Make credentials optional

- I noticed that it's possible to connect to GCS without calling with_application_credentials(). So now we call it only when google_application_credentials is available
splitgraph · May 2, 2023 · c0a8aac · c0a8aac
1 parent e118179
commit c0a8aac
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 12 deletions.
diff --git a/src/config/context.rs b/src/config/context.rs
@@ -1,4 +1,3 @@
-use std::env;
 use std::sync::Arc;
 use std::time::Duration;
 
@@ -128,16 +127,22 @@ fn build_object_store(cfg: &schema::SeafowlConfig) -> Arc<dyn ObjectStore> {
             Arc::new(store)
         }
         #[cfg(feature = "object-store-gcs")]
-        schema::ObjectStore::GCS(GCS { bucket }) => {
-            let google_application_credentials =
-                env::var("GOOGLE_APPLICATION_CREDENTIALS")
-                    .expect("Could not find GOOGLE_APPLICATION_CREDENTIALS env variable");
-
-            let builder = GoogleCloudStorageBuilder::new()
-                .with_bucket_name(bucket)
-                .with_service_account_path(google_application_credentials);
-
-            let store = builder.build().expect("Error creating object store");
+        schema::ObjectStore::GCS(GCS {
+            bucket,
+            google_application_credentials,
+        }) => {
+            let gcs_builder: GoogleCloudStorageBuilder =
+                GoogleCloudStorageBuilder::new().with_bucket_name(bucket);
+
+            let gcs_builder = if let Some(path) = google_application_credentials {
+                gcs_builder.with_service_account_path(path)
+            } else {
+                gcs_builder
+            };
+
+            let store = gcs_builder
+                .build()
+                .expect("Error creating GCS object store");
 
             Arc::new(store)
         }

diff --git a/src/config/schema.rs b/src/config/schema.rs
@@ -8,7 +8,7 @@ use crate::object_store::cache::{
 };
 use config::{Config, ConfigError, Environment, File, FileFormat, Map};
 use hex::encode;
-use log::info;
+use log::{info, warn};
 use rand::distributions::{Alphanumeric, DistString};
 use serde::Deserialize;
 use sha2::{Digest, Sha256};
@@ -129,6 +129,7 @@ pub struct S3 {
 #[derive(Deserialize, Debug, PartialEq, Eq, Clone)]
 pub struct GCS {
     pub bucket: String,
+    pub google_application_credentials: Option<String>,
 }
 
 #[derive(Deserialize, Debug, PartialEq, Eq, Clone)]
@@ -344,6 +345,16 @@ pub fn validate_config(config: SeafowlConfig) -> Result<SeafowlConfig, ConfigErr
         ));
     }
 
+    if let ObjectStore::GCS(GCS {
+        google_application_credentials: None,
+        ..
+    }) = config.object_store
+    {
+        warn!(
+            "You are trying to connect to a GCS bucket without providing credentials. Continuing anyway."
+        )
+    }
+
     if let Some(max_memory) = config.runtime.max_memory {
         if max_memory < MIN_MEMORY {
             return Err(ConfigError::Message(format!(