From e6237336c13fa5ebc601998ae75b22a3b025d819 Mon Sep 17 00:00:00 2001 From: Dirkjan Ochtman Date: Wed, 28 Jun 2023 16:33:16 +0200 Subject: [PATCH] Deprioritize GCloudAuthorizedUser --- README.md | 7 ++++--- src/authentication_manager.rs | 16 ++++++++-------- src/lib.rs | 7 ++++--- 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 8da3982..57d4dc7 100644 --- a/README.md +++ b/README.md @@ -23,10 +23,11 @@ The library supports the following methods of retrieving tokens in the listed pr 1. Reading custom service account credentials from the path pointed to by the `GOOGLE_APPLICATION_CREDENTIALS` environment variable. Alternatively, custom service account credentials can be read from a JSON file or string. -2. Retrieving a token from the `gcloud` CLI tool, if it is available on the `PATH`. +2. Look for credentials in `.config/gcloud/application_default_credentials.json`; + if found, use these credentials to request refresh tokens. This file can be created + by invoking `gcloud auth application-default login`. 3. Use the default service account by retrieving a token from the metadata server. -4. Look for credentials in `.config/gcloud/application_default_credentials.json`; - if found, use these credentials to request refresh tokens. +4. Retrieving a token from the `gcloud` CLI tool, if it is available on the `PATH`. For more detailed information and examples, see the [docs][docs-url]. diff --git a/src/authentication_manager.rs b/src/authentication_manager.rs index 7150c49..cd364ab 100644 --- a/src/authentication_manager.rs +++ b/src/authentication_manager.rs @@ -34,12 +34,12 @@ impl AuthenticationManager { /// /// 1. Check if the `GOOGLE_APPLICATION_CREDENTIALS` environment variable if set; /// if so, use a custom service account as the token source. - /// 2. Check if the `gcloud` tool is available on the `PATH`; if so, use the - /// `gcloud auth print-access-token` command as the token source. + /// 2. Look for credentials in `.config/gcloud/application_default_credentials.json`; + /// if found, use these credentials to request refresh tokens. /// 3. Send a HTTP request to the internal metadata server to retrieve a token; /// if it succeeds, use the default service account as the token source. - /// 4. Look for credentials in `.config/gcloud/application_default_credentials.json`; - /// if found, use these credentials to request refresh tokens. + /// 4. Check if the `gcloud` tool is available on the `PATH`; if so, use the + /// `gcloud auth print-access-token` command as the token source. #[tracing::instrument] pub async fn new() -> Result { tracing::debug!("Initializing gcp_auth"); @@ -48,9 +48,9 @@ impl AuthenticationManager { } let client = types::client(); - let gcloud_error = match GCloudAuthorizedUser::new().await { + let default_user_error = match DefaultAuthorizedUser::new(&client).await { Ok(service_account) => { - tracing::debug!("Using GCloudAuthorizedUser"); + tracing::debug!("Using DefaultAuthorizedUser"); return Ok(Self::build(client, service_account)); } Err(e) => e, @@ -64,9 +64,9 @@ impl AuthenticationManager { Err(e) => e, }; - let default_user_error = match DefaultAuthorizedUser::new(&client).await { + let gcloud_error = match GCloudAuthorizedUser::new().await { Ok(service_account) => { - tracing::debug!("Using DefaultAuthorizedUser"); + tracing::debug!("Using GCloudAuthorizedUser"); return Ok(Self::build(client, service_account)); } Err(e) => e, diff --git a/src/lib.rs b/src/lib.rs index 400a491..08c29c5 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -10,10 +10,11 @@ //! 1. Reading custom service account credentials from the path pointed to by the //! `GOOGLE_APPLICATION_CREDENTIALS` environment variable. Alternatively, custom service //! account credentials can be read from a JSON file or string. -//! 2. Retrieving a token from the `gcloud` CLI tool, if it is available on the `PATH`. +//! 2. Look for credentials in `.config/gcloud/application_default_credentials.json`; +//! if found, use these credentials to request refresh tokens. This file can be created +//! by invoking `gcloud auth application-default login`. //! 3. Use the default service account by retrieving a token from the metadata server. -//! 4. Look for credentials in `.config/gcloud/application_default_credentials.json`; -//! if found, use these credentials to request refresh tokens. +//! 4. Retrieving a token from the `gcloud` CLI tool, if it is available on the `PATH`. //! //! For more details, see [`AuthenticationManager::new()`]. //!