feat(storage): Support GCS Get Service Account#5738
Conversation
product-auto-label
Bot
added
the
api: storage
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request implements the get_service_account API for the GCS client, allowing users to fetch the service account email address for a given project. The review feedback highlights three main issues: a compilation error when passing a LazyLock<String> to HeaderValue::from_static, a potential double-prefix bug in tracing if the projects/ prefix is not stripped early, and a lack of percent-encoding for project IDs containing domain names.
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #5738 +/- ##
==========================================
- Coverage 97.88% 97.80% -0.08%
==========================================
Files 226 227 +1
Lines 55797 56011 +214
==========================================
+ Hits 54619 54784 +165
- Misses 1178 1227 +49 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
ccbcqbz
force-pushed
the
branch-get-service-account
branch
from
f1af51a to
4965ea4
Compare
|
In Rust, it is possible to have https://doc.rust-lang.org/reference/items/implementations.html#r-items.impl.inherent.coherence Therefore, even if there is an I would not want to put a control-plane function in the data-plane client, unless there is really no way to put it in Can you try putting this on |
Hi @joshuatants , thanks for the comments. You're right, we can add new methods to handwritten For example, compilation will fail for generated client when adding a new field to the handwritten client: And the project service account retrieval is a GCS JSON/REST-only feature ( This also likely explains why other language SDKs have implemented this feature in the storage client, despite it functionally being more of a control plane operation. |
coryan
left a comment
coryan
left a comment
There was a problem hiding this comment.
i think it may be better to implement this function in the gRPC API and then let the generator do its job. @joshuatants this is your call.
| pub(crate) mod checksum; | ||
| pub(crate) mod client; | ||
| pub(crate) mod common_options; | ||
| pub mod get_service_account; |
There was a problem hiding this comment.
That makes the module public, which you may not want to do.
There was a problem hiding this comment.
Good catch. I've changed it to internal.
| let project = project_id()?; | ||
|
|
||
| tracing::info!("testing get_service_account() for project: {project}"); | ||
| let email = client.get_service_account(project).send().await?; |
There was a problem hiding this comment.
All the other APIs consume projects/_/buckets/{bucket_id} or anywhere cache names that are fully qualified. That is intentional, to keep the generated StorageControl working without a hand-written layer. Consider changing this to projects/{project}.
| #[serde(flatten)] | ||
| pub unknown_fields: std::collections::HashMap<String, serde_json::Value>, |
| #[serde(default, rename_all = "camelCase")] | ||
| pub(crate) struct ProjectServiceAccount { | ||
| pub kind: String, | ||
| #[serde(rename = "email_address")] |
There was a problem hiding this comment.
Maybe
| #[serde(default, rename_all = "camelCase")] | |
| pub(crate) struct ProjectServiceAccount { | |
| pub kind: String, | |
| #[serde(rename = "email_address")] | |
| pub(crate) struct ProjectServiceAccount { | |
| pub kind: String, |
No sense in specifying the field name format and then overriding the format for the one field name where it matters?
| /// Implements [crate::client::Storage::get_service_account]. | ||
| fn get_service_account( | ||
| &self, | ||
| _project: String, |
There was a problem hiding this comment.
You want something like:
| _project: String, | |
| _request: GetServiceAccountRequest, |
Because the thing may receive a request in the future.
| /// # Design Note (Architectural Exception): | ||
| /// Logically, this administrative operation belongs to the control plane (`StorageControl`). | ||
| /// However, since the GCS gRPC control plane does not support project service account retrieval, | ||
| /// we place it here in the handwritten REST client to avoid altering machine-generated code. |
There was a problem hiding this comment.
This does not belong in the public documentation...
| /// # Parameters | ||
| /// * `project` - the Project ID or project number. |
There was a problem hiding this comment.
| /// # Parameters | |
| /// * `project` - the Project ID or project number. | |
| /// # Parameters | |
| /// * `project` - the project name, either `projects/{projectId}` or `projects/{projectNumber}`. | |
| /// See [The project resource] for more information about projects and their identifiers. | |
| /// | |
| /// [The project resource]: https://docs.cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy#projects |
Thanks @coryan . Chatted with the rest of the SDK team. We agreed that we'll skip this API for now and try to get it implemented in the gRPC API. Appreciate the work @ccbcqbz ! |
3 participants
feat(storage): Support GCS Get Service Account REST endpoint
Closes a GCS feature gap by implementing the control plane feature. This retrieves the email address of the Google Cloud Storage service agent for a given project, creating it under the hood if it does not yet exist.
Main changes: