Skip to content
Permalink
Browse files

Try to use Application Default Credentials when GCS is enabled but GC…

…S key is not provided
  • Loading branch information...
DarthSim committed Sep 30, 2019
1 parent 219d0f8 commit ed41919be26c0168d6289f693812903e2b08f32c
Showing with 27 additions and 4 deletions.
  1. +7 −0 config.go
  2. +9 −2 docs/serving_files_from_google_cloud_storage.md
  3. +1 −1 download.go
  4. +10 −1 gcs_transport.go
@@ -176,6 +176,7 @@ type config struct {
S3Enabled bool
S3Region string
S3Endpoint string
GCSEnabled bool
GCSKey string

ETagEnabled bool
@@ -307,6 +308,7 @@ func configure() {
strEnvConfig(&conf.S3Region, "IMGPROXY_S3_REGION")
strEnvConfig(&conf.S3Endpoint, "IMGPROXY_S3_ENDPOINT")

boolEnvConfig(&conf.GCSEnabled, "IMGPROXY_USE_GCS")
strEnvConfig(&conf.GCSKey, "IMGPROXY_GCS_KEY")

boolEnvConfig(&conf.ETagEnabled, "IMGPROXY_USE_ETAG")
@@ -447,6 +449,11 @@ func configure() {
}
}

if _, ok := os.LookupEnv("IMGPROXY_USE_GCS"); !ok && len(conf.GCSKey) > 0 {
logWarning("Set IMGPROXY_USE_GCS to true since it may be required by future versions to enable GCS support")
conf.GCSEnabled = true
}

if err := checkPresets(conf.Presets); err != nil {
logFatal(err.Error())
}
@@ -2,11 +2,18 @@

imgproxy can process images from Google Cloud Storage buckets. To use this feature, do the following:

1. Set `IMGPROXY_GCS_KEY` environment variable to the content of Google Cloud JSON key. Get more info about JSON keys: [https://cloud.google.com/iam/docs/creating-managing-service-account-keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys);
2. Use `gs://%bucket_name/%file_key` as the source image URL.
1. Set `IMGPROXY_USE_GCS` environment variable as `true`;
2. [Setup credentials](#setup-credentials) to grant access to your bucket;
3. Use `gs://%bucket_name/%file_key` as the source image URL.

If you need to specify generation of the source object, you can use query string of the source URL:

```
gs://%bucket_name/%file_key?%generation
```

### Setup credentials

If you run imgproxy inside Google Cloud infrastructure (Compute Engine, Kubernetes Engine, App Engine, and Cloud Functions, etc), and you have granted access to your bucket to the service account, you probably don't need doing anything here. imgproxy will try to use the credentials provided by Google.

Otherwise, set `IMGPROXY_GCS_KEY` environment variable to the content of Google Cloud JSON key. Get more info about JSON keys: [https://cloud.google.com/iam/docs/creating-managing-service-account-keys](https://cloud.google.com/iam/docs/creating-managing-service-account-keys).
@@ -77,7 +77,7 @@ func initDownloading() {
transport.RegisterProtocol("s3", newS3Transport())
}

if len(conf.GCSKey) > 0 {
if conf.GCSEnabled {
transport.RegisterProtocol("gs", newGCSTransport())
}

@@ -15,7 +15,16 @@ type gcsTransport struct {
}

func newGCSTransport() http.RoundTripper {
client, err := storage.NewClient(context.Background(), option.WithCredentialsJSON([]byte(conf.GCSKey)))
var (
client *storage.Client
err error
)

if len(conf.GCSKey) > 0 {
client, err = storage.NewClient(context.Background(), option.WithCredentialsJSON([]byte(conf.GCSKey)))
} else {
client, err = storage.NewClient(context.Background())
}

if err != nil {
logFatal("Can't create GCS client: %s", err)

0 comments on commit ed41919

Please sign in to comment.
You can’t perform that action at this time.