This library provides auto-renewed tokens for Google service authentication.
google-authz = tower-service + google authentication
Authentication flow | Status |
---|---|
API key | Supported |
OAuth 2.0 client | Supported |
Environment-provided service account | Supported |
Service account key | Supported |
- Scope is
https://www.googleapis.com/auth/cloud-platform
- Looks for credentials in the following places, preferring the first location found:
- A JSON file whose path is specified by the
GOOGLE_APPLICATION_CREDENTIALS
environment variable. - A JSON file in a location known to the gcloud command-line tool.
- On Google Compute Engine, it fetches credentials from the metadata server.
- A JSON file whose path is specified by the
use google_authz::{Credentials, GoogleAuthz};
let credentials = Credentials::builder().build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;
// same as above
let service = GoogleAuthz::new(service).await;
no auth:
let credentials = Credentials::builder().no_credentials().build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;
api key:
let credentials = Credentials::builder().api_key(api_key).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;
json:
let credentials = Credentials::builder().json(json).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;
json file:
let credentials = Credentials::builder().json_file(json_file).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;
metadata:
let credentials = Credentials::builder().metadata(None).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;
scope:
let credentials = Credentials::builder().scopes(scopes).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;
with tonic
When using with tonic crate, please enable the tonic
feature.
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
tracing_subscriber::fmt::init();
let project = env::args().nth(1).expect("cargo run --bin tonic -- <GCP_PROJECT_ID>");
let channel = Channel::from_static("https://pubsub.googleapis.com").connect().await?;
let channel = GoogleAuthz::new(channel).await;
let mut client = PublisherClient::new(channel);
let response = client
.list_topics(Request::new(ListTopicsRequest {
project: format!("projects/{}", project),
page_size: 10,
..Default::default()
}))
.await?;
println!("response = {:#?}", response);
Ok(())
}
The complete code can be found here.
Licensed under either of Apache License, Version 2.0 or MIT license at your option.