diff --git a/core/src/services/gcs/backend.rs b/core/src/services/gcs/backend.rs index 0ca6c015b0f..8861b22202f 100644 --- a/core/src/services/gcs/backend.rs +++ b/core/src/services/gcs/backend.rs @@ -74,6 +74,10 @@ pub struct GcsConfig { pub disable_vm_metadata: bool, /// Disable loading configuration from the environment. pub disable_config_load: bool, + /// A Google Cloud OAuth2 token. + /// + /// Takes precedence over `credential` and `credential_path`. + pub token: Option, } impl Debug for GcsConfig { @@ -214,6 +218,12 @@ impl GcsBuilder { self } + /// Provide the OAuth2 token to use. + pub fn token(mut self, token: String) -> Self { + self.config.token = Some(token); + self + } + /// Disable attempting to load credentials from the GCE metadata server. pub fn disable_vm_metadata(mut self) -> Self { self.config.disable_vm_metadata = true; @@ -354,6 +364,8 @@ impl Builder for GcsBuilder { client, signer, token_loader, + token: self.config.token, + scope: scope.to_string(), credential_loader: cred_loader, predefined_acl: self.config.predefined_acl.clone(), default_storage_class: self.config.default_storage_class.clone(), diff --git a/core/src/services/gcs/core.rs b/core/src/services/gcs/core.rs index 44565930251..ba11a577159 100644 --- a/core/src/services/gcs/core.rs +++ b/core/src/services/gcs/core.rs @@ -53,6 +53,8 @@ pub struct GcsCore { pub client: HttpClient, pub signer: GoogleSigner, pub token_loader: GoogleTokenLoader, + pub token: Option, + pub scope: String, pub credential_loader: GoogleCredentialLoader, pub predefined_acl: Option, @@ -76,6 +78,10 @@ static BACKOFF: Lazy = impl GcsCore { async fn load_token(&self) -> Result> { + if let Some(token) = &self.token { + return Ok(Some(GoogleToken::new(token, usize::MAX, &self.scope))); + } + let cred = { || self.token_loader.load() } .retry(&*BACKOFF) .await