feat(gcs): allow setting a token directly

core/src/services/gcs/backend.rs

@@ -74,6 +74,8 @@ pub struct GcsConfig {
     pub disable_vm_metadata: bool,
     /// Disable loading configuration from the environment.
     pub disable_config_load: bool,
+    /// A Google Cloud OAuth2 token.
+    pub token: String,
 }
 
 impl Debug for GcsConfig {
@@ -214,6 +216,12 @@ impl GcsBuilder {
         self
     }
 
+    /// Provide the OAuth2 token to use.
+    pub fn token(mut self, token: String) -> Self {
+        self.config.token = token;
+        self
+    }
+
     /// Disable attempting to load credentials from the GCE metadata server.
     pub fn disable_vm_metadata(mut self) -> Self {
         self.config.disable_vm_metadata = true;
@@ -354,6 +362,7 @@ impl Builder for GcsBuilder {
                 client,
                 signer,
                 token_loader,
+                token: self.config.token,
                 credential_loader: cred_loader,
                 predefined_acl: self.config.predefined_acl.clone(),
                 default_storage_class: self.config.default_storage_class.clone(),

core/src/services/gcs/core.rs

@@ -24,6 +24,7 @@ use std::time::Duration;
 use backon::ExponentialBuilder;
 use backon::Retryable;
 use bytes::Bytes;
+use http::header;
 use http::header::CONTENT_LENGTH;
 use http::header::CONTENT_TYPE;
 use http::header::HOST;
@@ -53,6 +54,7 @@ pub struct GcsCore {
     pub client: HttpClient,
     pub signer: GoogleSigner,
     pub token_loader: GoogleTokenLoader,
+    pub token: String,
     pub credential_loader: GoogleCredentialLoader,
 
     pub predefined_acl: Option<String>,
@@ -117,6 +119,12 @@ impl GcsCore {
         }
         let cred = self.load_token().await?;
 
+        if !self.token.is_empty() {
+            let header_value = format!("Bearer {}", self.token);
+            req.headers_mut()
+                .insert(header::AUTHORIZATION, header_value.parse().unwrap());
+        }
+
         self.signer
             .sign(req, &cred)
             .map_err(new_request_sign_error)?;
@@ -141,6 +149,12 @@ impl GcsCore {
             return Ok(());
         }
 
+        if !self.token.is_empty() {
+            let header_value = format!("Bearer {}", self.token);
+            req.headers_mut()
+                .insert(header::AUTHORIZATION, header_value.parse().unwrap());
+        }
+
         // Always remove host header, let users' client to set it based on HTTP
         // version.
         //