gcs: add access token auth with --gcs-access-token

backend/googlecloudstorage/googlecloudstorage.go

@@ -60,16 +60,14 @@ const (
 	minSleep                    = 10 * time.Millisecond
 )
 
-var (
+// Description of how to auth for this app
-	// Description of how to auth for this app
+var storageConfig = &oauth2.Config{
-	storageConfig = &oauth2.Config{
+	Scopes:       []string{storage.DevstorageReadWriteScope},
-		Scopes:       []string{storage.DevstorageReadWriteScope},
+	Endpoint:     google.Endpoint,
-		Endpoint:     google.Endpoint,
+	ClientID:     rcloneClientID,
-		ClientID:     rcloneClientID,
+	ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret),
-		ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret),
+	RedirectURL:  oauthutil.RedirectURL,
-		RedirectURL:  oauthutil.RedirectURL,
+}
-	}
-)
 
 // Register with Fs
 func init() {
@@ -106,6 +104,12 @@ func init() {
 			Help:      "Service Account Credentials JSON blob.\n\nLeave blank normally.\nNeeded only if you want use SA instead of interactive login.",
 			Hide:      fs.OptionHideBoth,
 			Sensitive: true,
+		}, {
+			Name:      "access_token",
+			Help:      "Short-lived access token.\n\nLeave blank normally.\nNeeded only if you want use short-lived access token instead of interactive login.",
+			Hide:      fs.OptionHideConfigurator,
+			Sensitive: true,
+			Advanced:  true,
 		}, {
 			Name:    "anonymous",
 			Help:    "Access public buckets and objects without credentials.\n\nSet to 'true' if you just want to download files and don't configure credentials.",
@@ -379,6 +383,7 @@ type Options struct {
 	Enc                       encoder.MultiEncoder `config:"encoding"`
 	EnvAuth                   bool                 `config:"env_auth"`
 	DirectoryMarkers          bool                 `config:"directory_markers"`
+	AccessToken               string               `config:"access_token"`
 }
 
 // Fs represents a remote storage server
@@ -535,6 +540,9 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
 		if err != nil {
 			return nil, fmt.Errorf("failed to configure Google Cloud Storage: %w", err)
 		}
+	} else if opt.AccessToken != "" {
+		ts := oauth2.Token{AccessToken: opt.AccessToken}
+		oAuthClient = oauth2.NewClient(ctx, oauth2.StaticTokenSource(&ts))
 	} else {
 		oAuthClient, _, err = oauthutil.NewClient(ctx, name, m, storageConfig)
 		if err != nil {
@@ -944,7 +952,6 @@ func (f *Fs) Mkdir(ctx context.Context, dir string) (err error) {
 		return e
 	}
 	return f.createDirectoryMarker(ctx, bucket, dir)
-
 }
 
 // mkdirParent creates the parent bucket/directory if it doesn't exist

docs/content/googlecloudstorage.md

@@ -363,6 +363,20 @@ Properties:
 - Type:        string
 - Required:    false
 
+#### --gcs-access-token
+
+Short-lived access token.
+
+Leave blank normally.
+Needed only if you want use short-lived access tokens instead of interactive login.
+
+Properties:
+
+- Config:      access_token
+- Env Var:     RCLONE_GCS_ACCESS_TOKEN
+- Type:        string
+- Required:    false
+
 #### --gcs-anonymous
 
 Access public buckets and objects without credentials.