Google Cloud Programmatic Access from Java: Difference between revisions
Jump to navigation
Jump to search
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=External= | =External= | ||
* https://googleapis.dev/java/google-cloud-clients/latest/index.html | * https://googleapis.dev/java/google-cloud-clients/latest/index.html | ||
* https://googleapis.dev/java/google-api-client/latest/com/google/api/client/googleapis/auth/oauth2/package-frame.html | |||
* https://googleapis.dev/java/google-auth-library/latest/com/google/auth/oauth2/ServiceAccountCredentials.html | |||
* https://github.com/googleapis/google-cloud-java | * https://github.com/googleapis/google-cloud-java | ||
Line 22: | Line 24: | ||
} | } | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=Maven= | |||
<syntaxhighlight lang='xml'> | |||
<dependencyManagement> | |||
<dependencies> | |||
<dependency> | |||
<groupId>com.google.cloud</groupId> | |||
<artifactId>libraries-bom</artifactId> | |||
<version>22.0.0</version> | |||
<type>pom</type> | |||
<scope>import</scope> | |||
</dependency> | |||
</dependencies> | |||
</dependencyManagement> | |||
<dependencies> | |||
<dependency> | |||
<groupId>com.google.cloud</groupId> | |||
<artifactId>google-cloud-storage</artifactId> | |||
</dependency> | |||
<dependencies> | |||
</syntaxhighlight> | |||
=Client Authentication= | =Client Authentication= | ||
<font color=darkgray>Integrate with [[Google Cloud Authentication for Programmatic Access]]</font> | |||
The programmatic client needs to assume the identity of an already existing [[Google_Cloud_Identity_and_Access_Management_Concepts#Service_Account|service account]] that has sufficient permissions to access the desired resource. | The programmatic client needs to assume the identity of an already existing [[Google_Cloud_Identity_and_Access_Management_Concepts#Service_Account|service account]] that has sufficient permissions to access the desired resource. | ||
The service account can be created, if it does not exist already, with <code>[[Google_Cloud_Identity_and_Access_Management_Operations#Create_Service_Account|gcloud iam service-accounts create]]</code>. The service account can then be granted permissions on resource with <code>[[Google_Cloud_Identity_and_Access_Management_Operations#Give_Service_Account_Permissions_on_a_Project|gcloud projects add-iam-policy-binding]]</code>. A key file for the service account can be generated with <code>[[Google_Cloud_Identity_and_Access_Management_Operations#Generate_a_Key_File_for_Service_Account|gcloud iam service-accounts keys create]]</code>. | The service account can be created, if it does not exist already, with <code>[[Google_Cloud_Identity_and_Access_Management_Operations#Create_Service_Account|gcloud iam service-accounts create]]</code>. The service account can then be granted permissions on resource with <code>[[Google_Cloud_Identity_and_Access_Management_Operations#Give_Service_Account_Permissions_on_a_Project|gcloud projects add-iam-policy-binding]]</code>. A key file for the service account can be generated with <code>[[Google_Cloud_Identity_and_Access_Management_Operations#Generate_a_Key_File_for_Service_Account|gcloud iam service-accounts keys create]]</code>. | ||
Once the service account key file exists, the programmatic client is configured with the key file by setting the <code></code> environment variable: | Once the service account [[Google_Cloud_Identity_and_Access_Management_Concepts#Service_Account_Key_File|key file exists]], the programmatic client is configured with the key file by setting the <code></code> environment variable: | ||
<syntaxhighlight lang='bash'> | <syntaxhighlight lang='bash'> | ||
export GOOGLE_APPLICATION_CREDENTIALS="/Users/someuser/tmp/test-sa-key-file.json" | |||
</syntaxhighlight> | |||
===Authentication Test Code=== | |||
<syntaxhighlight lang='java'> | |||
import com.google.api.gax.paging.Page; | |||
import com.google.cloud.storage.Bucket; | |||
import com.google.cloud.storage.Storage; | |||
import com.google.cloud.storage.StorageOptions; | |||
public class Main { | |||
public static void main(String[] args) { | |||
Storage storage = StorageOptions.getDefaultInstance().getService(); | |||
System.out.println("Buckets:"); | |||
Page<Bucket> buckets = storage.list(); | |||
for (Bucket bucket : buckets.iterateAll()) { | |||
System.out.println(bucket.toString()); | |||
} | |||
} | |||
} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Alternatively, the client can be explicitly configured. |
Latest revision as of 16:17, 8 September 2021
External
- https://googleapis.dev/java/google-cloud-clients/latest/index.html
- https://googleapis.dev/java/google-api-client/latest/com/google/api/client/googleapis/auth/oauth2/package-frame.html
- https://googleapis.dev/java/google-auth-library/latest/com/google/auth/oauth2/ServiceAccountCredentials.html
- https://github.com/googleapis/google-cloud-java
Internal
Overview
Service-Specific Libraries
Supported Java Versions
Gradle
repositories {
mavenCentral()
}
dependencies {
implementation platform('com.google.cloud:libraries-bom:21.0.0')
implementation 'com.google.cloud:google-cloud-storage'
}
Maven
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>libraries-bom</artifactId>
<version>22.0.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>com.google.cloud</groupId>
<artifactId>google-cloud-storage</artifactId>
</dependency>
<dependencies>
Client Authentication
Integrate with Google Cloud Authentication for Programmatic Access
The programmatic client needs to assume the identity of an already existing service account that has sufficient permissions to access the desired resource.
The service account can be created, if it does not exist already, with gcloud iam service-accounts create
. The service account can then be granted permissions on resource with gcloud projects add-iam-policy-binding
. A key file for the service account can be generated with gcloud iam service-accounts keys create
.
Once the service account key file exists, the programmatic client is configured with the key file by setting the environment variable:
export GOOGLE_APPLICATION_CREDENTIALS="/Users/someuser/tmp/test-sa-key-file.json"
Authentication Test Code
import com.google.api.gax.paging.Page;
import com.google.cloud.storage.Bucket;
import com.google.cloud.storage.Storage;
import com.google.cloud.storage.StorageOptions;
public class Main {
public static void main(String[] args) {
Storage storage = StorageOptions.getDefaultInstance().getService();
System.out.println("Buckets:");
Page<Bucket> buckets = storage.list();
for (Bucket bucket : buckets.iterateAll()) {
System.out.println(bucket.toString());
}
}
}
Alternatively, the client can be explicitly configured.