embulk-input-gcs 0.1.5 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aa681f0822424f0c593fd882cb028f6d1ffd1084
-  data.tar.gz: 1f715e779e7997e3ebb52e72c3775f12aeb1c949
+  metadata.gz: c1337868e0a547834610ae572d49228a3394aff7
+  data.tar.gz: 52e83dd8d9b91eb7ca715ef36b3d74f8241e2860
 SHA512:
-  metadata.gz: 45ee5d75433ded0336ff43fba3c0cb2091ff63d67cf5ed6b53ce9dca642ae6663f5147e7bf3c395bd982e5bfc1f858f721c8df023ab90559dec88b710ce0478f
-  data.tar.gz: 78cba836847ea4f5ece8978b90130bdcab2bd31fe3bd7542da9f19bddda85ba2a286a878ddc7b4dd8d96828333386c824be51f84fc6d1c4dc54aeb2391991826
+  metadata.gz: b8980edca632680de44f5311b3e2a3c622d94e3ee15f76eade05a536eb96cf64397e8916b4b47516a0724b9a2d2b03666e78ff2bc9bdee60352a6714e3d3383e
+  data.tar.gz: 8ad0624eb9576e37dbeac7dc2eead16bc72bfae8f51274d81042f0657821024ea2595ccd71f637fa9c63af049dac6bdd61fc9fe5df24ec8d1b36ee3bfff85a56

data/README.md

@@ -15,13 +15,16 @@ embulk gem install embulk-input-gcs
 ```
 
 ### Google Service Account Settings
+
+If you chose "private_key" as [auth_method](#Authentication), you can get service_account_email and private_key like below.
+
 1. Make project at [Google Developers Console](https://console.developers.google.com/project).
 
 1. Make "Service Account" with [this step](https://cloud.google.com/storage/docs/authentication#service_accounts).
-   
-	Service Account has two specific scopes: read-only, read-write. 
-  
-	embulk-input-gcs can run "read-only" scopes.
+
+    Service Account has two specific scopes: read-only, read-write.
+
+    embulk-input-gcs can run "read-only" scopes.
 
 1. Generate private key in P12(PKCS12) format, and upload to machine.
 
@@ -37,6 +40,7 @@ embulk run /path/to/config.yml
 
 - **bucket** Google Cloud Storage bucket name (string, required)
 - **path_prefix** prefix of target keys (string, required)
+- **auth_method**  (string, optional, "private_key" or "compute_engine". default value is "private_key")
 - **service_account_email** Google Cloud Storage service_account_email (string, required)
 - **p12_keyfile_fullpath** fullpath of p12 key (string, required)
 - **application_name** application name anything you like (string, optional)
@@ -48,6 +52,7 @@ in:
   type: gcs
   bucket: my-gcs-bucket
   path_prefix: logs/csv-
+  auth_method: private_key #default
   service_account_email: ABCXYZ123ABCXYZ123.gserviceaccount.com
   p12_keyfile_path: /path/to/p12_keyfile.p12
   application_name: Anything you like
@@ -60,6 +65,7 @@ in:
   type: gcs
   bucket: my-gcs-bucket
   path_prefix: sample_
+  auth_method: private_key #default
   service_account_email: ABCXYZ123ABCXYZ123.gserviceaccount.com
   p12_keyfile_path: /path/to/p12_keyfile.p12
   application_name: Anything you like
@@ -81,6 +87,29 @@ in:
 out: {type: stdout}
 ```
 
+## Authentication
+
+There are two methods supported to fetch access token for the service account.
+
+1. Public-Private key pair
+2. Pre-defined access token (Compute Engine only)
+
+The examples above use the first one.  You first need to create a service account (client ID),
+download its private key and deploy the key with embulk.
+
+On the other hand, you don't need to explicitly create a service account for embulk when you
+run embulk in Google Compute Engine. In this second authentication method, you need to
+add the API scope "https://www.googleapis.com/auth/devstorage.read_only" to the scope list of your
+Compute Engine instance, then you can configure embulk like this.
