Merge branch 'master' of https://github.com/abdolence/gcloud-sdk-rs

Author: ip1981

.github/workflows/security-audit.yml

@@ -1,20 +1,21 @@
 name: security audit
 on:
-  workflow_dispatch:
   push:
     paths:
       - '**/Cargo.toml'
       - '**/Cargo.lock'
   schedule:
     - cron: '5 4 * * 6'
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref_protected && github.run_id || github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
 jobs:
   security_audit:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions-rs/toolchain@v1
+      - uses: dtolnay/rust-toolchain@stable
         with:
-          profile: minimal
           toolchain: stable
           components: rustfmt, clippy
       - run: cargo install cargo-audit && cargo audit || true && cargo audit

Cargo.toml

@@ -13,4 +13,6 @@ members = [
     "examples/kms-client",
     "examples/id-token",
     "examples/iam-client",
+    "examples/artifact-registry-client",
+    "examples/servicecontrol-client",
 ]

README.md

@@ -53,7 +53,7 @@ More complete examples are located [here](examples).
 Cargo.toml:
 ```toml
 [dependencies]
-gcloud-sdk = { version = "0.25", features = ["google-firestore-v1"] }
+gcloud-sdk = { version = "0.26", features = ["google-firestore-v1"] }
 ```
 
 ## Example for REST API
@@ -87,8 +87,8 @@ Looks for credentials in the following places, preferring the first location fou
 The library provides the support for workload identity federation support to use "keyless" integrations with different providers:
 - URL based OIDC/SAML (for example GitHub actions) with text/json file formats;
 - File based OIDC/SAML  with text/json file formats;
-
-AWS provider is not supported yet (feel free to open a PR to support, https://github.com/abdolence/gcloud-sdk-rs/issues/29).
+- AWS external account: authentication from AWS computing instances(e.g. EC2, lambda, ECS, etc.) is now supported as "external-account-aws" feature in https://github.com/abdolence/gcloud-sdk-rs/pull/172.
+However, it is not intensively tested yet, so please report issues if there's a problem.
 
 ### Local development
 Don't confuse `gcloud auth login` with `gcloud auth application-default login` for local development,

examples/artifact-registry-client/Cargo.toml

@@ -0,0 +1,11 @@
+[package]
+name = "artifact-registry-client-example"
+version = "0.3.0"
+authors = ["grundjoseph@gmail.com"]
+edition = "2021"
+
+[dependencies]
+gcloud-sdk = { path = "./../../gcloud-sdk", default-features = false, features = ["google-devtools-artifactregistry-v1", "tls-webpki-roots"] }
+tokio = { version = "1.20", features = ["full"] }
+tracing = "0.1"
+tracing-subscriber = { version ="0.3", features = ["env-filter"] }

examples/artifact-registry-client/src/main.rs

@@ -0,0 +1,39 @@
+use gcloud_sdk::google::devtools::artifactregistry::v1::{
+    artifact_registry_client::ArtifactRegistryClient, ListRepositoriesRequest,
+};
+use gcloud_sdk::*;
+
+#[tokio::main]
+async fn main() -> Result<(), Box<dyn std::error::Error>> {
+    // Debug logging
+    let subscriber = tracing_subscriber::fmt()
+        .with_env_filter("gcloud_sdk=debug")
+        .finish();
+    tracing::subscriber::set_global_default(subscriber)?;
+
+    // Detect Google project ID using environment variables PROJECT_ID/GCP_PROJECT_ID
+    // or GKE metadata server when the app runs inside GKE
+    let google_project_id = GoogleEnvironment::detect_google_project_id().await
+    .expect("No Google Project ID detected. Please specify it explicitly using env variable: PROJECT_ID");
+
+    let artifactregistry_client: GoogleApi<ArtifactRegistryClient<GoogleAuthMiddleware>> =
+        GoogleApi::from_function(
+            ArtifactRegistryClient::new,
+            "https://artifactregistry.googleapis.com",
+            // cloud resource prefix: used only for some of the APIs (such as Firestore)
+            None,
+        )
+        .await?;
+
+    let response = artifactregistry_client
+        .get()
+        .list_repositories(tonic::Request::new(ListRepositoriesRequest {
+            parent: format!("projects/{google_project_id}/locations/us"),
+            ..Default::default()
+        }))
+        .await?;
+
+    println!("Response from artifactregistry: {response:?}");
+
+    Ok(())
+}

examples/gcs-rest-client/Cargo.toml

@@ -5,7 +5,7 @@ authors = ["me@abdolence.dev"]
 edition = "2021"
 
 [dependencies]
-gcloud-sdk = { path = "./../../gcloud-sdk", default-features = false, features = ["rest", "google-rest-storage-v1", "google-rest-compute-v1"] }
+gcloud-sdk = { path = "./../../gcloud-sdk", default-features = false, features = ["google-rest-storage-v1", "google-rest-compute-v1","tls-webpki-roots"] }
 tokio = { version = "1.20", features = ["full"] }
 tracing = "0.1"
 tracing-subscriber = { version ="0.3", features = ["env-filter"] }

examples/gcs-rest-client/src/main.rs

@@ -72,14 +72,21 @@ async fn test_compute() {
 
     let google_rest_client = gcloud_sdk::GoogleRestApi::new().await.unwrap();
 
