-
Notifications
You must be signed in to change notification settings - Fork 1
/
gcs.go
47 lines (40 loc) · 1.51 KB
/
gcs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package duckdbreplicator
import (
"context"
"errors"
"strings"
"gocloud.dev/gcp"
"golang.org/x/oauth2/google"
)
var ErrNoCredentials = errors.New("empty credentials: set `google_application_credentials` env variable")
func newClient(ctx context.Context, jsonData string, allowHostAccess bool) (*gcp.HTTPClient, error) {
creds, err := credentials(ctx, jsonData, allowHostAccess)
if err != nil {
if !errors.Is(err, ErrNoCredentials) {
return nil, err
}
// no credentials set, we try with a anonymous client in case user is trying to access public buckets
return gcp.NewAnonymousHTTPClient(gcp.DefaultTransport()), nil
}
// the token source returned from credentials works for all kind of credentials like serviceAccountKey, credentialsKey etc.
return gcp.NewHTTPClient(gcp.DefaultTransport(), gcp.CredentialsTokenSource(creds))
}
func credentials(ctx context.Context, jsonData string, allowHostAccess bool) (*google.Credentials, error) {
if jsonData != "" {
// google_application_credentials is set, use credentials from json string provided by user
return google.CredentialsFromJSON(ctx, []byte(jsonData), "https://www.googleapis.com/auth/cloud-platform")
}
// google_application_credentials is not set
if allowHostAccess {
// use host credentials
creds, err := gcp.DefaultCredentials(ctx)
if err != nil {
if strings.Contains(err.Error(), "google: could not find default credentials") {
return nil, ErrNoCredentials
}
return nil, err
}
return creds, nil
}
return nil, ErrNoCredentials
}