add GCS auth example for Cloud Run

lgnbhl · Nov 16, 2022 · a435d80 · a435d80
1 parent b124b97
commit a435d80
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 16 deletions.
diff --git a/R/cloudrun.R b/R/cloudrun.R
@@ -126,19 +126,6 @@ make_endpoint <- function(endbit) {
     )
   }
 
-  endpoints <- c(
-    "us-central1",
-    "asia-northeast1",
-    "europe-west1",
-    "us-east1"
-  )
-  if (!region %in% endpoints) {
-    warning(
-      "Endpoint is not one of ",
-      paste(endpoints, collapse = " "), " got: ", region
-    )
-  }
-
   sprintf(
     "https://%s-run.googleapis.com/apis/serving.knative.dev/v1/%s",
     region, endbit

diff --git a/inst/example/api.R b/inst/example/api.R
@@ -1,14 +1,14 @@
 if(Sys.getenv("PORT") == "") Sys.setenv(PORT = 8000)
 
 #' @get /
-#' @html
+#' @serializer html
 function(){
   "<html><h1>It works!</h1></html>"
 }
 
 
 #' @get /hello
-#' @html
+#' @serializer html
 function(){
   "<html><h1>hello world</h1></html>"
 }
@@ -23,7 +23,7 @@ function(msg=""){
 #' Plot out data from the iris dataset
 #' @param spec If provided, filter the data to only this species (e.g. 'setosa')
 #' @get /plot
-#' @png
+#' @serializer png
 function(spec){
   myData <- iris
   title <- "All Species"
@@ -50,3 +50,27 @@ function(message=NULL){
   googleCloudRunner::cr_plumber_pubsub(message, pub)
 
 }
+
+#' List a Google Cloud Storage bucket as an auth example
+#' @get /gcs_list
+#' @param bucket the bucket to list.  Must be authenticated for this Cloud Run service account
+function(bucket=NULL){
+  if(is.null(bucket)){
+    return("No bucket specified in URL parameter e.g ?bucket=my-bucket")
+  }
+
+  library(googleCloudStorageR)
+
+  auth <- gargle::credentials_gce()
+  if(is.null(auth)){
+    return("Could not authenticate")
+  }
+
+  message("Authenticated with service token")
+
+  # put it into googleCloudStorageR auth
+  gcs_auth(token = auth)
+
+  gcs_list_objects(bucket)
+
+}
diff --git a/vignettes/usecase-r-api-microservices.Rmd b/vignettes/usecase-r-api-microservices.Rmd
@@ -90,6 +90,43 @@ function(region=NULL, industry=NULL){
 }
 ```
 
+### Deploy to Cloud Run and reusing the default authentication
+
+When you deploy to Cloud Run, you can choose which service key the Cloud Run service will run under, the default being the GCE default service key.  This means you can authenticate using this key without needing to upload your own service JSON file.  An example is available in the example Cloud Run app included with the package, deployable via `cr_deploy_plumber(system.file("example", package = "googleCloudRunner"))`
+
+The relevant R code is shown below, which lets you list a Google Cloud Storage bucket within the same GCP project, reusing the default authentication.
+
+```r
+#' List a Google Cloud Storage bucket as an auth example
+#' @get /gcs_list
+#' @param bucket the bucket to list.  Must be authenticated for this Cloud Run service account
+function(bucket=NULL){
+  if(is.null(bucket)){
+    return("No bucket specified in URL parameter e.g ?bucket=my-bucket")
+  }
+
+  library(googleCloudStorageR)
+
+  auth <- gargle::credentials_gce()
+  if(is.null(auth)){
+    return("Could not authenticate")
+  }
+
+  message("Authenticated with service token")
+
+  # put it into googleCloudStorageR auth
+  gcs_auth(token = auth)
+
+  gcs_list_objects(bucket)
+
+}
+```
+
+Once deployed, you can see it listing objects via the endpoint `browseURL("https://{your-app-endpoint}/gcs_list?bucket={your-bucket}")`
+
+
+
+
 #### Deploy plumber API as a private micro-service
 
 The first step is to host the plumber API above.