Skip to content

Commit

Permalink
Deprioritize GCloudAuthorizedUser
Browse files Browse the repository at this point in the history
  • Loading branch information
djc committed Jun 30, 2023
1 parent 8ecfee5 commit e623733
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 14 deletions.
7 changes: 4 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,11 @@ The library supports the following methods of retrieving tokens in the listed pr
1. Reading custom service account credentials from the path pointed to by the
`GOOGLE_APPLICATION_CREDENTIALS` environment variable. Alternatively, custom service
account credentials can be read from a JSON file or string.
2. Retrieving a token from the `gcloud` CLI tool, if it is available on the `PATH`.
2. Look for credentials in `.config/gcloud/application_default_credentials.json`;
if found, use these credentials to request refresh tokens. This file can be created
by invoking `gcloud auth application-default login`.
3. Use the default service account by retrieving a token from the metadata server.
4. Look for credentials in `.config/gcloud/application_default_credentials.json`;
if found, use these credentials to request refresh tokens.
4. Retrieving a token from the `gcloud` CLI tool, if it is available on the `PATH`.

For more detailed information and examples, see the [docs][docs-url].

Expand Down
16 changes: 8 additions & 8 deletions src/authentication_manager.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,12 @@ impl AuthenticationManager {
///
/// 1. Check if the `GOOGLE_APPLICATION_CREDENTIALS` environment variable if set;
/// if so, use a custom service account as the token source.
/// 2. Check if the `gcloud` tool is available on the `PATH`; if so, use the
/// `gcloud auth print-access-token` command as the token source.
/// 2. Look for credentials in `.config/gcloud/application_default_credentials.json`;
/// if found, use these credentials to request refresh tokens.
/// 3. Send a HTTP request to the internal metadata server to retrieve a token;
/// if it succeeds, use the default service account as the token source.
/// 4. Look for credentials in `.config/gcloud/application_default_credentials.json`;
/// if found, use these credentials to request refresh tokens.
/// 4. Check if the `gcloud` tool is available on the `PATH`; if so, use the
/// `gcloud auth print-access-token` command as the token source.
#[tracing::instrument]
pub async fn new() -> Result<Self, Error> {
tracing::debug!("Initializing gcp_auth");
Expand All @@ -48,9 +48,9 @@ impl AuthenticationManager {
}

let client = types::client();
let gcloud_error = match GCloudAuthorizedUser::new().await {
let default_user_error = match DefaultAuthorizedUser::new(&client).await {
Ok(service_account) => {
tracing::debug!("Using GCloudAuthorizedUser");
tracing::debug!("Using DefaultAuthorizedUser");
return Ok(Self::build(client, service_account));
}
Err(e) => e,
Expand All @@ -64,9 +64,9 @@ impl AuthenticationManager {
Err(e) => e,
};

let default_user_error = match DefaultAuthorizedUser::new(&client).await {
let gcloud_error = match GCloudAuthorizedUser::new().await {
Ok(service_account) => {
tracing::debug!("Using DefaultAuthorizedUser");
tracing::debug!("Using GCloudAuthorizedUser");
return Ok(Self::build(client, service_account));
}
Err(e) => e,
Expand Down
7 changes: 4 additions & 3 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,11 @@
//! 1. Reading custom service account credentials from the path pointed to by the
//! `GOOGLE_APPLICATION_CREDENTIALS` environment variable. Alternatively, custom service
//! account credentials can be read from a JSON file or string.
//! 2. Retrieving a token from the `gcloud` CLI tool, if it is available on the `PATH`.
//! 2. Look for credentials in `.config/gcloud/application_default_credentials.json`;
//! if found, use these credentials to request refresh tokens. This file can be created
//! by invoking `gcloud auth application-default login`.
//! 3. Use the default service account by retrieving a token from the metadata server.
//! 4. Look for credentials in `.config/gcloud/application_default_credentials.json`;
//! if found, use these credentials to request refresh tokens.
//! 4. Retrieving a token from the `gcloud` CLI tool, if it is available on the `PATH`.
//!
//! For more details, see [`AuthenticationManager::new()`].
//!
Expand Down

0 comments on commit e623733

Please sign in to comment.