+
+[Setting the scope of service account access for instances](https://cloud.google.com/compute/docs/authentication)
+
+```yaml
+input:
+  type: gcs
+  auth_method: compute_engine
+```
+
 ## Build
 
 ```

data/build.gradle

@@ -15,7 +15,7 @@ configurations {
 sourceCompatibility = 1.7
 targetCompatibility = 1.7
 
-version = "0.1.5"
+version = "0.1.6"
 
 dependencies {
     compile  "org.embulk:embulk-core:0.7.1"
@@ -46,7 +46,7 @@ Gem::Specification.new do |spec|
   spec.version       = "${project.version}"
   spec.authors       = ["Satoshi Akama"]
   spec.summary       = %[Google Cloud Storage input plugin for Embulk]
-  spec.description   = %[Reads files stored on Google Cloud Storage (Standard/Durable Reduced Availability/Nearline)]
+  spec.description   = %[Reads files stored on Google Cloud Storage (Standard, Durable Reduced Availability or Nearline)]
   spec.email         = ["satoshiakama@gmail.com"]
   spec.licenses      = ["Apache-2.0"]
   spec.homepage      = "https://github.com/embulk/embulk-input-gcs"

data/src/main/java/org/embulk/input/gcs/GcsAuthentication.java

@@ -0,0 +1,97 @@
+package org.embulk.input.gcs;
+
+import java.io.File;
+import java.io.IOException;
+
+import com.google.common.base.Optional;
+import com.google.common.collect.ImmutableList;
+import java.security.GeneralSecurityException;
+
+import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
+import com.google.api.client.googleapis.compute.ComputeCredential;
+import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
+import com.google.api.client.http.HttpTransport;
+import com.google.api.client.json.JsonFactory;
+import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.http.HttpRequestInitializer;
+import com.google.api.client.googleapis.json.GoogleJsonResponseException;
+import com.google.api.services.storage.Storage;
+import com.google.api.services.storage.StorageScopes;
+import com.google.api.services.storage.model.Objects;
+import org.embulk.spi.Exec;
+import org.slf4j.Logger;
+
+public class GcsAuthentication
+{
+    private final Logger log = Exec.getLogger(GcsAuthentication.class);
+    private final Optional<String> serviceAccountEmail;
+    private final Optional<String> p12KeyFilePath;
+    private final String applicationName;
+    private final HttpTransport httpTransport;
+    private final JsonFactory jsonFactory;
+    private final HttpRequestInitializer credentials;
+
+    public GcsAuthentication(String authMethod, Optional<String> serviceAccountEmail, Optional<String> p12KeyFilePath, String applicationName)
+            throws IOException, GeneralSecurityException
+    {
+        this.serviceAccountEmail = serviceAccountEmail;
+        this.p12KeyFilePath = p12KeyFilePath;
+        this.applicationName = applicationName;
+
+        this.httpTransport = GoogleNetHttpTransport.newTrustedTransport();
+        this.jsonFactory = new JacksonFactory();
+
+        if (authMethod.equals("compute_engine")) {
+            this.credentials = getComputeCredential();
+        } else {
+            this.credentials = getServiceAccountCredential();
+        }
+    }
+
+    /**
+     * @see https://developers.google.com/accounts/docs/OAuth2ServiceAccount#authorizingrequests
+     */
+    private GoogleCredential getServiceAccountCredential() throws IOException, GeneralSecurityException
+    {
+        // @see https://cloud.google.com/compute/docs/api/how-tos/authorization
+        // @see https://developers.google.com/resources/api-libraries/documentation/storage/v1/java/latest/com/google/api/services/storage/STORAGE_SCOPE.html
+        // @see https://developers.google.com/resources/api-libraries/documentation/bigquery/v2/java/latest/com/google/api/services/bigquery/BigqueryScopes.html
+        return new GoogleCredential.Builder()
+                .setTransport(httpTransport)
+                .setJsonFactory(jsonFactory)
+                .setServiceAccountId(serviceAccountEmail.orNull())
+                .setServiceAccountScopes(
+                        ImmutableList.of(
+                                StorageScopes.DEVSTORAGE_READ_ONLY
+                        )
+                )
+                .setServiceAccountPrivateKeyFromP12File(new File(p12KeyFilePath.orNull()))
+                .build();
+    }
+
+    /**
+     * @see http://developers.guge.io/accounts/docs/OAuth2ServiceAccount#creatinganaccount
+     * @see https://developers.google.com/accounts/docs/OAuth2
+     */
+    private ComputeCredential getComputeCredential() throws IOException
+    {
+        ComputeCredential credential = new ComputeCredential.Builder(httpTransport, jsonFactory)
+                .build();
+        credential.refreshToken();
+
+        return credential;
+    }
+
+    public Storage getGcsClient(String bucket) throws GoogleJsonResponseException, IOException
+    {
+        Storage client = new Storage.Builder(httpTransport, jsonFactory, credentials)
+                .setApplicationName(applicationName)
+                .build();
+
+        // For throw IOException when authentication is fail.
