dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update documentation for GCP Secret Manager and Object Store support of implicit authentication (#4592) 

Signed-off-by: Anton Troshin <anton@diagrid.io>
Co-authored-by: Mark Fussell <markfussell@gmail.com>
This commit is contained in:
Anton Troshin 2025-04-13 14:51:58 -05:00 committed by GitHub
parent f83e3dc9ea
commit aa7a1155d0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 32 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
daprdocs/content/en/reference/components-reference/supported-bindings/gcpbucket.md
View File

@ -58,19 +58,24 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Binding support | Details | Example |
|--------------------|:--------:|------------|-----|---------|
| `bucket` | Y | Output | The bucket name | `"mybucket"` |
| `type` | Y | Output | Tge GCP credentials type | `"service_account"` |
| `project_id` | Y | Output | GCP project id| `projectId`
| `private_key_id` | Y | Output | GCP private key id | `"privateKeyId"`
| `private_key` | Y | Output | GCP credentials private key. Replace with x509 cert | `12345-12345`
| `client_email` | Y | Output | GCP client email | `"client@email.com"`
| `client_id` | Y | Output | GCP client id | `0123456789-0123456789`
| `auth_uri` | Y | Output | Google account OAuth endpoint | `https://accounts.google.com/o/oauth2/auth`
| `token_uri` | Y | Output | Google account token uri | `https://oauth2.googleapis.com/token`
| `auth_provider_x509_cert_url` | Y | Output | GCP credentials cert url | `https://www.googleapis.com/oauth2/v1/certs`
| `client_x509_cert_url` | Y | Output | GCP credentials project x509 cert url | `https://www.googleapis.com/robot/v1/metadata/x509/<PROJECT_NAME>.iam.gserviceaccount.com`
| `project_id` | Y | Output | GCP project ID | `projectId` |
| `type` | N | Output | The GCP credentials type | `"service_account"` |
| `private_key_id` | N | Output | If using explicit credentials, this field should contain the `private_key_id` field from the service account json document | `"privateKeyId"` |
| `private_key` | N | Output | If using explicit credentials, this field should contain the `private_key` field from the service account json. Replace with x509 cert | `12345-12345` |
| `client_email` | N | Output | If using explicit credentials, this field should contain the `client_email` field from the service account json | `"client@email.com"` |
| `client_id` | N | Output | If using explicit credentials, this field should contain the `client_id` field from the service account json | `0123456789-0123456789` |
| `auth_uri` | N | Output | If using explicit credentials, this field should contain the `auth_uri` field from the service account json | `https://accounts.google.com/o/oauth2/auth` |
| `token_uri` | N | Output | If using explicit credentials, this field should contain the `token_uri` field from the service account json | `https://oauth2.googleapis.com/token`|
| `auth_provider_x509_cert_url` | N | Output | If using explicit credentials, this field should contain the `auth_provider_x509_cert_url` field from the service account json | `https://www.googleapis.com/oauth2/v1/certs`|
| `client_x509_cert_url` | N | Output | If using explicit credentials, this field should contain the `client_x509_cert_url` field from the service account json | `https://www.googleapis.com/robot/v1/metadata/x509/<PROJECT_NAME>.iam.gserviceaccount.com`|
| `decodeBase64` | N | Output | Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` |
| `encodeBase64` | N | Output | Configuration to encode base64 file content before return the content. (In case of opening a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` |
## GCP Credentials
Since the GCP Storage Bucket component uses the GCP Go Client Libraries, by default it authenticates using **Application Default Credentials**. This is explained further in the [Authenticate to GCP Cloud services using client libraries](https://cloud.google.com/docs/authentication/client-libraries) guide.
Also, see how to [Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc).
## Binding support
This component supports **output binding** with the following operations:

