chore: support both identity and credentials

epam · Feb 28, 2024 · 275a266 · 275a266
1 parent 18986b9
commit 275a266
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -78,7 +78,24 @@ There are two types of credentials providers supported:
 
 #### User credentials
 
-You should set `storage.credential` to a path to private key JSON file. `storage.identity` may be empty.
+You should set `storage.credential` to a path to the private key JSON file and `storage.identity` must be unset.
+See example below:
+```
+{
+  "type": "service_account",
+  "project_id": "<your_project_id>",
+  "private_key_id": "<your_project_key_id>",
+  "private_key": "-----BEGIN PRIVATE KEY-----\n<your_private_key>\n-----END PRIVATE KEY-----\n",
+  "client_email": "gcp-dial-core@<your_project_id>.iam.gserviceaccount.com",
+  "client_id": "<client_id>",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gcp-dial-core.iam.gserviceaccount.com",
+  "universe_domain": "googleapis.com"
+}
+```
+Otherwise `storage.credential` is a private key in PEM format and `storage.identity` is a client email address.
 
 #### Temporary credentials
 

diff --git a/src/main/java/com/epam/aidial/core/storage/credential/CredentialProviderFactory.java b/src/main/java/com/epam/aidial/core/storage/credential/CredentialProviderFactory.java
@@ -9,7 +9,7 @@ public static CredentialProvider create(String providerName, String identity, St
         StorageProvider provider = StorageProvider.from(providerName);
         return switch (provider) {
             case S3, AZURE_BLOB -> new DefaultCredentialProvider(identity, credential);
-            case GOOGLE_CLOUD_STORAGE -> new GcpCredentialProvider(credential);
+            case GOOGLE_CLOUD_STORAGE -> new GcpCredentialProvider(identity, credential);
             case FILESYSTEM -> new DefaultCredentialProvider("identity", "credential");
             case AWS_S3 -> new AwsCredentialProvider(identity, credential);
         };

diff --git a/src/main/java/com/epam/aidial/core/storage/credential/GcpCredentialProvider.java b/src/main/java/com/epam/aidial/core/storage/credential/GcpCredentialProvider.java
@@ -23,11 +23,21 @@ public class GcpCredentialProvider implements CredentialProvider {
 
     private GoogleCredentials googleCredentials;
 
+    /**
+     *
+     * @param identity client email address
+     * @param credential could be private key or path to JSON file where the private resides
+     */
     @SneakyThrows
-    public GcpCredentialProvider(String pathToPrivateKey) {
-        if (pathToPrivateKey != null) {
-            this.credentials = getCredentialsFromJsonKeyFile(pathToPrivateKey);
+    public GcpCredentialProvider(String identity, String credential) {
+        if (identity != null && credential != null) {
+            // credential is a client email address
+            this.credentials = new Credentials(identity, credential);
+        } else if (credential != null) {
+            // credential is a path to private key JSON file
+            this.credentials = getCredentialsFromJsonKeyFile(credential);
         } else {
+            // use temporary credential provided by GCP
             this.googleCredentials = GoogleCredentials.getApplicationDefault();
         }
     }