@google-cloud/nodejs-common 1.4.0 → 1.5.0

package/index.js

@@ -24,6 +24,7 @@ exports.automl = require('./src/components/automl.js');
 exports.firestore = require('./src/components/firestore/index.js');
 exports.pubsub = require('./src/components/pubsub.js');
 exports.scheduler = require('./src/components/scheduler.js');
+exports.secretmanager = require('./src/components/secret_manager.js');
 exports.storage = require('./src/components/storage.js');
 exports.utils = require('./src/components/utils.js');
 exports.vertexai = require('./src/components/vertex_ai.js');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@google-cloud/nodejs-common",
-  "version": "1.4.0",
+  "version": "1.5.0",
   "description": "A NodeJs common library for solutions based on Cloud Functions",
   "author": "Google Inc.",
   "license": "Apache-2.0",
@@ -25,6 +25,7 @@
     "@google-cloud/pubsub": "^3.2.0",
     "@google-cloud/storage": "^6.5.2",
     "@google-cloud/scheduler": "^3.0.4",
+    "@google-cloud/secret-manager": "^4.1.3",
     "gaxios": "^5.0.2",
     "google-ads-api": "^11.1.0",
     "google-ads-node": "^9.1.0",

package/src/apis/ads_data_hub.js

@@ -41,12 +41,22 @@ class AdsDataHub {
    *     variables.
    */
   constructor(options, customerId = undefined, env = process.env) {
-    const authClient = new AuthClient(API_SCOPES, env);
-    this.auth = authClient.getDefaultAuth();
+    this.authClient = new AuthClient(API_SCOPES, env);
     /** @const{GaxiosOptions} */ this.options = options || {};
     /** @const{string|undefined=} */ this.customerId = customerId;
   }
 
+  /**
+   * Gets the auth object.
+   * @return {!Promise<{!OAuth2Client|!JWT|!Compute}>}
+   */
+  async getAuth_() {
+    if (this.auth) return this.auth;
+    await this.authClient.prepareCredentials();
+    this.auth = this.authClient.getDefaultAuth();
+    return this.auth;
+  }
+
   /**
    * Query name has the form
    * 'customers/[customerId]/analysisQueries/[resource_id]'. For better
@@ -82,7 +92,8 @@ class AdsDataHub {
    * @private
    */
   async sendRequestAndReturnResponse_(path, method = 'GET', data = undefined) {
-    const headers = await this.auth.getRequestHeaders();
+    const auth = await this.getAuth_();
+    const headers = await auth.getRequestHeaders();
     const url = this.getRequestBaseUrl_() + path;
     const response = await request(/** @type {GaxiosOptions} */
         Object.assign({}, this.options, {

package/src/apis/analytics.js

@@ -62,15 +62,24 @@ class Analytics {
    *     variables.
    */
   constructor(env = process.env) {
-    const authClient = new AuthClient(API_SCOPES, env);
-    const auth = authClient.getDefaultAuth();
-    /** @type {!google.analytics} */
-    this.instance = google.analytics({
+    this.authClient = new AuthClient(API_SCOPES, env);
+    this.logger = getLogger('API.GA');
+  }
+
+  /**
+   * Prepares the Google Analytics instace.
+   * @return {!google.analytics}
+   * @private
+   */
+  async getApiClient_() {
+    if (this.analytics) return this.analytics;
+    await this.authClient.prepareCredentials();
+    this.logger.debug(`Initialized ${this.constructor.name} instance.`);
+    this.analytics = google.analytics({
       version: API_VERSION,
-      auth,
+      auth: this.authClient.getDefaultAuth(),
     });
-    this.logger = getLogger('API.GA');
-    this.logger.debug(`Init ${this.constructor.name} with Debug Mode.`);
+    return this.analytics;
   }
 
   /**
@@ -92,7 +101,9 @@ class Analytics {
           }
         },
         config);
-    const response = await this.instance.management.uploads.uploadData(
+
+    const analytics = await this.getApiClient_();
+    const response = await analytics.management.uploads.uploadData(
         uploadConfig);
     this.logger.debug('Configuration: ', config);
     this.logger.debug('Upload Data: ', data);
@@ -140,7 +151,8 @@ class Analytics {
    * @return {!Promise<!Schema$Upload>} Updated data import Job status.
    */
   async checkJobStatus(jobConfig) {
-    const {data: job} = await this.instance.management.uploads.get(jobConfig);
+    const analytics = await this.getApiClient_();
+    const { data: job } = await analytics.management.uploads.get(jobConfig);
     if (job.status !== 'PENDING') return job;
     this.logger.debug(
         `GA Data Import Job[${jobConfig.uploadId}] is not finished.`);
@@ -157,7 +169,8 @@ class Analytics {
    * @return {!Promise<!Array<string>>}
    */
   async listAccounts() {
-    const response = await this.instance.management.accounts.list();
+    const analytics = await this.getApiClient_();
+    const response = await analytics.management.accounts.list();
     return response.data.items.map(
         (account) => `Account id: ${account.name}[${account.id}]`
     );
@@ -169,7 +182,8 @@ class Analytics {
    * @return {!Promise<!Array<Object>>}
    */
   async listUploads(config) {
-    const response = await this.instance.management.uploads.list(config);
+    const analytics = await this.getApiClient_();
+    const response = await analytics.management.uploads.list(config);
     return response.data.items;
   }
 
@@ -189,7 +203,8 @@ class Analytics {
     const request = Object.assign({}, config, {
       resource: {customDataImportUids},
     });
-    await this.instance.management.uploads.deleteUploadData(request);
+    const analytics = await this.getApiClient_();
+    await analytics.management.uploads.deleteUploadData(request);
     this.logger.debug('Delete uploads: ', customDataImportUids);
   }
 

