Merge pull request #1552 from lawrencejones/use-auto-auth

Automatically load Google auth

internal/backend/gs/config.go

@@ -8,13 +8,13 @@ import (
 	"github.com/restic/restic/internal/options"
 )
 
-// Config contains all configuration necessary to connect to a Google Cloud
-// Storage bucket.
+// Config contains all configuration necessary to connect to a Google Cloud Storage
+// bucket. We use Google's default application credentials to acquire an access token, so
+// we don't require that calling code supply any authentication material here.
 type Config struct {
-	ProjectID   string
-	JSONKeyPath string
-	Bucket      string
-	Prefix      string
+	ProjectID string
+	Bucket    string
+	Prefix    string
 
 	Connections uint `option:"connections" help:"set a limit for the number of concurrent connections (default: 20)"`
 }

internal/backend/gs/gs.go

@@ -15,9 +15,6 @@ import (
 	"github.com/restic/restic/internal/debug"
 	"github.com/restic/restic/internal/restic"
 
-	"io/ioutil"
-
-	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
 	"google.golang.org/api/googleapi"
 	storage "google.golang.org/api/storage/v1"
@@ -43,30 +40,12 @@ type Backend struct {
 // Ensure that *Backend implements restic.Backend.
 var _ restic.Backend = &Backend{}
 
-func getStorageService(jsonKeyPath string, rt http.RoundTripper) (*storage.Service, error) {
-
-	raw, err := ioutil.ReadFile(jsonKeyPath)
-	if err != nil {
-		return nil, errors.Wrap(err, "ReadFile")
-	}
-
-	conf, err := google.JWTConfigFromJSON(raw, storage.DevstorageReadWriteScope)
+func getStorageService() (*storage.Service, error) {
+	client, err := google.DefaultClient(context.TODO(), storage.DevstorageReadWriteScope)
 	if err != nil {
 		return nil, err
 	}
 
-	// create a new HTTP client
-	httpClient := &http.Client{
-		Transport: rt,
-	}
-
-	// create a now context with the HTTP client stored at the oauth2.HTTPClient key
-	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, httpClient)
-
-	// then pass this context to Client(), which returns a new HTTP client
-	client := conf.Client(ctx)
-
-	// that we can then pass to New()
 	service, err := storage.New(client)
 	if err != nil {
 		return nil, err
@@ -80,7 +59,7 @@ const defaultListMaxItems = 1000
 func open(cfg Config, rt http.RoundTripper) (*Backend, error) {
 	debug.Log("open, config %#v", cfg)
 
-	service, err := getStorageService(cfg.JSONKeyPath, rt)
+	service, err := getStorageService()
 	if err != nil {
 		return nil, errors.Wrap(err, "getStorageService")
 	}

internal/backend/gs/gs_test.go

@@ -34,7 +34,6 @@ func newGSTestSuite(t testing.TB) *test.Suite {
 
 			cfg := gscfg.(gs.Config)
 			cfg.ProjectID = os.Getenv("RESTIC_TEST_GS_PROJECT_ID")
-			cfg.JSONKeyPath = os.Getenv("RESTIC_TEST_GS_APPLICATION_CREDENTIALS")
 			cfg.Prefix = fmt.Sprintf("test-%d", time.Now().UnixNano())
 			return cfg, nil
 		},
@@ -88,8 +87,8 @@ func TestBackendGS(t *testing.T) {
 	}()
 
 	vars := []string{
+		"GOOGLE_APPLICATION_CREDENTIALS",
 		"RESTIC_TEST_GS_PROJECT_ID",
-		"RESTIC_TEST_GS_APPLICATION_CREDENTIALS",
 		"RESTIC_TEST_GS_REPOSITORY",
 	}
 
@@ -106,8 +105,8 @@ func TestBackendGS(t *testing.T) {
 
 func BenchmarkBackendGS(t *testing.B) {
 	vars := []string{
+		"GOOGLE_APPLICATION_CREDENTIALS",
 		"RESTIC_TEST_GS_PROJECT_ID",
-		"RESTIC_TEST_GS_APPLICATION_CREDENTIALS",
 		"RESTIC_TEST_GS_REPOSITORY",
 	}