) - .totalRetryPeriodMillis(120000) - .initialRetryDelayMillis(250) - .build()) + .retryParams(retryParams()) .connectTimeout(60000) .readTimeout(60000) .build(); @@ -145,41 +137,30 @@ public static RemoteGcsHelper create(String projectId, String keyPath) log.log(Level.WARNING, ex.getMessage()); } throw GcsHelperException.translate(ex); - } catch (IOException ex) { - if (log.isLoggable(Level.WARNING)) { - log.log(Level.WARNING, ex.getMessage()); - } - throw GcsHelperException.translate(ex); } } /** - * Creates a {@code RemoteGcsHelper} object. Project id and path to JSON key are read from two - * environment variables: {@code GCLOUD_TESTS_PROJECT_ID} and {@code GCLOUD_TESTS_KEY}. - * - * @return A {@code RemoteGcsHelper} object for the provided options. - * @throws com.google.gcloud.storage.testing.RemoteGcsHelper.GcsHelperException if environment - * variables {@code GCLOUD_TESTS_PROJECT_ID} and {@code GCLOUD_TESTS_KEY} are not set or if - * the file pointed by {@code GCLOUD_TESTS_KEY} does not exist + * Creates a {@code RemoteGcsHelper} object using default project id and authentication + * credentials. */ public static RemoteGcsHelper create() throws GcsHelperException { - String projectId = System.getenv(PROJECT_ID_ENV_VAR); - String keyPath = System.getenv(PRIVATE_KEY_ENV_VAR); - if (projectId == null) { - String message = "Environment variable " + PROJECT_ID_ENV_VAR + " not set"; - if (log.isLoggable(Level.WARNING)) { - log.log(Level.WARNING, message); - } - throw new GcsHelperException(message); - } - if (keyPath == null) { - String message = "Environment variable " + PRIVATE_KEY_ENV_VAR + " not set"; - if (log.isLoggable(Level.WARNING)) { - log.log(Level.WARNING, message); - } - throw new GcsHelperException(message); - } - return create(projectId, keyPath); + StorageOptions storageOptions = StorageOptions.builder() + .retryParams(retryParams()) + .connectTimeout(60000) + .readTimeout(60000) + .build(); + return new RemoteGcsHelper(storageOptions); + } + + private static RetryParams retryParams() { + return RetryParams.builder() + .retryMaxAttempts(10) + .retryMinAttempts(6) + .maxRetryDelayMillis(30000) + .totalRetryPeriodMillis(120000) + .initialRetryDelayMillis(250) + .build(); } private static class DeleteBucketTask implements Callable { diff --git a/utilities/integration_test_env.sh b/utilities/integration_test_env.sh index f7aca1a8a623..a1bebe4dcb69 100755 --- a/utilities/integration_test_env.sh +++ b/utilities/integration_test_env.sh @@ -1,3 +1,3 @@ # Export test env variables -export GCLOUD_TESTS_PROJECT_ID="gcloud-devel" -export GCLOUD_TESTS_KEY=$TRAVIS_BUILD_DIR/signing-tools/gcloud-devel-travis.json +export GCLOUD_PROJECT="gcloud-devel" +export GOOGLE_APPLICATION_CREDENTIALS=$TRAVIS_BUILD_DIR/signing-tools/gcloud-devel-travis.json From 82ebc7128133d7727eec8e85df927ec9599205f8 Mon Sep 17 00:00:00 2001 From: Marco Ziccardi Date: Tue, 17 Nov 2015 17:15:27 +0100 Subject: [PATCH 2/2] Add support for signUrl when default credentials are used - Add a method to convert ApplicationDefaultCredentials to ServiceAccountAuthCredentials - Add type check and conversion to Storage.signUrl --- .../java/com/google/gcloud/AuthCredentials.java | 12 +++++++++++- .../com/google/gcloud/storage/StorageImpl.java | 14 +++++++++++--- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/gcloud-java-core/src/main/java/com/google/gcloud/AuthCredentials.java b/gcloud-java-core/src/main/java/com/google/gcloud/AuthCredentials.java index 800fcf340689..afd785981ab9 100644 --- a/gcloud-java-core/src/main/java/com/google/gcloud/AuthCredentials.java +++ b/gcloud-java-core/src/main/java/com/google/gcloud/AuthCredentials.java @@ -28,6 +28,7 @@ import com.google.api.client.json.jackson.JacksonFactory; import com.google.auth.http.HttpCredentialsAdapter; import com.google.auth.oauth2.GoogleCredentials; +import com.google.auth.oauth2.ServiceAccountCredentials; import java.io.IOException; import java.io.InputStream; @@ -212,7 +213,7 @@ public RestorableState capture() { } } - private static class ApplicationDefaultAuthCredentials extends AuthCredentials { + public static class ApplicationDefaultAuthCredentials extends AuthCredentials { private GoogleCredentials googleCredentials; @@ -255,6 +256,15 @@ protected HttpRequestInitializer httpRequestInitializer(HttpTransport transport, return new HttpCredentialsAdapter(googleCredentials.createScoped(scopes)); } + public ServiceAccountAuthCredentials toServiceAccountCredentials() { + if (googleCredentials instanceof ServiceAccountCredentials) { + ServiceAccountCredentials credentials = (ServiceAccountCredentials) googleCredentials; + return new ServiceAccountAuthCredentials(credentials.getClientEmail(), + credentials.getPrivateKey()); + } + return null; + } + @Override public RestorableState capture() { return STATE; diff --git a/gcloud-java-storage/src/main/java/com/google/gcloud/storage/StorageImpl.java b/gcloud-java-storage/src/main/java/com/google/gcloud/storage/StorageImpl.java index fa059254eddb..8ae3948a7576 100644 --- a/gcloud-java-storage/src/main/java/com/google/gcloud/storage/StorageImpl.java +++ b/gcloud-java-storage/src/main/java/com/google/gcloud/storage/StorageImpl.java @@ -43,6 +43,8 @@ import com.google.common.hash.Hashing; import com.google.common.io.BaseEncoding; import com.google.common.primitives.Ints; +import com.google.gcloud.AuthCredentials; +import com.google.gcloud.AuthCredentials.ApplicationDefaultAuthCredentials; import com.google.gcloud.AuthCredentials.ServiceAccountAuthCredentials; import com.google.gcloud.PageImpl; import com.google.gcloud.BaseService; @@ -584,9 +586,15 @@ public URL signUrl(BlobInfo blobInfo, long duration, TimeUnit unit, SignUrlOptio ServiceAccountAuthCredentials cred = (ServiceAccountAuthCredentials) optionMap.get(SignUrlOption.Option.SERVICE_ACCOUNT_CRED); if (cred == null) { - checkArgument(options().authCredentials() instanceof ServiceAccountAuthCredentials, - "Signing key was not provided and could not be derived"); - cred = (ServiceAccountAuthCredentials) this.options().authCredentials(); + AuthCredentials serviceCred = this.options().authCredentials(); + if (serviceCred instanceof ServiceAccountAuthCredentials) { + cred = (ServiceAccountAuthCredentials) serviceCred; + } else { + if (serviceCred instanceof ApplicationDefaultAuthCredentials) { + cred = ((ApplicationDefaultAuthCredentials) serviceCred).toServiceAccountCredentials(); + } + } + checkArgument(cred != null, "Signing key was not provided and could not be derived"); } // construct signature - see https://cloud.google.com/storage/docs/access-control#Signed-URLs StringBuilder stBuilder = new StringBuilder();