package/src/apis/auth_client.js

@@ -22,7 +22,12 @@
 const fs = require('fs');
 const path = require('path');
 const {GoogleAuth, OAuth2Client, JWT, Compute} = require('google-auth-library');
-/** Environment variable name for OAuth2 key file location. */
+const { SecretManager } = require('../components/secret_manager.js');
+const { getLogger } = require('../components/utils.js');
+
+/** Environment variable name for Secret Manager secret name. */
+const DEFAULT_ENV_SECRET = 'SECRET_NAME';
+/** Environment variable name for OAuth2 token file location. */
 const DEFAULT_ENV_OAUTH = 'OAUTH2_TOKEN_JSON';
 /** Environment variable name for Service account key file location. */
 const DEFAULT_ENV_KEYFILE = 'API_SERVICE_ACCOUNT';
@@ -37,15 +42,25 @@ const DEFAULT_ENV_KEYFILE = 'API_SERVICE_ACCOUNT';
  *
  * There are two use cases for this authentication helper class:
  * 1. The user only has OAuth access due to some reasons, so ADC can't be used;
- * 2. ADC doesn't work for some external APIs. User-managed service account is
- * the only option. We have to manually initiate the Authentication object by
- * specifying the key files.
+ * 2. User-managed service account is requried for external APIs for some
+ * specific considerations, e.g. security. In this case, a file based key file
+ * can be used to generate a JWT auth client.
  *
- * To solve these challenges, this class tries to probe the OAuth  key file,
- * then service account key file based on the environment variables. It will
+ * To solve these challenges, this class tries to probe the settings from
+ * enviroment variables, starts from the name of secret (Secret Manager), OAuth
+ * token file (deprecated), then service account key file (deprecated). It will
  * fallback to ADC if those probing failed.
+ * Note, Secret Manager is the recommanded way to store tokens because it is a
+ * secure and convenient central storage system to manage access across Google
+ * Cloud.
+ *
+ * The recommended environment variable is:
+ * SECRET_NAME: the name of secret. The secret can be a oauth token file or a
+ * service account key file. This env var is used to offer a global auth for a
+ * solution. If different auths are required, the value of passed `env` can be
+ * set
  *
- * The expected environment variables are:
+ * Alternative environment variable but not recommended for prod environment:
  * OAUTH2_TOKEN_JSON : the oauth token key files, refresh token and proper API
  * scopes are expected here.
  * API_SERVICE_ACCOUNT : the service account key file. The email in the key file
@@ -55,35 +70,81 @@ class AuthClient {
   /**
    * Create a new instance with given API scopes.
    * @param {string|!Array<string>|!ReadonlyArray<string>} scopes
+   * @param {!Object<string,string>=} overwrittenEnv The key-value pairs to
+   *     over write env variables.
+   */
+  constructor(scopes, overwrittenEnv = {}) {
+    this.logger = getLogger('AUTH');
+    this.scopes = scopes;
+    this.env = Object.assign({}, process.env, overwrittenEnv);
+  }
+
+  /**
+   * Prepares the `oauthToken` object and/or `serviceAccountKey` based on the
+   * settings in enviroment object.
+   * A secret name is preferred to offer the token of the OAuth or key of a
+   * service account.
+   * To be compatible, this function also checks the env for oauth token file
+   * and service account key file if there is no secret name was set in the env.
+   */
+  async prepareCredentials() {
+    if (this.env[DEFAULT_ENV_SECRET]) {
+      const secretmanager = new SecretManager({
+        projectId: this.env.GCP_PROJECT,
+      });
+      const secret = await secretmanager.access(this.env[DEFAULT_ENV_SECRET]);
+      if (secret) {
+        const secretObj = JSON.parse(secret);
+        if (secretObj.token) {
+          this.oauthToken = secretObj;
+        } else {
+          this.serviceAccountKey = secretObj;
+        }
+        this.logger.info(`Get secret from SM ${this.env[DEFAULT_ENV_SECRET]}.`);
+        return;
+      }
+      this.logger.warn(`Cannot find SM ${this.env[DEFAULT_ENV_SECRET]}.`);
+    }
+    // To be compatible with previous solution.
+    const oauthTokenFile = this.getContentFromEnvVar(DEFAULT_ENV_OAUTH);
+    if (oauthTokenFile) {
+      this.oauthToken = JSON.parse(oauthTokenFile);
+    }
+    const serviceAccountKeyFile =
+      this.getContentFromEnvVar(DEFAULT_ENV_KEYFILE);
+    if (serviceAccountKeyFile) {
+      this.serviceAccountKey = JSON.parse(serviceAccountKeyFile);
+    }
+  }
+
+  /**
+   * Factory method to offer a prepared AuthClient intance in an async way.
+   * @param {string|!Array<string>|!ReadonlyArray<string>} scopes
    * @param {!Object<string,string>=} env The environment object to hold env
    *     variables.
+   * @return {!Promise<!AuthClient>}
    */
-  constructor(scopes, env = process.env) {
-    this.scopes = scopes;
-    this.oauthTokenFile = getFullPathForEnv(DEFAULT_ENV_OAUTH, env);
-    this.serviceAccountKeyFile = getFullPathForEnv(DEFAULT_ENV_KEYFILE, env);
+  static async build(scopes, env) {
+    const instance = new AuthClient(scopes, env);
+    await instance.prepareCredentials();
+    return instance;
   }
 
   /**
    * Generates an authentication client of OAuth, JWT or ADC based on the
-   * environment settings. The authentication method is determined by
-   * environment variables at runtime. The priorities for different
-   * authentications are:
-   * 1. OAuth, return an OAuth client if there is a OAuth key file available.
-   * 2. JWT, return JWT client if a user managed service account key file is
-   * available.
+   * environment settings. The authentication method is determined by the type
+   * of available credentials:
+   * 1. OAuth, return an OAuth token if available.
+   * 2. JWT, return JWT client if a service account key is available.
    * 3. ADC if none of these files exists.
    * @return {!OAuth2Client|!JWT|!Compute}
    */
   getDefaultAuth() {
-    if (typeof this.oauthTokenFile !== 'undefined') {
-      console.log(`Auth mode OAUTH: ${this.oauthTokenFile}`);
+    if (typeof this.oauthToken !== 'undefined') {
       return this.getOAuth2Client();
-    } else if (typeof this.serviceAccountKeyFile !== 'undefined') {
-      console.log(`Auth mode JWT: ${this.serviceAccountKeyFile}`);
+    } else if (typeof this.serviceAccountKey !== 'undefined') {
       return this.getServiceAccount();
     } else {
-      console.log(`Auth mode ADC`);
       return this.getApplicationDefaultCredentials();
     }
   }
@@ -100,33 +161,36 @@ class AuthClient {
    * @return {!Compute|!JWT}
    */
   getApplicationDefaultCredentials() {
+    this.logger.info(`Mode ADC`);
     return new GoogleAuth({scopes: this.scopes});
   }
 
