From a435d801b9eb10eb2acd8977a4c38d890e79795c Mon Sep 17 00:00:00 2001 From: Mark Date: Wed, 16 Nov 2022 11:35:23 +0100 Subject: [PATCH] add GCS auth example for Cloud Run --- R/cloudrun.R | 13 -------- inst/example/api.R | 30 ++++++++++++++++-- vignettes/usecase-r-api-microservices.Rmd | 37 +++++++++++++++++++++++ 3 files changed, 64 insertions(+), 16 deletions(-) diff --git a/R/cloudrun.R b/R/cloudrun.R index c253c3fe..4ca4a020 100644 --- a/R/cloudrun.R +++ b/R/cloudrun.R @@ -126,19 +126,6 @@ make_endpoint <- function(endbit) { ) } - endpoints <- c( - "us-central1", - "asia-northeast1", - "europe-west1", - "us-east1" - ) - if (!region %in% endpoints) { - warning( - "Endpoint is not one of ", - paste(endpoints, collapse = " "), " got: ", region - ) - } - sprintf( "https://%s-run.googleapis.com/apis/serving.knative.dev/v1/%s", region, endbit diff --git a/inst/example/api.R b/inst/example/api.R index 853e2328..0da09cbb 100644 --- a/inst/example/api.R +++ b/inst/example/api.R @@ -1,14 +1,14 @@ if(Sys.getenv("PORT") == "") Sys.setenv(PORT = 8000) #' @get / -#' @html +#' @serializer html function(){ "

It works!

" } #' @get /hello -#' @html +#' @serializer html function(){ "

hello world

" } @@ -23,7 +23,7 @@ function(msg=""){ #' Plot out data from the iris dataset #' @param spec If provided, filter the data to only this species (e.g. 'setosa') #' @get /plot -#' @png +#' @serializer png function(spec){ myData <- iris title <- "All Species" @@ -50,3 +50,27 @@ function(message=NULL){ googleCloudRunner::cr_plumber_pubsub(message, pub) } + +#' List a Google Cloud Storage bucket as an auth example +#' @get /gcs_list +#' @param bucket the bucket to list. Must be authenticated for this Cloud Run service account +function(bucket=NULL){ + if(is.null(bucket)){ + return("No bucket specified in URL parameter e.g ?bucket=my-bucket") + } + + library(googleCloudStorageR) + + auth <- gargle::credentials_gce() + if(is.null(auth)){ + return("Could not authenticate") + } + + message("Authenticated with service token") + + # put it into googleCloudStorageR auth + gcs_auth(token = auth) + + gcs_list_objects(bucket) + +} diff --git a/vignettes/usecase-r-api-microservices.Rmd b/vignettes/usecase-r-api-microservices.Rmd index 6fe9f832..ccf52c93 100644 --- a/vignettes/usecase-r-api-microservices.Rmd +++ b/vignettes/usecase-r-api-microservices.Rmd @@ -90,6 +90,43 @@ function(region=NULL, industry=NULL){ } ``` +### Deploy to Cloud Run and reusing the default authentication + +When you deploy to Cloud Run, you can choose which service key the Cloud Run service will run under, the default being the GCE default service key. This means you can authenticate using this key without needing to upload your own service JSON file. An example is available in the example Cloud Run app included with the package, deployable via `cr_deploy_plumber(system.file("example", package = "googleCloudRunner"))` + +The relevant R code is shown below, which lets you list a Google Cloud Storage bucket within the same GCP project, reusing the default authentication. + +```r +#' List a Google Cloud Storage bucket as an auth example +#' @get /gcs_list +#' @param bucket the bucket to list. Must be authenticated for this Cloud Run service account +function(bucket=NULL){ + if(is.null(bucket)){ + return("No bucket specified in URL parameter e.g ?bucket=my-bucket") + } + + library(googleCloudStorageR) + + auth <- gargle::credentials_gce() + if(is.null(auth)){ + return("Could not authenticate") + } + + message("Authenticated with service token") + + # put it into googleCloudStorageR auth + gcs_auth(token = auth) + + gcs_list_objects(bucket) + +} +``` + +Once deployed, you can see it listing objects via the endpoint `browseURL("https://{your-app-endpoint}/gcs_list?bucket={your-bucket}")` + + + + #### Deploy plumber API as a private micro-service The first step is to host the plumber API above.