grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

example-gauth: Use application default creds instead of file argument (#11595) 

Also removed unnecessary refreshAccessToken() and fixed the reference to README.md.

Fixes #5677
This commit is contained in:
vinodhabib 2024-10-04 11:42:25 +05:30 committed by GitHub
parent 35f0d56894
commit 94a0a0d1c7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
examples/example-gauth/README.md
View File

@ -43,13 +43,13 @@ gcloud pubsub topics create Topic1
5. You will now need to set up [authentication](https://cloud.google.com/docs/authentication/) and a 5. You will now need to set up [authentication](https://cloud.google.com/docs/authentication/) and a
[service account](https://cloud.google.com/docs/authentication/#service_accounts) in order to access [service account](https://cloud.google.com/docs/authentication/#service_accounts) in order to access
Pub/Sub via gRPC APIs as described [here](https://cloud.google.com/iam/docs/creating-managing-service-accounts). Pub/Sub via gRPC APIs as described [here](https://cloud.google.com/iam/docs/creating-managing-service-accounts).
Assign the [role](https://cloud.google.com/iam/docs/granting-roles-to-service-accounts) `Project -> Owner` (**Note:** This step is unnecessary on Google platforms (Google App Engine / Google Cloud Shell / Google Compute Engine) as it will
automatically use the in-built Google credentials). Assign the [role](https://cloud.google.com/iam/docs/granting-roles-to-service-accounts) `Project -> Owner`
and for Key type select JSON. Once you click `Create`, a JSON file containing your key is downloaded to and for Key type select JSON. Once you click `Create`, a JSON file containing your key is downloaded to
your computer. Note down the path of this file or copy this file to the computer and file system where your computer. Note down the path of this file or copy this file to the computer and file system where
you will be running the example application as described later. Assume this JSON file is available at you will be running the example application as described later. Assume this JSON file is available at
`/path/to/JSON/file`. You can also use the `gcloud` shell commands to `/path/to/JSON/file` Set the value of the environment variable GOOGLE_APPLICATION_CREDENTIALS to this file path. You can also use the `gcloud` shell commands to
[create the service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts#iam-service-accounts-create-gcloud) [create the service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts#iam-service-accounts-create-gcloud).
and [the JSON file](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#iam-service-account-keys-create-gcloud).
#### To build the examples #### To build the examples
@ -62,19 +62,18 @@ $ ../gradlew installDist
#### How to run the example: #### How to run the example:
`google-auth-client` requires two command line arguments for the location of the JSON file and the project ID: `google-auth-client` requires one command line argument for the project ID:
```text ```text
USAGE: GoogleAuthClient <path-to-JSON-file> <project-ID> USAGE: GoogleAuthClient <project-ID>
``` ```
The first argument <path-to-JSON-file> is the location of the JSON file you created in step 5 above. The first argument <project-ID> is the project ID in the form "projects/xyz123" where "xyz123" is
The second argument <project-ID> is the project ID in the form "projects/xyz123" where "xyz123" is
the project ID of the project you created (or used) in step 2 above. the project ID of the project you created (or used) in step 2 above.
```bash ```bash
# Run the client # Run the client
./build/install/example-gauth/bin/google-auth-client /path/to/JSON/file projects/xyz123 ./build/install/example-gauth/bin/google-auth-client projects/xyz123
``` ```
That's it! The client will show the list of Pub/Sub topics for the project as follows: That's it! The client will show the list of Pub/Sub topics for the project as follows:
@ -93,7 +92,7 @@ the project ID of the project you created (or used) in step 2 above.
``` ```
$ mvn verify $ mvn verify
$ # Run the client $ # Run the client
$ mvn exec:java -Dexec.mainClass=io.grpc.examples.googleAuth.GoogleAuthClient -Dexec.args="/path/to/JSON/file projects/xyz123" $ mvn exec:java -Dexec.mainClass=io.grpc.examples.googleAuth.GoogleAuthClient -Dexec.args="projects/xyz123"
``` ```
## Bazel ## Bazel
@ -101,5 +100,5 @@ the project ID of the project you created (or used) in step 2 above.
``` ```
$ bazel build :google-auth-client $ bazel build :google-auth-client
$ # Run the client $ # Run the client
$ ../bazel-bin/google-auth-client /path/to/JSON/file projects/xyz123 $ ../bazel-bin/google-auth-client projects/xyz123
``` ```