   /**
    * Returns an OAuth2 client based on the given key file.
-   * @param {string=} keyFile Full path for the OAuth key file.
-   *     `client_id`, `client_secret`, `tokens` are expected in that JSON file.
    * @return {!OAuth2Client}
    */
-  getOAuth2Client(keyFile = this.oauthTokenFile) {
-    this.ensureFileExisting_(keyFile, 'OAUTH token');
-    const key = JSON.parse(fs.readFileSync(keyFile).toString());
-    console.log(`Get OAuth token with client Id: ${key.client_id}`);
-    const oAuth2Client = new OAuth2Client(key.client_id, key.client_secret);
-    oAuth2Client.setCredentials({refresh_token: key.token.refresh_token});
+  getOAuth2Client() {
+    this.ensureCredentialExists_(this.oauthToken, 'OAuth token');
+    const { client_id, client_secret, token } = this.oauthToken;
+    const oAuth2Client = new OAuth2Client(client_id, client_secret);
+    oAuth2Client.setCredentials({ refresh_token: token.refresh_token });
     return oAuth2Client;
   }
 
   /**
    * Returns a JWT client based on the given service account key file.
-   * @param {string=} keyFile Full path for the service account key file.
    * @return {!JWT}
    */
-  getServiceAccount(keyFile = this.serviceAccountKeyFile) {
-    this.ensureFileExisting_(keyFile, 'Service Account key');
-    console.log(`Get Service Account's key file: ${keyFile}`);
-    return new JWT({keyFile, scopes: this.scopes,});
+  getServiceAccount() {
+    this.ensureCredentialExists_(this.serviceAccountKey, 'Service Account key');
+    this.logger.info(`Mode JWT`);
+    const { private_key_id, private_key, client_email } = this.serviceAccountKey;
+    return new JWT({
+      email: client_email,
+      key: private_key,
+      keyId: private_key_id,
+      scopes: this.scopes,
+    });
   }
 
   /**
@@ -134,58 +198,57 @@ class AuthClient {
    * OAuth2 based on the given key file.
    * Some API library (google-ads-api） doesn't support google-auth-library
    * directly and needs plain keys.
-   * @param {string=} keyFile Full path for the OAuth key file.
-   *     `client_id`, `client_secret`, `tokens` are expected in that JSON file.
    * @return {{
    *   clientId:string,
    *   clientSecret:string,
    *   refreshToken:string,
    * }}
    */
-  getOAuth2Token(keyFile = this.oauthTokenFile) {
-    this.ensureFileExisting_(keyFile, 'OAuth token');
-    const key = JSON.parse(fs.readFileSync(keyFile).toString());
+  getOAuth2Token() {
+    this.ensureCredentialExists_(this.oauthToken, 'OAuth token');
+    this.logger.info(`Mode OAUTH`);
+    const { client_id, client_secret, token } = this.oauthToken;
     return {
-      clientId: key.client_id,
-      clientSecret: key.client_secret,
-      refreshToken: key.token.refresh_token,
+      clientId: client_id,
+      clientSecret: client_secret,
+      refreshToken: token.refresh_token,
     };
   }
 
   /**
    * Some APIs only support one authorization type, so we have to designate a
-   * specific auth method. If the related key/token file is not available, the
-   * auth will fail. The function throws errors with more meaningful message.
-   * @param {string} file Target file path
+   * specific auth method rather than the 'getDefaultAuth'. If the related
+   * key/token is not available, the auth should fail. The function throws
+   * errors with a meaningful message.
+   * @param {object} credential - Credential object.
    * @param {string} type Key type name, 'OAuth token' or 'Service Account key'
    * @private
    */
-  ensureFileExisting_(file, type) {
-    if (!file) throw new Error(`Required ${type} file doesn't exist.`);
+  ensureCredentialExists_(credential, type) {
+    if (!credential) throw new Error(`Required ${type} does not exist.`);
   }
-}
 
-/**
- * Returns the full path of a existent file whose path (relative or
- * absolute) is the value of the given environment variable.
- * @param {string} envName The name of environment variable for the file path.
- * @param {!Object<string,string>=} env The environment object to hold env
- *     variables.
- * @return {?string} Full path of the file what set as an environment variable.
- */
-function getFullPathForEnv(envName, env) {
-  const envValue = env[envName];
-  if (typeof envValue === 'undefined') {
-    console.log(`Env[${envName}] doesn't have a value.`);
-  } else {
-    const fullPath = envValue.startsWith('/') ?
-        envValue :
-        path.join(__dirname, envValue);
-    if (fs.existsSync(fullPath)) {
-      console.log(`Find file '${fullPath}' set in env as [${envName}].`);
-      return fullPath;
-    } else {
-      console.error(`Can't find '${fullPath}' which set in env[${envName}].`);
+  /**
+   * Returns the content of a file whose path is set as an env variable.
+   * The path can be relative or absolute. The function will append current path
+   * before the relative path.
+   * @param {string} varName The name of environment variable for the file path.
+   * @return {?string} Content of the file what set as an environment variable.
+   */
+  getContentFromEnvVar(varName) {
+    const value = this.env[varName];
+    if (value) {
+      const fullPath = value.startsWith('/')
+        ? value
+        : path.join(__dirname, value);
+      if (fs.existsSync(fullPath)) {
+        this.logger.info(`Find file '${fullPath}' as [${varName}] in env.`);
+        return fs.readFileSync(fullPath).toString();
+      } else {
+        this.logger.error(
+          `Cannot find '${fullPath}' which is as env[${varName}].`
+        );
+      }
     }
   }
 }

package/src/apis/cloud_platform_apis.js

@@ -34,11 +34,21 @@ const API_VERSION = 'v1';
 class CloudPlatformApis {
   constructor(env = process.env) {
     /** @const {!AuthClient} */
-    const authClient = new AuthClient(API_SCOPES, env);
-    this.auth = authClient.getDefaultAuth();
+    this.authClient = new AuthClient(API_SCOPES, env);
     this.projectId = env['GCP_PROJECT'];
   }
 
+  /**
+   * Gets the auth object.
+   * @return {!Promise<{!OAuth2Client|!JWT|!Compute}>}
+   */
+  async getAuth_() {
+    if (this.auth) return this.auth;
+    await this.authClient.prepareCredentials();
+    this.auth = this.authClient.getDefaultAuth();
+    return this.auth;
+  }
+
   /**
    * Gets the GCP project Id. In Cloud Functions, it *should* be passed in
    * through environment variable during the deployment. But if it doesn't exist
@@ -67,7 +77,7 @@ class CloudPlatformApis {
   async testIamPermissions(permissions) {
     const resourceManager = google.cloudresourcemanager({
       version: API_VERSION,
-      auth: this.auth,
+      auth: await this.getAuth_(),
     });
     const projectId = await this.getProjectId_();
     const request = {

package/src/apis/dfa_reporting.js

@@ -34,7 +34,7 @@ const API_SCOPES = Object.freeze([
   'https://www.googleapis.com/auth/dfareporting',
   'https://www.googleapis.com/auth/dfatrafficking',
 ]);
-const API_VERSION = 'v3.5';
+const API_VERSION = 'v4';
 
