fix: allow default credentials to work for GCP

tus · Oct 22, 2024 · 0135b7a · 0135b7a
1 parent 9779a84
commit 0135b7a
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 9 deletions.
diff --git a/cmd/tusd/cli/composer.go b/cmd/tusd/cli/composer.go
@@ -76,12 +76,9 @@ func CreateComposer() {
 				"Please remove underscore from the value", Flags.GCSObjectPrefix)
 		}
 
-		// Derivce credentials from service account file path passed in
-		// GCS_SERVICE_ACCOUNT_FILE environment variable.
+		// Legacy: account file used to be provided by GCS_SERVICE_ACCOUNT_FILE environment variable.
+		// Now it is more common to default into ADC discovery mechanism.
 		gcsSAF := os.Getenv("GCS_SERVICE_ACCOUNT_FILE")
-		if gcsSAF == "" {
-			stderr.Fatalf("No service account file provided for Google Cloud Storage using the GCS_SERVICE_ACCOUNT_FILE environment variable.\n")
-		}
 
 		service, err := gcsstore.NewGCSService(gcsSAF)
 		if err != nil {

diff --git a/docs/_storage-backends/google-cloud-storage.md b/docs/_storage-backends/google-cloud-storage.md
@@ -6,11 +6,20 @@ nav_order: 5
 
 # Google Cloud Storage
 
-Tusd can store files directly on Google Cloud Storage. The uploaded file is directly transferred to S3 while the user is performing the upload without storing the entire file on disk first.
+Tusd can store files directly on Google Cloud Storage. The uploaded file is directly transferred to Storage Bucket while the user is performing the upload without storing the entire file on disk first.
 
 ## Configuration
 
-To enable this backend, you must supply the path to the corresponding account file using environment variables and specify the bucket name using `-gcs-bucket`, for example:
+To enable this backend, you must specify the bucket name using `-gcs-bucket`, for example:
+
+```bash
+$ tusd -gcs-bucket=my-test-bucket.com
+[tusd] Using 'gcs://my-test-bucket.com' as GCS bucket for storage.
+...
+```
+
+By default, Application Default Credentials [discovery mechanism](https://cloud.google.com/docs/authentication/external/set-up-adc) will be attempted.
+If `GCS_SERVICE_ACCOUNT_FILE` environment variable is provided, that account will be used instead:
 
 ```bash
 $ export GCS_SERVICE_ACCOUNT_FILE=./account.json

diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/tus/tusd/v2
 // Specify the Go version needed for the Heroku deployment
 // See https://github.com/heroku/heroku-buildpack-go#go-module-specifics
 // +heroku goVersion go1.22
-go 1.21.0
+go 1.22.1
 toolchain go1.22.7
 
 require (

diff --git a/pkg/gcsstore/gcsservice.go b/pkg/gcsstore/gcsservice.go
@@ -81,7 +81,12 @@ type GCSService struct {
 // NewGCSService returns a GCSService object given a GCloud service account file path.
 func NewGCSService(filename string) (*GCSService, error) {
 	ctx := context.Background()
-	client, err := storage.NewClient(ctx, option.WithCredentialsFile(filename))
+	var opts []option.ClientOption
+	if filename != "" {
+		opts = append(opts, option.WithCredentialsFile(filename))
+	}
+	client, err := storage.NewClient(ctx, opts...)
+
 	if err != nil {
 		return nil, err
 	}