26
examples/example-gauth/src/main/java/io/grpc/examples/googleAuth/GoogleAuthClient.java
View File

@ -33,7 +33,7 @@ import java.util.logging.Logger;
/** /**
* Example to illustrate use of Google credentials as described in * Example to illustrate use of Google credentials as described in
* @see <a href="../../../../../../GOOGLE_AUTH_EXAMPLE.md">Google Auth Example README</a> * @see <a href="../../../../../../README.md">Google Auth Example README</a>
* *
* Also @see <a href="https://cloud.google.com/pubsub/docs/reference/rpc/">Google Cloud Pubsub via gRPC</a> * Also @see <a href="https://cloud.google.com/pubsub/docs/reference/rpc/">Google Cloud Pubsub via gRPC</a>
*/ */
@ -52,7 +52,7 @@ public class GoogleAuthClient {
* *
* @param host host to connect to - typically "pubsub.googleapis.com" * @param host host to connect to - typically "pubsub.googleapis.com"
* @param port port to connect to - typically 443 - the TLS port * @param port port to connect to - typically 443 - the TLS port
* @param callCredentials the Google call credentials created from a JSON file * @param callCredentials the Google call credentials
*/ */
public GoogleAuthClient(String host, int port, CallCredentials callCredentials) { public GoogleAuthClient(String host, int port, CallCredentials callCredentials) {
// Google API invocation requires a secure channel. Channels are secure by default (SSL/TLS) // Google API invocation requires a secure channel. Channels are secure by default (SSL/TLS)
@ -63,7 +63,7 @@ public class GoogleAuthClient {
* Construct our gRPC client that connects to the pubsub server using an existing channel. * Construct our gRPC client that connects to the pubsub server using an existing channel.
* *
* @param channel channel that has been built already * @param channel channel that has been built already
* @param callCredentials the Google call credentials created from a JSON file * @param callCredentials the Google call credentials
*/ */
GoogleAuthClient(ManagedChannel channel, CallCredentials callCredentials) { GoogleAuthClient(ManagedChannel channel, CallCredentials callCredentials) {
this.channel = channel; this.channel = channel;
@ -101,32 +101,30 @@ public class GoogleAuthClient {
/** /**
* The app requires 2 arguments as described in * The app requires 2 arguments as described in
* @see <a href="../../../../../../GOOGLE_AUTH_EXAMPLE.md">Google Auth Example README</a> * @see <a href="../../../../../../README.md">Google Auth Example README</a>
* *
* arg0 = location of the JSON file for the service account you created in the GCP console * arg0 = project name in the form "projects/balmy-cirrus-225307" where "balmy-cirrus-225307" is
* arg1 = project name in the form "projects/balmy-cirrus-225307" where "balmy-cirrus-225307" is
* the project ID for the project you created. * the project ID for the project you created.
* *
* On non-Google platforms, the GOOGLE_APPLICATION_CREDENTIALS env variable should be set to the
* location of the JSON file for the service account you created in the GCP console.
*/ */
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
if (args.length < 2) { if (args.length < 1) {
logger.severe("Usage: please pass 2 arguments:\n" + logger.severe("Usage: please pass 1 argument:\n" +
"arg0 = location of the JSON file for the service account you created in the GCP console\n" + "arg0 = project name in the form \"projects/xyz\" where \"xyz\" is the project ID of the project you created.\n");
"arg1 = project name in the form \"projects/xyz\" where \"xyz\" is the project ID of the project you created.\n");
System.exit(1); System.exit(1);
} }
GoogleCredentials credentials = GoogleCredentials.fromStream(new FileInputStream(args[0])); GoogleCredentials credentials = GoogleCredentials.getApplicationDefault();
// We need to create appropriate scope as per https://cloud.google.com/storage/docs/authentication#oauth-scopes // We need to create appropriate scope as per https://cloud.google.com/storage/docs/authentication#oauth-scopes
credentials = credentials.createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform")); credentials = credentials.createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
// credentials must be refreshed before the access token is available
credentials.refreshAccessToken();
GoogleAuthClient client = GoogleAuthClient client =
new GoogleAuthClient("pubsub.googleapis.com", 443, MoreCallCredentials.from(credentials)); new GoogleAuthClient("pubsub.googleapis.com", 443, MoreCallCredentials.from(credentials));
try { try {
client.getTopics(args[1]); client.getTopics(args[0]);
} finally { } finally {
client.shutdown(); client.shutdown();
} }