+        long maxResults = 1;
+        Objects objects = client.objects().list(bucket).setMaxResults(maxResults).execute();
+
+        return client;
+    }
+}

data/src/main/java/org/embulk/input/gcs/GcsFileInputPlugin.java

@@ -1,10 +1,8 @@
 package org.embulk.input.gcs;
 
 import java.util.List;
-import java.util.Arrays;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.math.BigInteger;
@@ -17,10 +15,10 @@ import org.embulk.config.Config;
 import org.embulk.config.ConfigInject;
 import org.embulk.config.ConfigDiff;
 import org.embulk.config.ConfigDefault;
+import org.embulk.config.ConfigException;
 import org.embulk.config.ConfigSource;
 import org.embulk.config.Task;
 import org.embulk.config.TaskSource;
-import org.embulk.config.TaskReport;
 import org.embulk.spi.Exec;
 import org.embulk.spi.BufferAllocator;
 import org.embulk.spi.FileInputPlugin;
@@ -29,13 +27,7 @@ import org.embulk.spi.util.InputStreamFileInput;
 
 import org.slf4j.Logger;
 
-import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
-import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
-import com.google.api.client.http.HttpTransport;
-import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.jackson2.JacksonFactory;
 import com.google.api.services.storage.Storage;
-import com.google.api.services.storage.StorageScopes;
 import com.google.api.services.storage.model.Bucket;
 import com.google.api.services.storage.model.Objects;
 import com.google.api.services.storage.model.StorageObject;
@@ -56,15 +48,21 @@ public class GcsFileInputPlugin
         @ConfigDefault("null")
         Optional<String> getLastPath();
 
+        @Config("auth_method")
+        @ConfigDefault("\"private_key\"")
+        AuthMethod getAuthMethod();
+
         @Config("service_account_email")
-        String getServiceAccountEmail();
+        @ConfigDefault("null")
+        Optional<String> getServiceAccountEmail();
 
         @Config("application_name")
         @ConfigDefault("\"Embulk GCS input plugin\"")
         String getApplicationName();
 
         @Config("p12_keyfile_fullpath")
-        String getP12KeyfileFullpath();
+        @ConfigDefault("null")
+        Optional<String> getP12KeyfileFullpath();
 
         List<String> getFiles();
         void setFiles(List<String> files);
@@ -74,8 +72,6 @@ public class GcsFileInputPlugin
     }
 
     private static final Logger log = Exec.getLogger(GcsFileInputPlugin.class);
-    private static HttpTransport httpTransport;
-    private static JsonFactory jsonFactory;
 
     @Override
     public ConfigDiff transaction(ConfigSource config,
@@ -83,13 +79,6 @@ public class GcsFileInputPlugin
     {
         PluginTask task = config.loadConfig(PluginTask.class);
 
-        try {
-            httpTransport = GoogleNetHttpTransport.newTrustedTransport();
-            jsonFactory = new JacksonFactory();
-        } catch (Exception e) {
-            log.warn("Could not generate http transport");
-        }
-
         // list files recursively
         task.setFiles(listFiles(task));
         // number of processors is same with number of files
@@ -128,39 +117,14 @@ public class GcsFileInputPlugin
     {
     }
 
-    /**
-     * @see https://developers.google.com/accounts/docs/OAuth2ServiceAccount#authorizingrequests
-     */
-    private static GoogleCredential getCredentialProvider (PluginTask task)
-    {
+    private static Storage newGcsClient(final PluginTask task) {
+        Storage client = null;
         try {