 /**
  * Configuration for preparing conversions for Campaign Manager, includes:
@@ -65,7 +65,7 @@ let InsertConversionsConfig;
 /**
  * List of properties that will be take from the data file as elements of a
  * conversion.
- * See https://developers.google.com/doubleclick-advertisers/rest/v3.5/Conversion
+ * See https://developers.google.com/doubleclick-advertisers/rest/v4/Conversion
  * @type {Array<string>}
  */
 const PICKED_PROPERTIES = [
@@ -87,14 +87,34 @@ class DfaReporting {
    *     variables.
    */
   constructor(env = process.env) {
-    const authClient = new AuthClient(API_SCOPES, env);
-    this.auth = authClient.getDefaultAuth();
-    /** @const {!google.dfareporting} */
-    this.instance = google.dfareporting({
+    this.authClient = new AuthClient(API_SCOPES, env);
+    this.logger = getLogger('API.CM');
+  }
+
+  /**
+    * Prepares the Google DfaReport API instance.
+    * @return {!google.dfareporting}
+    * @private
+    */
+  async getApiClient_() {
+    if (this.dfareporting) return this.dfareporting;
+    this.logger.debug(`Initialized ${this.constructor.name} instance.`);
+    this.dfareporting = google.dfareporting({
       version: API_VERSION,
-      auth: this.auth,
+      auth: await this.getAuth_(),
     });
-    this.logger = getLogger('API.CM');
+    return this.dfareporting;
+  }
+
+  /**
+   * Gets the auth object.
+   * @return {!Promise<{!OAuth2Client|!JWT|!Compute}>}
+   */
+  async getAuth_() {
+    if (this.auth) return this.auth;
+    await this.authClient.prepareCredentials();
+    this.auth = this.authClient.getDefaultAuth();
+    return this.auth;
   }
 
   /**
@@ -105,13 +125,14 @@ class DfaReporting {
    * @return {!Promise<string>}
    */
   async getProfileId(accountId) {
-    const {data: {items}} = await this.instance.userProfiles.list();
+    const dfareporting = await this.getApiClient_();
+    const { data: { items } } = await dfareporting.userProfiles.list();
     const profiles = items.filter(
         (profile) => profile.accountId === accountId
     );
     if (profiles.length === 0) {
-      throw new Error(`Fail to find profile of current user for CM account ${
-          accountId}`);
+      throw new Error(
+        `Failed to find profile of current user for CM account ${accountId}`);
     } else {
       const {profileId, userName, accountId, accountName,} = profiles[0];
       this.logger.debug(`Find UserProfile: ${profileId}[${userName}] for`
@@ -166,7 +187,8 @@ class DfaReporting {
         numberOfLines: lines.length,
       };
       try {
-        const response = await this.instance.conversions.batchinsert({
+        const dfareporting = await this.getApiClient_();
+        const response = await dfareporting.conversions.batchinsert({
           profileId: config.profileId,
           requestBody: requestBody,
         });
@@ -194,9 +216,9 @@ class DfaReporting {
    * ConversionStatus object. This function extras failed lines and error
    * messages based on the 'errors'.
    * For 'ConversionStatus', see:
-   *   https://developers.google.com/doubleclick-advertisers/rest/v3.5/ConversionStatus
+   *   https://developers.google.com/doubleclick-advertisers/rest/v4/ConversionStatus
    * For 'ConversionError', see:
-   *   https://developers.google.com/doubleclick-advertisers/rest/v3.5/ConversionStatus#ConversionError
+   *   https://developers.google.com/doubleclick-advertisers/rest/v4/ConversionStatus#ConversionError
    * @param {!BatchResult} batchResult
    * @param {!Array<!Schema$ConversionStatus>} statuses
    * @param {!Array<string>} lines The original input data.
@@ -232,7 +254,8 @@ class DfaReporting {
    * @return {!Promise<!Array<string>>}
    */
   async listUserProfiles() {
-    const {data: {items}} = await this.instance.userProfiles.list();
+    const dfareporting = await this.getApiClient_();
+    const { data: { items } } = await dfareporting.userProfiles.list();
     return items.map(({profileId, userName, accountId, accountName}) => {
       return `Profile: ${profileId}[${userName}] `
           + `Account: ${accountId}[${accountName}]`;
@@ -261,7 +284,7 @@ class DfaReporting {
    * Runs a report and return the file Id. As an asynchronized process, the
    * returned file Id will be a placeholder until the status changes to
    * 'REPORT_AVAILABLE' in the response of `getFile`.
-   * @see https://developers.google.com/doubleclick-advertisers/rest/v3.5/reports/run
+   * @see https://developers.google.com/doubleclick-advertisers/rest/v4/reports/run
    *
    * @param {{
    *   accountId:(string|undefined),
@@ -272,7 +295,8 @@ class DfaReporting {
    */
   async runReport(config) {
     const profileId = await this.getProfileForOperation_(config);
-    const response = await this.instance.reports.run({
+    const dfareporting = await this.getApiClient_();
+    const response = await dfareporting.reports.run({
       profileId,
       reportId: config.reportId,
       synchronous: false,
@@ -282,9 +306,9 @@ class DfaReporting {
 
   /**
    * Returns file url from a report. If the report status is 'REPORT_AVAILABLE',
-   * then return the apiUrl from the response; if the status is 'PROCESSING',
-   * returns undefined; otherwise throws an error.
-   * @see https://developers.google.com/doubleclick-advertisers/rest/v3.5/reports/get
+   * then return the apiUrl from the response; if the status is 'PROCESSING' or
+   * 'QUEUED', returns undefined as it is unfinished; otherwise throws an error.
+   * @see https://developers.google.com/doubleclick-advertisers/rest/v4/reports/get
    *
    * @param {{
    *   accountId:(string|undefined),
@@ -296,13 +320,14 @@ class DfaReporting {
    */
   async getReportFileUrl(config) {
     const profileId = await this.getProfileForOperation_(config);
-    const response = await this.instance.reports.files.get({
+    const dfareporting = await this.getApiClient_();
+    const response = await dfareporting.reports.files.get({
       profileId,
       reportId: config.reportId,
       fileId: config.fileId,
     });
-    const {data} = response;
-    if (data.status === 'PROCESSING') return;
+    const { data } = response;
+    if (data.status === 'PROCESSING' || data.status === 'QUEUED') return;
     if (data.status === 'REPORT_AVAILABLE') return data.urls.apiUrl;
     throw new Error(`Unsupported report status: ${data.status}`);
   }
@@ -314,7 +339,8 @@ class DfaReporting {
    * @return {!Promise<string>}
    */
   async downloadReportFile(url) {
-    const headers = await this.auth.getRequestHeaders();
+    const auth = await this.getAuth_();
+    const headers = await auth.getRequestHeaders();
     const response = await request({
       method: 'GET',
       headers,

