diff --git a/backend/drive/drive.go b/backend/drive/drive.go index e6cac2b1c..a036c9a03 100644 --- a/backend/drive/drive.go +++ b/backend/drive/drive.go @@ -202,7 +202,7 @@ func init() { m.Set("root_folder_id", "appDataFolder") } - if opt.ServiceAccountFile == "" && opt.ServiceAccountCredentials == "" { + if opt.ServiceAccountFile == "" && opt.ServiceAccountCredentials == "" && !opt.EnvAuth { return oauthutil.ConfigOut("teamdrive", &oauthutil.Options{ OAuth2Config: driveConfig, }) @@ -598,6 +598,18 @@ resource key is no needed. // Encode invalid UTF-8 bytes as json doesn't handle them properly. // Don't encode / as it's a valid name character in drive. Default: encoder.EncodeInvalidUtf8, + }, { + Name: "env_auth", + Help: "Get IAM credentials from runtime (environment variables or instance meta data if no env vars).\n\nOnly applies if service_account_file and service_account_credentials is blank.", + Default: false, + Advanced: true, + Examples: []fs.OptionExample{{ + Value: "false", + Help: "Enter AWS credentials in the next step.", + }, { + Value: "true", + Help: "Get GCP IAM credentials from the environment (env vars or IAM).", + }}, }}...), }) @@ -654,6 +666,7 @@ type Options struct { SkipDanglingShortcuts bool `config:"skip_dangling_shortcuts"` ResourceKey string `config:"resource_key"` Enc encoder.MultiEncoder `config:"encoding"` + EnvAuth bool `config:"env_auth"` } // Fs represents a remote drive server @@ -1122,6 +1135,12 @@ func createOAuthClient(ctx context.Context, opt *Options, name string, m configm if err != nil { return nil, fmt.Errorf("failed to create oauth client from service account: %w", err) } + } else if opt.EnvAuth { + scopes := driveScopes(opt.Scope) + oAuthClient, err = google.DefaultClient(ctx, scopes...) + if err != nil { + return nil, fmt.Errorf("failed to create client from environment: %w", err) + } } else { oAuthClient, _, err = oauthutil.NewClientWithBaseClient(ctx, name, m, driveConfig, getClient(ctx, opt)) if err != nil {