/google-authz

google-authz = tower-service + gcp authentication

Primary LanguageRustApache License 2.0Apache-2.0

google-authz

ci Rust Documentation Latest Version

This library provides auto-renewed tokens for GCP service authentication.
google-authz = tower-service + gcp authentication

Notes

Authentication flow Status
API key Not supported / No plans to support
OAuth 2.0 client Supported
Environment-provided service account Supported
Service account key Supported

Example

Default

  • Scope is https://www.googleapis.com/auth/cloud-platform
  • Looks for credentials in the following places, preferring the first location found:
    • A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
    • A JSON file in a location known to the gcloud command-line tool.
    • On Google Compute Engine, it fetches credentials from the metadata server.
let creds = Credentials::default().await;
let service = AddAuthorization::init_with(creds, service);

// same as above
let service = AddAuthorization::init(service).await;

Custom

scope:

let creds = Credentials::find_default(scopes).await;
let service = AddAuthorization::init_with(creds, service);

json:

let creds = Credentials::from_json(json, scopes);
let service = AddAuthorization::init_with(creds, service);

file:

let creds = Credentials::from_file(path, scopes);
let service = AddAuthorization::init_with(creds,

with tonic

#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
    tracing_subscriber::fmt::init();

    let project = env::args().nth(1).expect("cargo run --bin tonic -- <GCP_PROJECT_ID>");

    let tls_config = ClientTlsConfig::new()
        .ca_certificate(Certificate::from_pem(CERTIFICATES))
        .domain_name("pubsub.googleapis.com");

    let channel = Channel::from_static("https://pubsub.googleapis.com")
        .tls_config(tls_config)?
        .connect()
        .await?;

    let channel = AddAuthorization::init(channel).await;

    let mut client = PublisherClient::new(channel);
    let resp = client
        .list_topics(Request::new(ListTopicsRequest {
            project: format!("projects/{}", project),
            page_size: 10,
            ..Default::default()
        }))
        .await?;
    println!("response = {:?}", resp);

    Ok(())
}

The complete code can be found here.

with hyper

#[tokio::main]
async fn main() -> Result<(), Box<dyn Error>> {
    tracing_subscriber::fmt::init();

    let project = env::args().nth(1).expect("cargo run --bin hyper -- <GCP_PROJECT_ID>");

    let https = HttpsConnector::with_native_roots();
    let client = hyper::Client::builder().build::<_, Body>(https);
    let mut client = Client::new(client).await;

    let uri = Uri::try_from(format!(
        "https://pubsub.googleapis.com/v1/projects/{}/topics?alt=json&prettyPrint=true",
        project
    ))?;
    let (parts, body) = client.get(uri).await?.into_parts();
    println!("response parts = {:?}", parts);

    let body = String::from_utf8(to_bytes(body).await?.to_vec())?;
    println!("resposne body = `{}`", body);

    Ok(())
}

The complete code can be found here.

License

Licensed under either of Apache License, Version 2.0 or MIT license at your option.