package/src/apis/doubleclick_bidmanager.js

@@ -21,6 +21,7 @@
 
 const {google} = require('googleapis');
 const AuthClient = require('./auth_client.js');
+const { getLogger } = require('../components/utils.js');
 
 const API_SCOPES = Object.freeze([
   'https://www.googleapis.com/auth/doubleclickbidmanager',
@@ -62,13 +63,24 @@ class DoubleClickBidManager {
    *     variables.
    */
   constructor(env = process.env) {
-    const authClient = new AuthClient(API_SCOPES, env);
-    const auth = authClient.getDefaultAuth();
-    /** @const {!google.doubleclickbidmanager} */
-    this.instance = google.doubleclickbidmanager({
+    this.authClient = new AuthClient(API_SCOPES, env);
+    this.logger = getLogger('API.DV3');
+  }
+
+  /**
+   * Prepares the Google DBM instance.
+   * @return {!google.doubleclickbidmanager}
+   * @private
+   */
+  async getApiClient_() {
+    if (this.doubleclickbidmanager) return this.doubleclickbidmanager;
+    await this.authClient.prepareCredentials();
+    this.logger.debug(`Initialized ${this.constructor.name} instance.`);
+    this.doubleclickbidmanager = google.doubleclickbidmanager({
       version: API_VERSION,
-      auth,
+      auth: this.authClient.getDefaultAuth(),
     });
+    return this.doubleclickbidmanager;
   }
 
   /**
@@ -80,7 +92,8 @@ class DoubleClickBidManager {
    * @return {!Promise<boolean>} Whether it starts successfully.
    */
   async runQuery(queryId, requestBody = undefined) {
-    const response = await this.instance.queries.runquery(
+    const doubleclickbidmanager = await this.getApiClient_();
+    const response = await doubleclickbidmanager.queries.runquery(
         {queryId, requestBody});
     return response.status >= 200 && response.status < 300;
   }
@@ -88,12 +101,13 @@ class DoubleClickBidManager {
   /**
    * Gets a query resource.
    * See https://developers.google.com/bid-manager/v1.1/queries/getquery
-   * @param {number} queryId
+   * @param {number} queryId Id of the query.
    * @return {!Promise<!QueryResource>} Query resource, see
    *     https://developers.google.com/bid-manager/v1.1/queries#resource
    */
   async getQuery(queryId) {
-    const response = await this.instance.queries.getquery({queryId});
+    const doubleclickbidmanager = await this.getApiClient_();
+    const response = await doubleclickbidmanager.queries.getquery({ queryId });
     return response.data.metadata;
   }
 
@@ -104,7 +118,8 @@ class DoubleClickBidManager {
    * @return {!Promise<number>} Id of created query.
    */
   async createQuery(query) {
-    const response = await this.instance.queries.createquery(
+    const doubleclickbidmanager = await this.getApiClient_();
+    const response = await doubleclickbidmanager.queries.createquery(
         {requestBody: query});
     return response.data.queryId;
   }
@@ -115,8 +130,9 @@ class DoubleClickBidManager {
    * @return {!Promise<boolean>} Whether the query was deleted.
    */
   async deleteQuery(queryId) {
+    const doubleclickbidmanager = await this.getApiClient_();
     try {
-      await this.instance.queries.deletequery({ queryId });
+      await doubleclickbidmanager.queries.deletequery({ queryId });
       return true;
     } catch (error) {
       console.error(error);

package/src/apis/doubleclick_search.js

@@ -126,17 +126,34 @@ class DoubleClickSearch {
    *     variables.
    */
   constructor(env = process.env) {
-    const authClient = new AuthClient(API_SCOPES, env);
-    this.auth = authClient.getDefaultAuth();
-    /** @const {!google.doubleclicksearch} */
-    this.instance = google.doubleclicksearch({
+    this.authClient = new AuthClient(API_SCOPES, env);
+    this.logger = getLogger('API.DS');
+  }
+
+  /**
+   * Prepares the Google SA360 instance.
+   * @return {!google.doubleclicksearch}
+   * @private
+   */
+  async getApiClient_() {
+    if (this.doubleclicksearch) return this.doubleclicksearch;
+    this.logger.debug(`Initialized ${this.constructor.name} instance.`);
+    this.doubleclicksearch = google.doubleclicksearch({
       version: API_VERSION,
-      auth: this.auth,
+      auth: await this.getAuth_(),
     });
-    /**
-     * Logger object from 'log4js' package where this type is not exported.
-     */
-    this.logger = getLogger('API.DS');
+    return this.doubleclicksearch;
+  }
+
+  /**
+   * Gets the auth object.
+   * @return {!Promise<{!OAuth2Client|!JWT|!Compute}>}
+   */
+  async getAuth_() {
+    if (this.auth) return this.auth;
+    await this.authClient.prepareCredentials();
+    this.auth = this.authClient.getDefaultAuth();
+    return this.auth;
   }
 
   /**
@@ -155,7 +172,8 @@ class DoubleClickSearch {
     });
     this.logger.debug('Sending out availabilities', availabilities);
     try {
-      const response = await this.instance.conversion.updateAvailability(
+      const doubleclicksearch = await this.getApiClient_();
+      const response = await doubleclicksearch.conversion.updateAvailability(
           {requestBody: {availabilities}});
       this.logger.debug('Get response: ', response);
       return response.status === 200;
@@ -203,7 +221,8 @@ class DoubleClickSearch {
         numberOfLines: lines.length,
       };
       try {
-        const response = await this.instance.conversion.insert(
+        const doubleclicksearch = await this.getApiClient_();
+        const response = await doubleclicksearch.conversion.insert(
             {requestBody: {conversion: conversions}}
         );
         this.logger.debug('Response: ', response);
@@ -303,7 +322,8 @@ class DoubleClickSearch {
    * @return {!Promise<string>}
    */
   async requestReports(requestBody) {
-    const {status, data} = await this.instance.reports.request({requestBody});
+    const doubleclicksearch = await this.getApiClient_();
+    const { status, data } = await doubleclicksearch.reports.request({ requestBody });
     if (status >= 200 && status < 300) {
       return data.id;
     }
@@ -321,7 +341,8 @@ class DoubleClickSearch {
    * }>>}
    */
   async getReportUrls(reportId) {
-    const {status, data} = await this.instance.reports.get({reportId});
+    const doubleclicksearch = await this.getApiClient_();
+    const { status, data } = await doubleclicksearch.reports.get({ reportId });
     switch (status) {
       case 200:
         const {rowCount, files} = data;
@@ -346,7 +367,8 @@ class DoubleClickSearch {
    * @return {!Promise<string>}
    */
   async getReportFile(reportId, reportFragment) {
-    const response = await this.instance.reports.getFile(
+    const doubleclicksearch = await this.getApiClient_();
+    const response = await doubleclicksearch.reports.getFile(
         {reportId, reportFragment});
     if (response.status === 200) return response.data;
     const errorMsg =
@@ -363,7 +385,8 @@ class DoubleClickSearch {
    * @return {!Promise<ReadableStream>}
    */
   async getReportFileStream(url) {
-    const headers = await this.auth.getRequestHeaders();
+    const auth = await this.getAuth_();
+    const headers = await auth.getRequestHeaders();
     const response = await request({
       method: 'GET',
       headers,

