Is google's credential discovery chain available as a lightweight Clojure lib with a small number of dependencies?
Google's official library pulls in a boat load of stuff, and that irks me 🙂. Also, their Java libs have a extreme amount of indirection and mutable-OOP stuff I'd like to avoid.
According to https://cloud.google.com/docs/authentication/application-default-credentials, and a cursory look at the equivalent Python lib called https://github.com/googleapis/google-auth-library-python/blob/ca94ead4035beea4741dc5384449032f8e6f75d8/google/auth/_default.py#L639-L648, it looks like we should be able to get away with just two functions:
1. A discover-creds fn which looks for creds in these places (in this order):
a. a JSON filepath in GOOGLE_APPLICATION_CREDENTIALS.
b. a JSON file in a well known location: ~/.config/gcloud/application_default_credentials.json (slightly different on windows ofc)
c. If on GAE, calls some GRPC stuff to get data.
d. If on GCE, calls Google's metadata server to get data.
2. A auth-from-creds fn which given the creds and some opts, returns a fn that returns the value of Authorization header to use, caching that value, and refreshing when needed. There are https://github.com/googleapis/google-auth-library-python/blob/ca94ead4035beea4741dc5384449032f8e6f75d8/google/auth/_default.py#L33-L38, identified by the value of the type key in the creds.
Except for requiring GRPC in GAE, I don't see any reason why anything other than an HTTP client and a JSON lib are required to implement this.
And besides, Google seems to auto-include a GRPC lib when running in GAE.
Is there such a lightweight option already available, that I'm not seeing?
Yeah we've had good luck with - I don't think it pulls in many deps (compare to some of the Google Java libraries which seem to pull in everything!)
com.google.auth/google-auth-library-oauth2-http
I’m not at my computer right now but there’s a library that’s a core dep of GCP Java SDK which only deals with auth, that might be sufficient. Just my 2c: In my experience Cloud SDK libraries aren’t that bad - at work I maintain internal wrappers for PubSub, GCS, Vertex and couple of others.