This repository hosts Quarkus extensions for different Google Cloud Services.
You can find documentation for each of these extensions in their sub-directory:
They all share an optional common configuration property to set the project ID:
quarkus.google.cloud.project-id=<your-project-id>
If the project ID is not set, the extensions will default to using ServiceOptions.getDefaultProjectId()
that will use the default project detected via Application Default Credentials.
All these extensions work with applications built as native image executables.
These extensions work well within the various Google Cloud Functions extensions available inside Quarkus as they directly authenticate via the built-in credentials.
There are several ways to authenticate to Google Cloud, it depends on where your application runs (inside our outside Google Cloud Platform) and for which service.
The current authentication flow is as follows:
- Check the
quarkus.google.cloud.service-account-location
property, if it exists, use the service account file from this location. - Check the
quarkus.google.cloud.service-account-encoded-key
property, if it exists, use the service account base64 encoded content. - Check the access token returned as part of OpenId Connect Authorization Code Grant response after a user has authenticated with
Google OpenId Connect provider (see Quarkus OpenId Connect for Web Applications).
This access token can be used to access Google Services on behalf of the currently authenticated user
but will be ignored if the
quarkus.google.cloud.accessTokenEnabled
property is set tofalse
. - Use
GoogleCredentials.getApplicationDefault()
that will search for credentials in multiple places:- Credentials file pointed to by the
GOOGLE_APPLICATION_CREDENTIALS
environment variable. - Credentials provided by the Google Cloud SDK
gcloud auth application-default login
command. - Google Cloud managed environment (Google App Engine, Google Cloud Functions, GCE, ...) built-in credentials.
- Credentials file pointed to by the
**Google PubSub and Google Bigtable must be authenticated using the GOOGLE_APPLICATION_CREDENTIALS
environment variable only.
If you plan to use one of the Google Cloud services emulators (for running on localhost, or for testing purpose), on a non-authenticated environment, you'll need to mock the Google Cloud authentication.
For testing, this can be done by creating a CDI producer that will produce a mocked bean (with Quarkus mock support and Mockito) to replace the GoogleCloudCredentials
.
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Default;
import javax.enterprise.inject.Produces;
import javax.inject.Singleton;
import org.mockito.Mockito;
import com.google.auth.oauth2.GoogleCredentials;
import io.quarkus.test.Mock;
@Mock
@ApplicationScoped
public class GoogleCredentialsMockProducer {
@Produces
@Singleton
@Default
public GoogleCredentials googleCredential() {
return Mockito.mock(GoogleCredentials.class);
}
}
Example applications can be found inside the integration-test folder:
- main: RESTEasy endpoints using all the Google Cloud Services extensions, to be deployed as a standalone JAR.
- google-cloud-functions: A Google Cloud HTTP function using Google Cloud Storage.
- app-engine: A RESTEasy endpoint using Google Cloud Storage, to be deployed inside Google App Engine.
This project is still in its early stage.
Contributions are always welcome, but better create an issue to discuss them prior to any contributions.
Thanks goes to these wonderful people (emoji key):
Loïc Mathieu 💻 🚧 |
sberyozkin 💻 |
Daniel Zou 💻 |
Yuki Nagai 📖 |
Mads Opheim 💻 📖 |
PeterUlb 💻 |
Felipe Sabadini 💻 |
This project follows the all-contributors specification. Contributions of any kind welcome!