package/src/apis/google_ads.js

@@ -251,14 +251,9 @@ class GoogleAds {
    *     variables.
    */
   constructor(developerToken, debugMode = false, env = process.env) {
+    this.developerToken = developerToken;
     this.debugMode = debugMode;
-    const oauthClient = new AuthClient(API_SCOPES, env).getOAuth2Token();
-    /** @const {GoogleAdsApi} */ this.apiClient = new GoogleAdsApi({
-      client_id: oauthClient.clientId,
-      client_secret: oauthClient.clientSecret,
-      developer_token: developerToken,
-    });
-    /** @const {string} */ this.refreshToken = oauthClient.refreshToken;
+    this.authClient = new AuthClient(API_SCOPES, env);
     this.logger = getLogger('API.ADS');
     this.logger.debug(`Init ${this.constructor.name} with Debug Mode.`);
   }
@@ -272,7 +267,8 @@ class GoogleAds {
    * @return {!ReadableStream}
    */
   async getReport(customerId, loginCustomerId, reportQueryConfig) {
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     return customer.report(reportQueryConfig);
   }
 
@@ -284,7 +280,8 @@ class GoogleAds {
    * @return {!ReadableStream}
    */
   async generatorReport(customerId, loginCustomerId, reportQueryConfig) {
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     return customer.reportStream(reportQueryConfig);
   }
 
@@ -296,7 +293,8 @@ class GoogleAds {
    * @return {!ReadableStream}
    */
   async streamReport(customerId, loginCustomerId, reportQueryConfig) {
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     return customer.reportStreamRaw(reportQueryConfig);
   }
 
@@ -313,7 +311,7 @@ class GoogleAds {
    */
   async searchMetaData(loginCustomerId, adFields, metadata = [
     'name', 'data_type', 'is_repeated', 'type_url',]) {
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId);
+    const customer = await this.getGoogleAdsApiCustomer_(loginCustomerId);
     const selectClause = metadata.join(',');
     const fields = adFields.join('","');
     const query = `SELECT ${selectClause} WHERE name IN ("${fields}")`;
@@ -560,9 +558,10 @@ class GoogleAds {
    * @param {string} loginCustomerId Login customer account ID (Mcc Account id).
    * @return {!Promise<!UploadCallConversionsResponse>}
    */
-  uploadCallConversions(callConversions, customerId, loginCustomerId) {
+  async uploadCallConversions(callConversions, customerId, loginCustomerId) {
     this.logger.debug('Upload call conversions for customerId:', customerId);
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     const request = new UploadCallConversionsRequest({
       conversions: callConversions,
       customer_id: customerId,
@@ -581,9 +580,10 @@ class GoogleAds {
    * @param {string} loginCustomerId Login customer account ID (Mcc Account id).
    * @return {!Promise<!UploadClickConversionsResponse>}
    */
-  uploadClickConversions(clickConversions, customerId, loginCustomerId) {
+  async uploadClickConversions(clickConversions, customerId, loginCustomerId) {
     this.logger.debug('Upload click conversions for customerId:', customerId);
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     const request = new UploadClickConversionsRequest({
       conversions: clickConversions,
       customer_id: customerId,
@@ -603,11 +603,12 @@ class GoogleAds {
    * @param {string} loginCustomerId Login customer account ID (Mcc Account id).
    * @return {!Promise<!UploadConversionAdjustmentsResponse>}
    */
-  uploadConversionAdjustments(conversionAdjustments, customerId,
+  async uploadConversionAdjustments(conversionAdjustments, customerId,
       loginCustomerId) {
     this.logger.debug('Upload conversion adjustments for customerId:',
         customerId);
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     const request = new UploadConversionAdjustmentsRequest({
       conversion_adjustments: conversionAdjustments,
       customer_id: customerId,
@@ -626,7 +627,8 @@ class GoogleAds {
    * @return {Promise<number|undefined>} Returns undefined if can't find tag.
    */
   async getConversionCustomVariableId(tag, customerId, loginCustomerId) {
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     const customVariables = await customer.query(`
         SELECT conversion_custom_variable.id,
                conversion_custom_variable.tag
@@ -692,7 +694,8 @@ class GoogleAds {
       validate_only: this.debugMode, // when true makes no changes
       partial_failure: true, // Will still create the non-failed entities
     };
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     const response = await customer.userLists.create([userList], options);
     const { results, partial_failure_error: failed } = response;
     if (this.logger.isDebugEnabled()) {
@@ -775,7 +778,8 @@ class GoogleAds {
     const userListId = customerMatchConfig.list_id;
     const operation = customerMatchConfig.operation;
 
