Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reference secrets from Cloud Run directly #143

Open
MarkEdmondson1234 opened this issue Nov 10, 2021 · 3 comments
Open

Reference secrets from Cloud Run directly #143

MarkEdmondson1234 opened this issue Nov 10, 2021 · 3 comments
Labels
enhancement New feature or request

Comments

@MarkEdmondson1234
Copy link
Owner

Helpful for env variables, auth files etc, will mean less buildsteps for deploying Cloud Run workflows

https://cloud.google.com/run/docs/configuring/secrets
@MarkEdmondson1234 MarkEdmondson1234 added the enhancement New feature or request label Nov 10, 2021
@bob-rietveld
Copy link

Hi Mark,

Thanks for making Google Cloud available for R, really great. I had a question about the Secrets. I have a Plumber function where I want to download a file from a gcs bucket, and interface with some other api's (like github).

What is the recommended way to do the authentication for gcs buckets? Below is some example code. Would I need to add a gcs_auth() and reference a secret?

I use cr_deploy_plumber() to deploy the code. ... If I try I see in the logs a error message with

No .httr-oauth file exists in current working directory. Do library authentication steps to provide credentials.

Thanks for your help.

library(googleCloudStorageR)

run <- function( file_name =NULL){

  # stop if no filename is provided
  if(is.null(file_name)){
    stop(
      "No file provided",
      call. = FALSE
    )
  }
  
  # set bucket
  googleCloudStorageR::gcs_global_bucket("some_bucket_name")
 
  
  # read local
  file <- googleCloudStorageR::gcs_get_object( file_name, 
                                                     overwrite = FALSE,
                                                     saveToDisk = file_name)
  
  #do something with the file

# return name for now
      return(file_name)
}

#' Receive pub/sub message
#' @post /pubsub
#' @param message a pub/sub message
pub <- function(message){
  
# set global bucket
  file_name <- run(message)
  
  paste("Echo:", file_name)
  
}

@MarkEdmondson1234
Copy link
Owner Author

For buckets I suggest making sure the Cloud Run service account has auth access to the bucket as well, then auth via googleAuthR/gargle gar_gce_auth() to reuse the auth running in the environment. This should mean you can avoid uploading service keys etc.

@bob-rietveld
Copy link

Thanks for the promt response.

Should I pass in the cloudrunner service account? e.g. googlecloudrunner@project_id.iam.gserviceaccount.com and does it matter if the gar_gce_auth() call live inside or outside of the run function?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarkEdmondson1234 @bob-rietveld