search

cboudereau / gcs-rsync

Lightweight Google Cloud Storage sync Rust Client with better performance than gsutil rsync
https://docs.rs/gcs-rsync/
MIT License
13 stars 8 forks source link

GCP metadata server credentials support #16

Closed bryancymo closed 2 years ago

bryancymo commented 2 years ago

Added credentials functions to acquire tokens from the GCP Metadata servers when running on GCP infrastructure. This allows the application to utilise the VM's native service account or in case of GKE the Workload Identity service account, in doing so eliminating the need to embed credentials as files.

cboudereau commented 2 years ago

Hello @bryancymo. Thank you for this nice PR.

I will review it next week but as far as I can see everything seems good.

Do you think it is possible to get an integration or a unit test for the meta api credentials ?

bryancymo commented 2 years ago

I could add a unit test that stubs the API, but its implemented as such that everything is caught by the HttpError which transparently passes it downstream. So its not really a valuable test imo. Integration tests are quite hard as you need to actually run the test on GCP infrastructure with access to the metadata API. Its not an API that is accessible from the outside...

cboudereau commented 2 years ago

In order to use the same docker image, #18 picked the metadata implementation but with an internal dyn trait update