连接 GCP 项目的 GCP SDK 认证代码

huangapple go评论93阅读模式
英文:

GO GCP SDK auth code to connect gcp project

问题

我正在使用以下代码,它按预期工作。我在命令行中使用gcloud auth application-default login并输入我的凭据,然后我能够成功地从我的MacBook上运行代码。

现在我需要在我的CI中运行这段代码,我们需要使用不同的方法,获取client_secret和client_id或服务账号/某些环境变量,通过GO代码实现的方式是什么?

import "google.golang.org/api/compute/v1"

project := "my-project"
region := "my-region"

ctx := context.Background()

c, err := google.DefaultClient(ctx, compute.CloudPlatformScope)
if err != nil {
    log.Fatal(err)
}

computeService, err := compute.New(c)
if err != nil {
    log.Fatal(err)
}

req := computeService.Routers.List(project, region)
if err := req.Pages(ctx, func(page *compute.RouterList) error {
    for _, router := range page.Items {
        // 处理每个`router`资源:
        fmt.Printf("%#v\n", router)
        // NAT网关可以在router.nats中找到
    }
    return nil
}); err != nil {
    log.Fatal(err)
}

请注意,这只是代码的翻译部分,不包括回答你关于获取client_secret和client_id或服务账号/环境变量的问题。

英文:

Im using the following code which works as expected, I use from the cli gcloud auth application-default login and enter my credentials and I was able to run the code successfully from my macbook.

Now I need to run this code in my CI and we need to use different approach , what should be the approach to get the client_secret
and client_id or service account / some ENV variable, what is the way for doing it via GO code?

import "google.golang.org/api/compute/v1"

project := "my-project"
region := "my-region"

ctx := context.Background()

c, err := google.DefaultClient(ctx, compute.CloudPlatformScope)
if err != nil {
    log.Fatal(err)
}

computeService, err := compute.New(c)
if err != nil {
    log.Fatal(err)
}

req := computeService.Routers.List(project, region)
if err := req.Pages(ctx, func(page *compute.RouterList) error {
    for _, router := range page.Items {
        // process each `router` resource:
        fmt.Printf("%#v\n", router)
        // NAT Gateways are found in router.nats
    }
    return nil
}); err != nil {
    log.Fatal(err)
}

答案1

得分: 2

由于您正在使用Jenkins,您可能希望从创建服务帐号开始。它指导您创建服务帐号并导出一个密钥,以便在另一个CI/CD系统中设置为变量。

然后,请参考客户端库的文档,了解如何使用源凭据创建新的客户端。

例如:

client, err := storage.NewClient(ctx, option.WithCredentialsFile("path/to/keyfile.json"))

如果您没有提供源凭据,它将尝试在本地读取凭据,并作为运行操作的服务帐号(在您的用例中不适用)。

英文:

Since you're using Jenkins you probably want to start with how to create a service account. It guides you on creating a service account and exporting a key to be set as a var in another CI/CD system.

Then refer to the docs from the client library on how to create a new client with source credential.

e.g.

client, err := storage.NewClient(ctx, option.WithCredentialsFile("path/to/keyfile.json"))

If you provided no source, it would attempt to read the credentials locally and act as the service account running the operation (not applicable in your use case).

答案2

得分: 0

许多持续集成工具都支持导出特定的环境变量,或者你的脚本/配置文件也可以实现这一功能。

但是,如果你想在持续集成环境中运行,为什么需要这样的配置呢?是为了进行集成测试吗?

有些服务可以在本地用于单元测试/冒烟测试。比如,对于发布-订阅服务,可以运行一个虚拟/本地的发布-订阅服务来执行一些测试。

或者也许我没有理解你的问题,如果是这样,请提供一个示例。

英文:

Many CIs support the export of specific env vars. Or your script / conf can do it too.

But if you want to run in a CI why you need such configuration? Integration tests?

Some services can be used locally for unit/smoke testing. Like pubsub, there is a way to run a fake/local pubsub to perform some tests.

Or perhaps I did not understand your question, in this case can you provide an example?

huangapple
  • 本文由 发表于 2022年3月22日 13:20:45
  • 转载请务必保留本文链接:https://go.coder-hub.com/71567247.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定