From e9a45a5a34341ebfa610ec2593a1103b5325e773 Mon Sep 17 00:00:00 2001 From: marcintustin Date: Fri, 1 Mar 2019 12:05:31 -0500 Subject: [PATCH] googlecloudstorage: fall back to default application credentials Fall back to default application credentials when all other credentials sources fail This change allows users with default application credentials configured (notably when running on google compute instances) to dispense with explicitly configuring google cloud storage credentials in rclone's own configuration. --- backend/googlecloudstorage/googlecloudstorage.go | 9 ++++++++- docs/content/googlecloudstorage.md | 14 ++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/backend/googlecloudstorage/googlecloudstorage.go b/backend/googlecloudstorage/googlecloudstorage.go index 25866ff81..65f010dab 100644 --- a/backend/googlecloudstorage/googlecloudstorage.go +++ b/backend/googlecloudstorage/googlecloudstorage.go @@ -16,6 +16,7 @@ FIXME Patch/Delete/Get isn't working with files with spaces in - giving 404 erro */ import ( + "context" "encoding/base64" "encoding/hex" "fmt" @@ -45,6 +46,8 @@ import ( "golang.org/x/oauth2" "golang.org/x/oauth2/google" "google.golang.org/api/googleapi" + + // NOTE: This API is deprecated storage "google.golang.org/api/storage/v1" ) @@ -381,7 +384,11 @@ func NewFs(name, root string, m configmap.Mapper) (fs.Fs, error) { } else { oAuthClient, _, err = oauthutil.NewClient(name, m, storageConfig) if err != nil { - return nil, errors.Wrap(err, "failed to configure Google Cloud Storage") + ctx := context.Background() + oAuthClient, err = google.DefaultClient(ctx, storage.DevstorageFullControlScope) + if err != nil { + return nil, errors.Wrap(err, "failed to configure Google Cloud Storage") + } } } diff --git a/docs/content/googlecloudstorage.md b/docs/content/googlecloudstorage.md index cf20d741c..86843bf65 100644 --- a/docs/content/googlecloudstorage.md +++ b/docs/content/googlecloudstorage.md @@ -217,6 +217,20 @@ the rclone config file, you can set `service_account_credentials` with the actual contents of the file instead, or set the equivalent environment variable. +### Application Default Credentials ### + +If no other source of credentials is provided, rclone will fall back +to +[Application Default Credentials](https://cloud.google.com/video-intelligence/docs/common/auth#authenticating_with_application_default_credentials) +this is useful both when you already have configured authentication +for your developer account, or in production when running on a google +compute host. Note that if running in docker, you may need to run +additional commands on your google compute machine - +[see this page](https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper). + +Note that in the case application default credentials are used, there +is no need to explicitly configure a project number. + ### --fast-list ### This remote supports `--fast-list` which allows you to use fewer