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     const operationsList = this.buildOperationsList_(operation,
         customerMatchRecords);
     const metadata = this.buildCustomerMatchUserListMetadata_(customerId,
@@ -893,8 +897,8 @@ class GoogleAds {
     const customerId = this.getCleanCid_(config.customer_id);
     const { list_id: userListId, type } = config;
     this.logger.debug('Creating OfflineUserDataJob for CID:', customerId);
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
-    // if()CUSTOMER_MATCH_USER_LIST
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     const job = OfflineUserDataJob.create({
       type,
     });
@@ -936,7 +940,8 @@ class GoogleAds {
     const loginCustomerId = this.getCleanCid_(config.login_customer_id);
     const customerId = this.getCleanCid_(config.customer_id);
     const operation = config.operation;
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     const operationsList = this.buildOperationsList_(operation, records);
     const request = AddOfflineUserDataJobOperationsRequest.create({
       resource_name: jobResourceName,
@@ -961,7 +966,8 @@ class GoogleAds {
   async runOfflineUserDataJob(config, jobResourceName) {
     const loginCustomerId = this.getCleanCid_(config.login_customer_id);
     const customerId = this.getCleanCid_(config.customer_id);
-    const customer = this.getGoogleAdsApiCustomer_(loginCustomerId, customerId);
+    const customer = await this.getGoogleAdsApiCustomer_(
+      loginCustomerId, customerId);
     const request = RunOfflineUserDataJobRequest.create({
       resource_name: jobResourceName,
       validate_only: false,//this.debugMode,
@@ -1025,13 +1031,22 @@ class GoogleAds {
    * @return {GoogleAdsApi.Customer}
    * @private
    */
-  getGoogleAdsApiCustomer_(loginCustomerId, customerId = loginCustomerId) {
-    const googleAdsApiClient = this.apiClient;
-    return googleAdsApiClient.Customer({
+  async getGoogleAdsApiCustomer_(loginCustomerId, customerId = loginCustomerId) {
+    if (this.googleAds) return this.googleAds;
+    await this.authClient.prepareCredentials();
+    const oauthClient = await this.authClient.getOAuth2Token();
+    /** @const {GoogleAdsApi} */
+    const googleAdsApiClient = new GoogleAdsApi({
+      client_id: oauthClient.clientId,
+      client_secret: oauthClient.clientSecret,
+      developer_token: this.developerToken,
+    });
+    this.googleAds = googleAdsApiClient.Customer({
       customer_id: customerId,
       login_customer_id: loginCustomerId,
-      refresh_token: this.refreshToken,
+      refresh_token: oauthClient.refreshToken,
     });
+    return this.googleAds;
   }
 
 }

package/src/apis/spreadsheets.js

@@ -73,33 +73,43 @@ class Spreadsheets {
   constructor(spreadsheetId, env = process.env) {
     /** @const {string} */
     this.spreadsheetId = spreadsheetId;
-    const authClient = new AuthClient(API_SCOPES, env);
-    const auth = authClient.getDefaultAuth();
-    /** @const {!!google.sheets} */
-    this.instance = google.sheets({
-      version: API_VERSION,
-      auth,
-    });
+    this.authClient = new AuthClient(API_SCOPES, env);
     /**
      * Logger object from 'log4js' package where this type is not exported.
      */
     this.logger = getLogger('API.GS');
-    this.logger.debug(`Init ${this.constructor.name} for ${
-        this.spreadsheetId} in Debug Mode.`);
+  }
+
+  /**
+   * Prepares the Google Sheets instance.
+   * @return {!google.sheets}
+   * @private
+   */
+  async getApiClient_() {
+    if (this.sheets) return this.sheets;
+    await this.authClient.prepareCredentials();
+    this.logger.debug(`Initialized ${this.constructor.name} instance.`);
+    this.sheets = google.sheets({
+      version: API_VERSION,
+      auth: this.authClient.getDefaultAuth(),
+    });
+    return this.sheets;
   }
 
   /**
    * Gets the Sheet Id of the given Spreadsheet and possible Sheet name. If the
    * Sheet name is missing, it will return the first Sheet's Id.
    * @param {string} sheetName Name of the Sheet.
-   * @return {!Promise<number>} Sheet Id.
+   * @return {!Promise<number>} The ID for the sheet that is unique to the
+   *   spreadsheet.
    */
   async getSheetId(sheetName) {
     const request = /** @type{Params$Resource$Spreadsheets$Get} */ {
       spreadsheetId: this.spreadsheetId,
       ranges: sheetName,
     };
-    const response = await this.instance.spreadsheets.get(request);
+    const sheets = await this.getApiClient_();
+    const response = await sheets.spreadsheets.get(request);
     const sheet = response.data.sheets[0];
     this.logger.debug(`Get sheet[${sheetName}]: `, sheet);
     return sheet.properties.sheetId;
@@ -117,7 +127,8 @@ class Spreadsheets {
       range: sheetName,
     };
     try {
-      const response = await this.instance.spreadsheets.values.clear(request);
+      const sheets = await this.getApiClient_();
+      const response = await sheets.spreadsheets.values.clear(request);
       const data = response.data;
       this.logger.debug(`Clear sheet[${sheetName}}]: `, data);
     } catch (error) {
@@ -169,7 +180,8 @@ class Spreadsheets {
       ranges: sheetName,
     };
     try {
-      const response = await this.instance.spreadsheets.get(request);
+      const sheets = await this.getApiClient_();
+      const response = await sheets.spreadsheets.get(request);
       const sheet = response.data.sheets[0];
       const sheetId = sheet.properties.sheetId;
       const rowCount = sheet.properties.gridProperties.rowCount;
@@ -191,7 +203,7 @@ class Spreadsheets {
               columnCount}] to [${targetRows}, ${targetColumns}]`,
           JSON.stringify(requests.resource.requests));
       if (requests.resource.requests.length > 0) {
-        const {data} = await this.instance.spreadsheets.batchUpdate(requests);
+        const { data } = await sheets.spreadsheets.batchUpdate(requests);
         this.logger.debug(`Reshape Sheet [${sheetName}]: `, data);
       } else {
         this.logger.debug('No need to reshape.');
@@ -220,7 +232,8 @@ class Spreadsheets {
       numberOfLines: data.trim().split('\n').length,
     };
     try {
-      const response = await this.instance.spreadsheets.batchUpdate(request);
+      const sheets = await this.getApiClient_();
+      const response = await sheets.spreadsheets.batchUpdate(request);
       const data = response.data;
       this.logger.debug(`Batch[${batchId}] uploaded: `, data);
       batchResult.result = true;

package/src/apis/youtube.js

@@ -166,18 +166,29 @@ class YouTube {
    *     variables.
    */
   constructor(env = process.env) {
-    const authClient = new AuthClient(API_SCOPES, env);
-    this.auth = authClient.getDefaultAuth();
-    /** @const {!google.youtube} */
-    this.instance = google.youtube({
-      version: API_VERSION,
-    });
+    this.authClient = new AuthClient(API_SCOPES, env);
     /**
      * Logger object from 'log4js' package where this type is not exported.
      */
     this.logger = getLogger('API.YT');
   }
 
