ZEPPELIN-3825. Allow custom service account for GCSNotebookRepo

* Added ZEPPELIN_NOTEBOOK_GCS_CREDENTIALS_FILE to ConfVars
* Added functionality in GCSNotebookRepo and OldGCSNotebookRepo
  to get credentials from CREDENTIALS_FILE
* Updated doc string and documentation
This commit is contained in:
sanjaykumar 2018-10-22 18:49:39 -04:00
parent b183c7e06c
commit 84b8da4d5b
5 changed files with 52 additions and 6 deletions

View file

@ -84,6 +84,15 @@
</description>
</property>
<property>
<name>zeppelin.notebook.gcs.credentialsJsonFilePath</name>
<value>path/to/key.json</value>
<description>
Path to GCS credential key file for authentication with Google Storage.
</description>
</property>
<property>
<name>zeppelin.notebook.storage</name>
<value>org.apache.zeppelin.notebook.repo.GCSNotebookRepo</value>

View file

@ -317,7 +317,7 @@ Or, if you want to simultaneously use your local git storage with GCS, use the f
### Google Cloud API Authentication
Note: On Google App Engine, Google Cloud Shell, and Google Compute Engine, these
steps are not necessary, as build-in credentials are used by default.
steps are not necessary if you are using the default built in service account.
For more information, see [Application Default Credentials](https://cloud.google.com/docs/authentication/production)
@ -351,11 +351,25 @@ for authentication with GCS, you will need a JSON service account key file.
`/path/to/my/key.json`), and give it appropriate permissions. Ensure at
least the user running the zeppelin daemon can read it.
Then, point `GOOGLE_APPLICATION_CREDENTIALS` at your new key file in **zeppelin-env.sh**. For example:
If you wish to set this as your default credential file to access Google Services,
point `GOOGLE_APPLICATION_CREDENTIALS` at your new key file in **zeppelin-env.sh**. For example:
```bash
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/key.json
```
If you do not want to use this key file as default credential file and want to specify a custom key
file for authentication with GCS, update the following property :
```xml
<property>
<name>zeppelin.notebook.google.credentialsJsonFilePath</name>
<value>path/to/key.json</value>
<description>
Path to GCS credential key file for authentication with Google Storage.
</description>
</property>
```
</br>
## Notebook Storage in ZeppelinHub <a name="ZeppelinHub"></a>

View file

@ -738,6 +738,7 @@ public class ZeppelinConfiguration extends XMLConfiguration {
// whether homescreen notebook will be hidden from notebook list or not
ZEPPELIN_NOTEBOOK_HOMESCREEN_HIDE("zeppelin.notebook.homescreen.hide", false),
ZEPPELIN_NOTEBOOK_GCS_STORAGE_DIR("zeppelin.notebook.gcs.dir", ""),
ZEPPELIN_NOTEBOOK_GCS_CREDENTIALS_FILE("zeppelin.notebook.google.credentialsJsonFilePath", null),
ZEPPELIN_NOTEBOOK_S3_BUCKET("zeppelin.notebook.s3.bucket", "zeppelin"),
ZEPPELIN_NOTEBOOK_S3_ENDPOINT("zeppelin.notebook.s3.endpoint", "s3.amazonaws.com"),
ZEPPELIN_NOTEBOOK_S3_TIMEOUT("zeppelin.notebook.s3.timeout", "120000"),

View file

@ -17,6 +17,8 @@
package org.apache.zeppelin.notebook.repo;
import com.google.auth.Credentials;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.cloud.storage.Blob;
import com.google.cloud.storage.BlobId;
import com.google.cloud.storage.BlobInfo;
@ -29,6 +31,8 @@ import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.gson.JsonParseException;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
@ -54,7 +58,9 @@ import org.slf4j.LoggerFactory;
* object store, so this "directory" should not itself be an object. Instead, it represents the base
* path for the note.json files.
*
* Authentication is provided by google-auth-library-java.
* Authentication is provided by google-auth-library-java. A custom json key file path
* can be specified by zeppelin.notebook.google.credentialsJsonFilePath to connect with GCS
* If not specified the GOOGLE_APPLICATION_CREDENTIALS will be used to connect to GCS.
* @see <a href="https://github.com/google/google-auth-library-java">
* google-auth-library-java</a>.
*/
@ -113,7 +119,12 @@ public class GCSNotebookRepo implements NotebookRepo {
this.notePathPattern = Pattern.compile("^(.+\\.zpln)$");
}
this.storage = StorageOptions.getDefaultInstance().getService();
Credentials credentials = GoogleCredentials.getApplicationDefault();
String credentialJsonPath = zConf.getString(ConfVars.ZEPPELIN_NOTEBOOK_GCS_CREDENTIALS_FILE);
if (credentialJsonPath != null) {
credentials = GoogleCredentials.fromStream(new FileInputStream(credentialJsonPath));
}
this.storage = StorageOptions.newBuilder().setCredentials(credentials).build().getService();
}
private BlobId makeBlobId(String noteId, String notePath) throws IOException {

View file

@ -17,6 +17,8 @@
package org.apache.zeppelin.notebook.repo;
import com.google.auth.Credentials;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.cloud.storage.Blob;
import com.google.cloud.storage.BlobId;
import com.google.cloud.storage.BlobInfo;
@ -39,6 +41,7 @@ import org.apache.zeppelin.user.AuthenticationInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
@ -56,7 +59,9 @@ import java.util.regex.Pattern;
* object store, so this "directory" should not itself be an object. Instead, it represents the base
* path for the note.json files.
*
* Authentication is provided by google-auth-library-java.
* Authentication is provided by google-auth-library-java. A custom json key file path
* can be specified by zeppelin.notebook.google.credentialsJsonFilePath to connect with GCS
* If not specified the GOOGLE_APPLICATION_CREDENTIALS will be used to connect to GCS.
* @see <a href="https://github.com/google/google-auth-library-java">
* google-auth-library-java</a>.
*/
@ -115,7 +120,13 @@ public class OldGCSNotebookRepo implements OldNotebookRepo {
this.noteNamePattern = Pattern.compile("^([^/]+)/note\\.json$");
}
this.storage = StorageOptions.getDefaultInstance().getService();
Credentials credentials = GoogleCredentials.getApplicationDefault();
String credentialJsonPath = zConf.getString(ConfVars.ZEPPELIN_NOTEBOOK_GCS_CREDENTIALS_FILE);
if (credentialJsonPath != null) {
credentials = GoogleCredentials.fromStream(new FileInputStream(credentialJsonPath));
}
this.storage = StorageOptions.newBuilder().setCredentials(credentials).build().getService();
}
private BlobId makeBlobId(String noteId) {