2
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-gcp-pubsub.md
View File

@ -76,7 +76,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| projectId | Y | GCP project id| `myproject-123`
| projectId | Y | GCP project ID | `myproject-123`
| endpoint | N | GCP endpoint for the component to use. Only used for local development (for example) with [GCP Pub/Sub Emulator](https://cloud.google.com/pubsub/docs/emulator). The `endpoint` is unnecessary when running against the GCP production API. | `"http://localhost:8085"`
| `consumerID` | N | The Consumer ID organizes one or more consumers into a group. Consumers with the same consumer ID work as one virtual consumer; for example, a message is processed only once by one of the consumers in the group. If the `consumerID` is not provided, the Dapr runtime set it to the Dapr application ID (`appID`) value. The `consumerID`, along with the `topic` provided as part of the request, are used to build the Pub/Sub subscription ID | Can be set to string value (such as `"channel1"`) or string format value (such as `"{podName}"`, etc.). [See all of template tags you can use in your component metadata.]({{< ref "component-schema.md#templated-metadata-values" >}})
| identityProjectId | N | If the GCP pubsub project is different from the identity project, specify the identity project using this attribute | `"myproject-123"`

26
daprdocs/content/en/reference/components-reference/supported-secret-stores/gcp-secret-manager.md
View File

@ -50,16 +50,22 @@ The above example uses secrets as plain strings. It is recommended to use a loca
| Field | Required | Details | Example |
|--------------------|:--------:|--------------------------------|---------------------|
| type | Y | The type of the account. | `"service_account"` |
| project_id | Y | The project ID associated with this component. | `"project_id"` |
| private_key_id | N | The private key ID | `"privatekey"` |
| client_email | Y | The client email address | `"client@example.com"` |
| client_id | N | The ID of the client | `"11111111"` |
| auth_uri | N | The authentication URI | `"https://accounts.google.com/o/oauth2/auth"` |
| token_uri | N | The authentication token URI | `"https://oauth2.googleapis.com/token"` |
| auth_provider_x509_cert_url | N | The certificate URL for the auth provider | `"https://www.googleapis.com/oauth2/v1/certs"` |
| client_x509_cert_url | N | The certificate URL for the client | `"https://www.googleapis.com/robot/v1/metadata/x509/<project-name>.iam.gserviceaccount.com"`|
| private_key | Y | The private key for authentication | `"privateKey"` |
| `project_id` | Y | The project ID associated with this component. | `"project_id"` |
| `type` | N | The type of the account. | `"service_account"` |
| `private_key_id` | N | If using explicit credentials, this field should contain the `private_key_id` field from the service account json document | `"privateKeyId"`|
| `private_key` | N | If using explicit credentials, this field should contain the `private_key` field from the service account json. Replace with x509 cert | `12345-12345`|
| `client_email` | N | If using explicit credentials, this field should contain the `client_email` field from the service account json | `"client@email.com"`|
| `client_id` | N | If using explicit credentials, this field should contain the `client_id` field from the service account json | `0123456789-0123456789`|
| `auth_uri` | N | If using explicit credentials, this field should contain the `auth_uri` field from the service account json | `https://accounts.google.com/o/oauth2/auth`|
| `token_uri` | N | If using explicit credentials, this field should contain the `token_uri` field from the service account json | `https://oauth2.googleapis.com/token`|
| `auth_provider_x509_cert_url` | N | If using explicit credentials, this field should contain the `auth_provider_x509_cert_url` field from the service account json | `https://www.googleapis.com/oauth2/v1/certs`|
| `client_x509_cert_url` | N | If using explicit credentials, this field should contain the `client_x509_cert_url` field from the service account json | `https://www.googleapis.com/robot/v1/metadata/x509/<PROJECT_NAME>.iam.gserviceaccount.com`|
## GCP Credentials
Since the GCP Secret Manager component uses the GCP Go Client Libraries, by default it authenticates using **Application Default Credentials**. This is explained further in the [Authenticate to GCP Cloud services using client libraries](https://cloud.google.com/docs/authentication/client-libraries) guide.
Also, see how to [Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc).
## Optional per-request metadata properties