using gcloud storage on cloud run with ruby

Question

Usually using the google-cloud-storage gem to read/write files

This gem expects a .json service account key path, or an environment variable specifying the path

I was wondering how this could work in a cloudrun context, as the expected environment variable can't reference a static file path. A service account can be specified when deploying to cloudrun, but how to reach the service account info it with such tool ?

Answer 1

This gem expects a .json service account key path, or an environment variable specifying the path

I was wondering how this could work in a cloudrun context, as the expected environment variable can't reference a static file path.

The value of the GOOGLE_CLOUD_CREDENTIALS environment variable can be: "Path to JSON file, or JSON contents". So if you can't reference a static file path, provide the entire contents of your JSON key file as the value for the environment variable.

See google-cloud-storage Authentication for full docs.

Answer 2

While running on Cloud Run (or Compute Engine, Kubernetes Engine, App Engine, Cloud Functions...), you don't need to specify any JSON key files (or the GOOGLE_APPLICATION_CREDENTIALS environment variable). All Google Cloud client libraries automatically get credentials (a token) from the compute platform your app is running on.

In fact this gem’s documentation linked to says:

This library uses Service Account credentials to connect to Google Cloud services. When running on Compute Engine the credentials will be discovered automatically

So you should delete that field in the code, and it should be working on Cloud Run just fine.

---

You need to specify a key file path (or env. variable) if:

• you need want to use a different identity than the default/configured identity of the platform you're running on
  • (e.g. in this case service account you configured for the Cloud Run service)
• while running outside Google Cloud