Skip to main content

Google Cloud Platform

"Google Cloud Platform, offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube."

Configuration

Getting OAuth credentials

The Google OAuth 2.0 system supports server-to-server interactions such as those between a web application and a Google service. For this scenario you need a service account, which is an account that belongs to your application instead of to an individual end user. Your application calls Google APIs on behalf of the service account, so users aren't directly involved. This scenario is sometimes called "two-legged OAuth," or "2LO."

First, create a service account:

  1. Open the Service accounts page.
  2. If prompted, select a project, or create a new one.
  3. Click add Create service account.
  4. Under Service account details, type a name, ID, and description for the service account, then click Create and continue.
  5. Optional: Under Grant this service account access to project, select the IAM roles to grant to the service account.
  6. Click Continue.
  7. Optional: Under Grant users access to this service account, add the users or groups that are allowed to use and manage the service account.
  8. Click Done.
  9. Click add Create key, Click key type JSON, then click Create.
  10. A Private key saved to your computer prompt will display and a json key file will automatically be downloaded. Save this key somewhere safe.

For more advanced permission control

Configuring Google OAuth JWT Credentials in crul

Navigate to the credentials page in crul (top right corner menu -> credentials).

Click the "create" button.

Select "OAuth JWT Grant Type - Google Cloud" from the type dropdown.

Give the credential a "Name" (e.g., gcp)

Copy the json key file text content into the keyfile.json (source) credentials form entry.

Test the credential by running the following query. You should see a populated token.access_token column in the results.

oauth --credential "gcp"

Example queries

These examples use the endpoints described in the Cloud Storage JSON API overview.

Example 1:

Retrieves a list of buckets for a given project.

NOTE: project is a required query paramater and is a valid API project identifier.

oauth --credential "gcp"
|| api get https://storage.googleapis.com/storage/v1/b?project={PROJECT}
--token.access_token "$token.access_token$"
|| normalize items

Example 2:

Retrieves a list of all objects for all buckets.

oauth --credential "gcp"
|| api get https://storage.googleapis.com/storage/v1/b?project={PROJECT}
--token.access_token "$token.access_token$"
|| normalize items
|| api get $selfLink$/o --token.access_token "$token.access_token$"
|| normalize items