From 94997d25d2d8fa37a3615af5598bd9fb50e19bd5 Mon Sep 17 00:00:00 2001 From: Leandro Piccilli Date: Tue, 24 Sep 2024 09:19:36 +0200 Subject: [PATCH] gcs: add access token auth with --gcs-access-token --- .../googlecloudstorage/googlecloudstorage.go | 29 ++++++++++++------- docs/content/googlecloudstorage.md | 14 +++++++++ 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/backend/googlecloudstorage/googlecloudstorage.go b/backend/googlecloudstorage/googlecloudstorage.go index 07f589ab8..5953e24b8 100644 --- a/backend/googlecloudstorage/googlecloudstorage.go +++ b/backend/googlecloudstorage/googlecloudstorage.go @@ -60,16 +60,14 @@ const ( minSleep = 10 * time.Millisecond ) -var ( - // Description of how to auth for this app - storageConfig = &oauth2.Config{ - Scopes: []string{storage.DevstorageReadWriteScope}, - Endpoint: google.Endpoint, - ClientID: rcloneClientID, - ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret), - RedirectURL: oauthutil.RedirectURL, - } -) +// Description of how to auth for this app +var storageConfig = &oauth2.Config{ + Scopes: []string{storage.DevstorageReadWriteScope}, + Endpoint: google.Endpoint, + ClientID: rcloneClientID, + ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret), + RedirectURL: oauthutil.RedirectURL, +} // Register with Fs func init() { @@ -106,6 +104,12 @@ func init() { Help: "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.", Hide: fs.OptionHideBoth, Sensitive: true, + }, { + Name: "access_token", + Help: "Short-lived access token.\n\nLeave blank normally.\nNeeded only if you want use short-lived access token instead of interactive login.", + Hide: fs.OptionHideConfigurator, + Sensitive: true, + Advanced: true, }, { Name: "anonymous", Help: "Access public buckets and objects without credentials.\n\nSet to 'true' if you just want to download files and don't configure credentials.", @@ -379,6 +383,7 @@ type Options struct { Enc encoder.MultiEncoder `config:"encoding"` EnvAuth bool `config:"env_auth"` DirectoryMarkers bool `config:"directory_markers"` + AccessToken string `config:"access_token"` } // Fs represents a remote storage server @@ -535,6 +540,9 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e if err != nil { return nil, fmt.Errorf("failed to configure Google Cloud Storage: %w", err) } + } else if opt.AccessToken != "" { + ts := oauth2.Token{AccessToken: opt.AccessToken} + oAuthClient = oauth2.NewClient(ctx, oauth2.StaticTokenSource(&ts)) } else { oAuthClient, _, err = oauthutil.NewClient(ctx, name, m, storageConfig) if err != nil { @@ -944,7 +952,6 @@ func (f *Fs) Mkdir(ctx context.Context, dir string) (err error) { return e } return f.createDirectoryMarker(ctx, bucket, dir) - } // mkdirParent creates the parent bucket/directory if it doesn't exist diff --git a/docs/content/googlecloudstorage.md b/docs/content/googlecloudstorage.md index 08f634e9e..be52111a6 100644 --- a/docs/content/googlecloudstorage.md +++ b/docs/content/googlecloudstorage.md @@ -363,6 +363,20 @@ Properties: - Type: string - Required: false +#### --gcs-access-token + +Short-lived access token. + +Leave blank normally. +Needed only if you want use short-lived access tokens instead of interactive login. + +Properties: + +- Config: access_token +- Env Var: RCLONE_GCS_ACCESS_TOKEN +- Type: string +- Required: false + #### --gcs-anonymous Access public buckets and objects without credentials.