+    let compute_config = google_rest_client
+        .create_google_compute_v1_config()
+        .await
+        .unwrap();
+    let request = gcloud_sdk::google_rest_apis::compute_v1::instances_api::ComputePeriodInstancesPeriodListParams {
+        project: google_project_id.to_string(),
+        zone: "us-central1-a".into(),
+        ..Default::default()
+    };
     let response = gcloud_sdk::google_rest_apis::compute_v1::instances_api::compute_instances_list(
-        &google_rest_client.create_google_compute_v1_config().await.unwrap(),
-        gcloud_sdk::google_rest_apis::compute_v1::instances_api::ComputePeriodInstancesPeriodListParams {
-            project: google_project_id.to_string(),
-            zone: "us-central1-a".to_string(),
-            ..Default::default()
-        }
-    ).await.unwrap();
+        &compute_config,
+        request,
+    )
+    .await
+    .unwrap();
 
     println!("{:?}", response);
 }

examples/servicecontrol-client/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "servicecontrol-client"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+chrono = "0.4.39"
+gcloud-sdk = { path = "./../../gcloud-sdk", default-features = false, features = ["google-rest-servicecontrol-v1", "tls-webpki-roots"] }
+serde_json = "1.0.138"
+thiserror = "2.0.11"
+tokio = { version = "1.20", features = ["full"] }
+uuid = { version = "1.8", default-features = false, features = ["v4"] }
+
+

examples/servicecontrol-client/src/main.rs

@@ -0,0 +1,74 @@
+use gcloud_sdk::{google_rest_apis::servicecontrol_v1, GoogleEnvironment, GoogleRestApi};
+
+#[derive(thiserror::Error, Debug)]
+enum Error {
+    #[error(transparent)]
+    Gcloud(#[from] gcloud_sdk::error::Error),
+    #[error(transparent)]
+    ServiceCheck(
+        #[from]
+        servicecontrol_v1::Error<
+            servicecontrol_v1::services_api::ServicecontrolPeriodServicesPeriodCheckError,
+        >,
+    ),
+    #[error("{}", format_check_errors(.0))]
+    ServiceCheckErrors(Vec<servicecontrol_v1::CheckError>),
+}
+
+fn format_check_errors(errs: &[servicecontrol_v1::CheckError]) -> String {
+    errs.iter()
+        .filter_map(|e| {
+            if let Some(ref code) = e.code {
+                let c = serde_json::to_string(code)
+                    .unwrap_or_else(|_| "ERROR_CODE_UNSPECIFIED".to_string());
+                if let Some(ref detail) = e.detail {
+                    Some(format!("{c}: {detail}"))
+                } else {
+                    Some(c)
+                }
+            } else {
+                None
+            }
+        })
+        .collect::<Vec<_>>()
+        .join(", ")
+}
+
+async fn services_check(client: GoogleRestApi, service_name: impl ToString) -> Result<(), Error> {
+    let cfg = client.create_google_servicecontrol_v1_config().await?;
+
+    let response = servicecontrol_v1::services_api::servicecontrol_services_check(
+        &cfg,
+        servicecontrol_v1::services_api::ServicecontrolPeriodServicesPeriodCheckParams {
+            service_name: service_name.to_string(),
+            check_request: Some(servicecontrol_v1::CheckRequest {
+                operation: Some(Box::new(servicecontrol_v1::Operation {
+                    start_time: Some(chrono::Utc::now().to_rfc3339()),
+                    operation_id: Some(uuid::Uuid::new_v4().to_string()),
+                    operation_name: Some("Whatever".to_string()),
+                    consumer_id: GoogleEnvironment::detect_google_project_id()
+                        .await
+                        .map(|id| format!("project:{id}")),
+                    ..Default::default()
+                })),
+                ..Default::default()
+            }),
+            ..Default::default()
+        },
+    )
+    .await?;
+
+    if let Some(errs) = response.check_errors {
+        Err(Error::ServiceCheckErrors(errs))
+    } else {
+        Ok(())
+    }
+}
+
+#[tokio::main]
+async fn main() -> Result<(), Error> {
+    let client = GoogleRestApi::new().await?;
+    services_check(client, "sandbox-lustre.sandbox.googleapis.com").await?;
+
+    Ok(())
+}

examples/simple-api-client/Cargo.toml

@@ -6,7 +6,7 @@ edition = "2021"
 
 [dependencies]
 #gcloud-sdk = { version = "0.25.0", git = "https://github.com/abdolence/gcloud-sdk-rs.git", branch = "master", default-features = false, features = ["tls-webpki-roots","google-logging-v2"] }
-gcloud-sdk = { path = "./../../gcloud-sdk", default-features = false,  features = ["tls-webpki-roots","google-logging-v2"] }
+gcloud-sdk = { path = "./../../gcloud-sdk", default-features = false,  features = ["tls-webpki-roots","google-logging-v2", "external-account-aws"] }
 tokio = { version = "1", features = ["full"] }
 tracing = "0.1"
 tracing-subscriber = { version ="0.3", features = ["env-filter"] }