How to download from Google Cloud Storage by Alpakka-gcs without providing secret-key?

Question

I'm using Alpakka-gcs connecting to GCS from google-compute-engine perfectly if I provide gcs-secret-key on application.conf like the below.

alpakka.google.cloud.storage {
  project-id = "project_id"
  client-email = "client_email"
  private-key = "************gcs-secret-key************"
  base-url = "https://www.googleapis.com/" // default
  base-path = "/storage/v1" // default
  token-url = "https://www.googleapis.com/oauth2/v4/token" // default
  token-scope = "https://www.googleapis.com/auth/devstorage.read_write" // default
}

My question is how to connect compute-engine already having a credential without providing secret-key for alpakka.

The below code sample is working fine but I want to know alpakka way.

  def downloadObject(objectName:String, destFilePath: String): Unit = {

    import com.google.cloud.storage.BlobId
    import com.google.cloud.storage.StorageOptions
    import java.nio.file.Paths
    def credential:GoogleCredentials = ComputeEngineCredentials.create()
    val storage = StorageOptions.newBuilder.setCredentials(credential).setProjectId(projectId).build.getService

    val blob = storage.get(BlobId.of(bucketName, objectName))
    blob.downloadTo(Paths.get(destFilePath))
  }

score 2 · Accepted Answer · answered Dec 23 '20 at 10:49

If you look into the Alpakka sources, you can see an accessToken creation. Sadly, this version only support the internal call to GoogleTokenApi, a Alpakka made version to request token to Google Cloud. And based only on the private key, not on Metadata server or GOOGLE_APPLICATION_CREDENTIALS environment variable.

You can propose a change in the the project, or even develop it and push it to the project by using the Google Cloud oauth client library.

I see. Thank you for your detail explanation! – axt_star Dec 23 '20 at 13:32 — axt_star, Dec 23 '20 at 13:32

How to download from Google Cloud Storage by Alpakka-gcs without providing secret-key?

1 Answers1