search

googleapis / google-cloud-java

Google Cloud Client Library for Java
https://cloud.google.com/java/docs/reference
Apache License 2.0
1.9k stars 1.07k forks source link

Cloud Function Service Client load credentials through String #10005

Open kresnofatihimani opened 1 year ago

kresnofatihimani commented 1 year ago

Thanks for stopping by to let us know something could be better!

PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.

Is your feature request related to a problem? Please describe. I want to load my GCP credentials for the Cloud Function Service Client thru env variable of json string (that contains the contents of GCP credentials) but I can't find it here. Is it not supported?

{
  "type": "external_account",
  "audience": "//iam.googleapis.com/projects/blabla/locations/blabla/workloadIdentityPools/...",
  "subject_token_type": "urn:ietf:params:aws:token-type:aws4_request",
  "token_url": "https://sts.googleapis.com/v1/token",
  "credential_source": {
    "environment_id": "aws1",
    "region_url": "http://someip/latest/meta-data/placement/availability-zone",
    "url": "http://someip/latest/meta-data/iam/security-credentials",
    "regional_cred_verification_url": "https://sts.{region}.amazonaws.com?Action=GetCallerIdentity&Version=2011-06-15"
  },
  "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/blablabla"
}

Describe the solution you'd like I would like a constructor for this client that uses a json string of the contents of the credentials file. 

### JsonNode type
public static final CloudFunctionsServiceClient create(JsonNode credentials) throws IOException {
    return create(CloudFunctionsServiceSettings.newBuilder().build());
  }

### String type
public static final CloudFunctionsServiceClient create(String jsonCredentials) throws IOException {
    return create(CloudFunctionsServiceSettings.newBuilder().build());
  }

Describe alternatives you've considered Used the file and the credential json file path set as an environment variable, but our security measures dictate that no credentials are to be saved as files.

blakeli0 commented 1 year ago

@TimurSadykov Do you have a workaround for this use case?