gcs: add access token auth with --gcs-access-token
Some checks are pending
Docker beta build / Build image job (push) Waiting to run

This commit is contained in:
Leandro Piccilli 2024-09-24 09:19:36 +02:00 committed by Nick Craig-Wood
parent 19458e8459
commit 94997d25d2
2 changed files with 32 additions and 11 deletions

View File

@ -60,16 +60,14 @@ const (
minSleep = 10 * time.Millisecond minSleep = 10 * time.Millisecond
) )
var ( // Description of how to auth for this app
// Description of how to auth for this app var storageConfig = &oauth2.Config{
storageConfig = &oauth2.Config{
Scopes: []string{storage.DevstorageReadWriteScope}, Scopes: []string{storage.DevstorageReadWriteScope},
Endpoint: google.Endpoint, Endpoint: google.Endpoint,
ClientID: rcloneClientID, ClientID: rcloneClientID,
ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret), ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret),
RedirectURL: oauthutil.RedirectURL, RedirectURL: oauthutil.RedirectURL,
} }
)
// Register with Fs // Register with Fs
func init() { func init() {
@ -106,6 +104,12 @@ func init() {
Help: "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.", Help: "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.",
Hide: fs.OptionHideBoth, Hide: fs.OptionHideBoth,
Sensitive: true, Sensitive: true,
}, {
Name: "access_token",
Help: "Short-lived access token.\n\nLeave blank normally.\nNeeded only if you want use short-lived access token instead of interactive login.",
Hide: fs.OptionHideConfigurator,
Sensitive: true,
Advanced: true,
}, { }, {
Name: "anonymous", Name: "anonymous",
Help: "Access public buckets and objects without credentials.\n\nSet to 'true' if you just want to download files and don't configure credentials.", Help: "Access public buckets and objects without credentials.\n\nSet to 'true' if you just want to download files and don't configure credentials.",
@ -379,6 +383,7 @@ type Options struct {
Enc encoder.MultiEncoder `config:"encoding"` Enc encoder.MultiEncoder `config:"encoding"`
EnvAuth bool `config:"env_auth"` EnvAuth bool `config:"env_auth"`
DirectoryMarkers bool `config:"directory_markers"` DirectoryMarkers bool `config:"directory_markers"`
AccessToken string `config:"access_token"`
} }
// Fs represents a remote storage server // Fs represents a remote storage server
@ -535,6 +540,9 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to configure Google Cloud Storage: %w", err) return nil, fmt.Errorf("failed to configure Google Cloud Storage: %w", err)
} }
} else if opt.AccessToken != "" {
ts := oauth2.Token{AccessToken: opt.AccessToken}
oAuthClient = oauth2.NewClient(ctx, oauth2.StaticTokenSource(&ts))
} else { } else {
oAuthClient, _, err = oauthutil.NewClient(ctx, name, m, storageConfig) oAuthClient, _, err = oauthutil.NewClient(ctx, name, m, storageConfig)
if err != nil { if err != nil {
@ -944,7 +952,6 @@ func (f *Fs) Mkdir(ctx context.Context, dir string) (err error) {
return e return e
} }
return f.createDirectoryMarker(ctx, bucket, dir) return f.createDirectoryMarker(ctx, bucket, dir)
} }
// mkdirParent creates the parent bucket/directory if it doesn't exist // mkdirParent creates the parent bucket/directory if it doesn't exist

View File

@ -363,6 +363,20 @@ Properties:
- Type: string - Type: string
- Required: false - Required: false
#### --gcs-access-token
Short-lived access token.
Leave blank normally.
Needed only if you want use short-lived access tokens instead of interactive login.
Properties:
- Config: access_token
- Env Var: RCLONE_GCS_ACCESS_TOKEN
- Type: string
- Required: false
#### --gcs-anonymous #### --gcs-anonymous
Access public buckets and objects without credentials. Access public buckets and objects without credentials.