+  /**
+     * Prepares the Google YouTube instance.
+     * @return {!google.youtube}
+     * @private
+     */
+  async getApiClient_() {
+    if (this.youtube) return this.youtube;
+    await this.authClient.prepareCredentials();
+    this.logger.debug(`Initialized ${this.constructor.name} instance.`);
+    this.youtube = google.youtube({
+      version: API_VERSION,
+      auth: this.authClient.getDefaultAuth(),
+    });
+    return this.youtube;
+  }
+
   /**
    * Returns a collection of zero or more channel resources that match the
    * request criteria.
@@ -186,12 +197,11 @@ class YouTube {
    * @return {!Promise<Array<Schema$Channel>>}
    */
   async listChannels(config) {
-    const channelListRequest = Object.assign({
-      auth: this.auth,
-    }, config);
+    const channelListRequest = Object.assign({}, config);
     channelListRequest.part = channelListRequest.part.join(',')
     try {
-      const response = await this.instance.channels.list(channelListRequest);
+      const youtube = await this.getApiClient_();
+      const response = await youtube.channels.list(channelListRequest);
       this.logger.debug('Response: ', response);
       return response.data.items;
     } catch (error) {
@@ -210,12 +220,11 @@ class YouTube {
    * @return {!Promise<Array<Schema$Video>>}
    */
   async listVideos(config) {
-    const videoListRequest = Object.assign({
-      auth: this.auth,
-    }, config);
+    const videoListRequest = Object.assign({}, config);
     videoListRequest.part = videoListRequest.part.join(',')
     try {
-      const response = await this.instance.videos.list(videoListRequest);
+      const youtube = await this.getApiClient_();
+      const response = await youtube.videos.list(videoListRequest);
       this.logger.debug('Response: ', response);
       return response.data.items;
     } catch (error) {
@@ -235,13 +244,11 @@ class YouTube {
    * @return {!Promise<Array<Schema$CommentThread>>}
    */
   async listCommentThreads(config) {
-    const commentThreadsRequest = Object.assign({
-      auth: this.auth,
-    }, config);
+    const commentThreadsRequest = Object.assign({}, config);
     commentThreadsRequest.part = commentThreadsRequest.part.join(',')
     try {
-      const response = await this.instance.commentThreads.list(
-        commentThreadsRequest);
+      const youtube = await this.getApiClient_();
+      const response = await youtube.commentThreads.list(commentThreadsRequest);
       this.logger.debug('Response: ', response.data);
       return response.data.items;
     } catch (error) {
@@ -265,7 +272,7 @@ class YouTube {
     if (resultLimit <= 0) return [];
 
     const playlistsRequest = Object.assign({
-        auth: this.auth,
+        // auth: this.auth,
     }, config, {
         pageToken
     });
@@ -275,8 +282,8 @@ class YouTube {
     }
 
     try {
-      const response = await this.instance.playlists.list(
-        playlistsRequest);
+      const youtube = await this.getApiClient_();
+      const response = await youtube.playlists.list(playlistsRequest);
       this.logger.debug('Response: ', response.data);
       if (response.data.nextPageToken) {
         this.logger.debug(
@@ -310,18 +317,15 @@ class YouTube {
   async listSearchResults(config, resultLimit = 1000, pageToken = null) {
     if (resultLimit <= 0) return [];
 
-    const searchRequest = Object.assign({
-        auth: this.auth,
-    }, config, {
-        pageToken
-    });
+    const searchRequest = Object.assign({}, config, { pageToken });
 
     if (Array.isArray(searchRequest.part)) {
       searchRequest.part = searchRequest.part.join(',');
     }
 
     try {
-      const response = await this.instance.search.list(searchRequest);
+      const youtube = await this.getApiClient_();
+      const response = await youtube.search.list(searchRequest);
       this.logger.debug('Response: ', response.data);
       if (response.data.nextPageToken) {
         this.logger.debug(

package/src/components/pubsub.js

@@ -20,7 +20,13 @@
 'use strict';
 
 const {
-  PubSub, Message, Topic, Subscription, ClientConfig, CreateSubscriptionOptions,
+  PubSub,
+  Message,
+  Topic,
+  Subscription,
+  ClientConfig,
+  CreateSubscriptionOptions,
+  v1: { SubscriberClient },
 } = require('@google-cloud/pubsub');
 
 /**
@@ -28,6 +34,7 @@ const {
  * 1. gets or creates a topic.
  * 2. gets or creates a subscription.
  * 3. publishes a message after confirms the topic exists.
+ * 4. acknowledge message(s).
  */
 class EnhancedPubSub {
   /**
@@ -38,6 +45,8 @@ class EnhancedPubSub {
   constructor(options = undefined) {
     /** @type {!PubSub} */
     this.pubsub = new PubSub(options);
+    /** @type {!SubscriberClient} */
+    this.subClient = new SubscriberClient(options);
   }
 
   /**
@@ -118,6 +127,23 @@ class EnhancedPubSub {
     }
   };
 
+  /**
+   * Using `SubscriberClient` to acknowledge messages.
+   * 2022.11.02 The methon `ack()` in Message doesn't work properly due to a
+   * unknown reason. Use this function to acknowledge a message for now.
+   *
+   * @param {string} subscription Subscription name.
+   * @param {(string|!Array<string>)} ackIds Message ackIds.
+   */
+  async acknowledge(subscription, ackIds) {
+    const projectId = await this.subClient.getProjectId();
+    const ackRequest = {
+      subscription: this.subClient.subscriptionPath(projectId, subscription),
+      ackIds: Array.isArray(ackIds) ? ackIds : [ackIds],
+    };
+    await this.subClient.acknowledge(ackRequest);
+  }
+
   /**
    * Returns a new instance of this class. Using this function to replace
    * constructor to be more friendly to unit tests.

package/src/components/secret_manager.js

@@ -0,0 +1,54 @@
+// Copyright 2022 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+/**
+ * @fileoverview Secret Manager wrapper class.
+ */
+
+const { GoogleAuthOptions } = require('google-auth-library');
+const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
+
+/**
+ * Google Cloud Secret Manager class based on cloud client library.
+ * @see https://cloud.google.com/nodejs/docs/reference/secret-manager/latest
+ * @see https://cloud.google.com/secret-manager/docs/reference/libraries
+ */
+class SecretManager {
+  /**
+   * @constructor
+   * @param {GoogleAuthOptions=} options
+   */
+  constructor(options = {}) {
+    if (!options.projectId) {
+      options.projectId = process.env['GCP_PROJECT'];
+    }
+    this.client = new SecretManagerServiceClient(options);
+  }
+
+  async access(secret, version = 'latest') {
+    const projectId = await this.client.getProjectId();
+    const name = `projects/${projectId}/secrets/${secret}/versions/${version}`;
+    try {
+      const [secretObj] = await this.client.accessSecretVersion({ name });
+      return secretObj.payload.data.toString('utf8');
+    } catch (error) {
+      if (error.details.indexOf('not found') > -1) {
+        return;
+      }
+      throw error;
+    }
+  }
+}
+
+exports.SecretManager = SecretManager;