-            // @see https://cloud.google.com/compute/docs/api/how-tos/authorization
-            // @see https://developers.google.com/resources/api-libraries/documentation/storage/v1/java/latest/com/google/api/services/storage/STORAGE_SCOPE.html
-            GoogleCredential cred = new GoogleCredential.Builder().setTransport(httpTransport)
-                    .setJsonFactory(jsonFactory)
-                    .setServiceAccountId(task.getServiceAccountEmail())
-                    .setServiceAccountScopes(
-                            ImmutableList.of(
-                                    StorageScopes.DEVSTORAGE_READ_ONLY
-                            )
-                    )
-                    .setServiceAccountPrivateKeyFromP12File(new File(task.getP12KeyfileFullpath()))
-                    .build();
-            return cred;
-        } catch (IOException e) {
-            log.warn(String.format("Could not load client secrets file %s", task.getP12KeyfileFullpath()));
-        } catch (GeneralSecurityException e) {
-            log.warn ("Google Authentication was failed");
+            GcsAuthentication auth = new GcsAuthentication(task.getAuthMethod().getString(), task.getServiceAccountEmail(), task.getP12KeyfileFullpath(), task.getApplicationName());
+            client = auth.getGcsClient(task.getBucket());
+        } catch (GeneralSecurityException | IOException ex) {
+            throw new ConfigException(ex);
         }
-        return null;
-    }
-
-    private static Storage newGcsClient(PluginTask task)
-    {
-        GoogleCredential credentials = getCredentialProvider(task);
-        Storage client = new Storage.Builder(httpTransport, jsonFactory, credentials)
-                .setApplicationName(task.getApplicationName())
-                .build();
 
         return client;
     }
@@ -291,4 +255,22 @@ public class GcsFileInputPlugin
         @Override
         public void close() { }
     }
+
+    public enum AuthMethod
+    {
+        private_key("private_key"),
+        compute_engine("compute_engine");
+
+        private final String string;
+
+        AuthMethod(String string)
+        {
+            this.string = string;
+        }
+
+        public String getString()
+        {
+            return string;
+        }
+    }
 }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: embulk-input-gcs
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - Satoshi Akama
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-08-19 00:00:00.000000000 Z
+date: 2015-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -38,7 +38,7 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '10.0'
-description: Reads files stored on Google Cloud Storage (Standard/Durable Reduced Availability/Nearline)
+description: Reads files stored on Google Cloud Storage (Standard, Durable Reduced Availability or Nearline)
 email:
 - satoshiakama@gmail.com
 executables: []
@@ -54,11 +54,12 @@ files:
 - gradlew.bat
 - lib/embulk/input/gcs.rb
 - settings.gradle
+- src/main/java/org/embulk/input/gcs/GcsAuthentication.java
 - src/main/java/org/embulk/input/gcs/GcsFileInputPlugin.java
 - src/test/java/org/embulk/input/gcs/TestGcsFileInputPlugin.java
 - classpath/commons-codec-1.3.jar
 - classpath/commons-logging-1.1.1.jar
-- classpath/embulk-input-gcs-0.1.5.jar
+- classpath/embulk-input-gcs-0.1.6.jar
 - classpath/google-api-client-1.19.1.jar
 - classpath/google-api-services-storage-v1-rev27-1.19.1.jar
 - classpath/google-http-client-1.19.0.jar