ARTIFACTORY: Using ‘useInstanceCredentials’ in the ‘cluster-google-storage’ chain template (binarystore.xml)

Joey Naor
2021-10-14 09:49

One major difference between the two Google Storage binarystore.xml providers is that ‘google-storage’ uses <identity> and <credential> for authentication, while ‘google-storage-v2’ can utilize <useInstanceCredentials>.

By default, the Artifactory HA chain ‘cluster-google-storage’ includes the ‘google-storage’ provider under it, meaning that it requires authentication using <identity> and <credential>.

However, we can manually configure the ‘cluster-google-storage’ chain to use ‘google-storage-v2’ instead, allowing us to utilize its exclusive <useInstanceCredentials> authentication method.

This can be done by slightly changing and mixing the example configurations in the following way:<config version="2">
    <chain> <!--template="cluster-google-storage"-->
        <provider id="cache-fs-eventual-google-storage" type="cache-fs">
            <provider id="sharding-cluster-eventual-google-storage" type="sharding-cluster">
                <sub-provider id="eventual-cluster-google-storage" type="eventual-cluster">
                    <provider id="retry-google-storage" type="retry">
                        <provider id="google-storage-v2" type="google-storage-v2"/>
                    </provider>
                </sub-provider>
                <dynamic-provider id="remote-google-storage" type="remote"/>
            </provider>
        </provider>
    </chain>

    <provider id="google-storage-v2" type="google-storage-v2">
      <bucketName>my-bucket</bucketName>
      <path>filestore</path>
      <bucketExists>true</bucketExists>
      <testConnection>true</testConnection>
      <enableSignedUrlRedirect>false</enableSignedUrlRedirect>
      <useInstanceCredentials>true</useInstanceCredentials>
    </provider>
</config>