/quarkus-google-cloud-services

Google Cloud Services Quarkus Extensions

Primary LanguageJavaApache License 2.0Apache-2.0

Quarkiverse - Quarkus Google Cloud Services

All Contributors version Build License

This repository hosts Quarkus extensions for different Google Cloud Services.

You can find documentation for each of these extensions in their sub-directory:

They all share an optional common configuration property to set the project ID:

quarkus.google.cloud.project-id=<your-project-id>

If the project ID is not set, the extensions will default to using ServiceOptions.getDefaultProjectId() that will use the default project detected via Application Default Credentials.

All these extensions work with applications built as native image executables.

These extensions work well within the various Google Cloud Functions extensions available inside Quarkus as they directly authenticate via the built-in credentials.

Authenticating to Google Cloud

There are several ways to authenticate to Google Cloud, it depends on where your application runs (inside our outside Google Cloud Platform) and for which service.

The current authentication flow is as follows:

  • Check the quarkus.google.cloud.service-account-location property, if it exists, use the service account file from this location.
  • Check the quarkus.google.cloud.service-account-encoded-key property, if it exists, use the service account base64 encoded content.
  • Check the access token returned as part of OpenId Connect Authorization Code Grant response after a user has authenticated with Google OpenId Connect provider (see Quarkus OpenId Connect for Web Applications). This access token can be used to access Google Services on behalf of the currently authenticated user but will be ignored if the quarkus.google.cloud.accessTokenEnabled property is set to false.
  • Use GoogleCredentials.getApplicationDefault() that will search for credentials in multiple places:
    • Credentials file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
    • Credentials provided by the Google Cloud SDK gcloud auth application-default login command.
    • Google Cloud managed environment (Google App Engine, Google Cloud Functions, GCE, ...) built-in credentials.

**Google PubSub and Google Bigtable must be authenticated using the GOOGLE_APPLICATION_CREDENTIALS environment variable only.

Google Cloud services emulators: mocking Google Cloud credentials

If you plan to use one of the Google Cloud services emulators (for running on localhost, or for testing purpose), on a non-authenticated environment, you'll need to mock the Google Cloud authentication.

For testing, this can be done by creating a CDI producer that will produce a mocked bean (with Quarkus mock support and Mockito) to replace the GoogleCloudCredentials.

import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Default;
import javax.enterprise.inject.Produces;
import javax.inject.Singleton;

import org.mockito.Mockito;

import com.google.auth.oauth2.GoogleCredentials;

import io.quarkus.test.Mock;

@Mock
@ApplicationScoped
public class GoogleCredentialsMockProducer {

  @Produces
  @Singleton
  @Default
  public GoogleCredentials googleCredential() {
    return Mockito.mock(GoogleCredentials.class);
  }
}

Example applications

Example applications can be found inside the integration-test folder:

  • main: RESTEasy endpoints using all the Google Cloud Services extensions, to be deployed as a standalone JAR.
  • google-cloud-functions: A Google Cloud HTTP function using Google Cloud Storage.
  • app-engine: A RESTEasy endpoint using Google Cloud Storage, to be deployed inside Google App Engine.

WARNING

This project is still in its early stage.

Contributions are always welcome, but better create an issue to discuss them prior to any contributions.

Contributors ✨

Thanks goes to these wonderful people (emoji key):


Loïc Mathieu

💻 🚧

sberyozkin

💻

Daniel Zou

💻

Yuki Nagai

📖

Mads Opheim

💻 📖

PeterUlb

💻

Felipe Sabadini

💻

This project follows the all-contributors specification. Contributions of any kind welcome!