Use env-var GOOGLE_APPLICATION_CREDENTIALS or auth of gargle package
Pit-Storm opened this issue · 7 comments
Hi @MarkEdmondson1234 ,
Thanks for your work and that great package!
Do you thought about switching the name of the ENV-VAR to the Google default on named GOOGLE_APPLICATION_CREDENTIALS ? Like gaggle is doing it.? Or even using the Auth method provided by gaggle?
This would be a more convenient way to do Authentication and one has no need to set to variables pointing to the same location. Although deployment in GCP is very streamlined, because gaggle is discovering default application credentials for its self. So one doen't have to provide a json-key into the code.
Let me know if you need more information with this :-)
I think it should work as its using gargle under the hood, but would like some example code to check it. e.g. call token <- gargle::credentials_app_default() with correct scopes and then maybe load token via gcs_auth(token)
If I see some example of that working will look to integrate it more so it looks for it on startup.
The snippet you gave is not working.
As it is pointed out in gcs_auth() docs the auth is looking for a path to a json file. The discovery that gargle makes is, as far as i can understand it, not implemented in googleClaudStorageR.
Gargle has a article about non-interactive auth and even a one about using gargle in client packages.
The UseCase I'm adressing ist to deploy R code to GCP infrastructure where Application Default Credentials without a keyfile are used.
As far as I see it, there is an issue for extending the application default credentials discovery in gargle.
How can we work this out for this package here?
gcs_auth() registers a token into the package environment, it can create a token from the JSON file or take an already created token created via other means e.g. gargle::credentials_app_default() for this use case.
It would be good to have some example code that should work, and then I can fix it if it doesn't.
I think the workflow should at the moment work, and if it doesn't need some feedback on what needs to be done:
options(googleAuthR.verbose = 2)
library(googleCloudStorageR)
token <- gargle::credentials_app_default()
gcs_auth(token = token)What does the above return?
Hi @MarkEdmondson1234 and @Pit-Storm,
I ran across a similar (if not the same) issue today, and ended up here. My use case is running R on a Google Compute Engine instance (in JupyterLab). I wanted to be able to use the credentials baked into the instance, instead of having to create and manage a JSON key myself.
In this scenario the following line of your snippet returns NULL because there is no GOOGLE_APPLICATION_CREDENTIALS environment variable set pointing to a credential JSON.
token <- gargle::credentials_app_default()
However, as a workaround I found that using the GCE specific method for loading a token works fine:
library(googleCloudStorageR)
token <- gargle::credentials_gce()
gcs_auth(token=token)
gcs_list_objects("my_bucket")
I have found that in many client libraries the auth function goes through a waterfall that includes checking the env var, GCE default, manually specified credentials, etc. That might be worth considering if you are looking to extend out-of-the-box functionality.
@bhelm-prosper I think this is the workaround I had been looking forward to. Did you install the package from cran or github?
I hope it works for you! I just used CRAN.
Ahh I missed you were on a VM or similar in a GCP project. In that case it makes sense credentials_gce() will do it.