feat: added impersonation as authentication method instead of JSON key download.

Author: caio1985

application/backend/app.ts

@@ -44,7 +44,7 @@ app.use(
   cors({
     origin: "*",
     methods: "GET, PUT, POST, DELETE",
-    allowedHeaders: "Content-Type",
+    allowedHeaders: "Content-Type, Content-Encoding, enctype, x-server-timeout"
   })
 );
 

application/backend/package.json

@@ -19,7 +19,9 @@
     "body-parser": "^1.20.3",
     "compression": "^1.8.0",
     "cors": "^2.8.5",
+    "dotenv": "^16.5.0",
     "express": "^4.21.2",
+    "google-auth-library": "^9.15.1",
     "multer": "1.4.5-lts.1",
     "pako": "^2.1.0",
     "pino-http": "^10.4.0"

application/backend/server.ts

@@ -1,3 +1,7 @@
+// Load environment variables from .env file before any other imports
+import dotenv from "dotenv";
+dotenv.config({ path: "../.env" });
+
 /*
 Copyright 2024 Google LLC
 
@@ -14,7 +18,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { app } from "./app"
+// Now import other modules that might use the loaded env variables
+import { app } from "./app";
 import { log } from "./logging";
 
 const port = process.env.PORT ? parseInt(process.env.PORT) : 8080;

application/backend/services/optimization.ts

@@ -16,6 +16,7 @@ limitations under the License.
 
 import { v1 } from "@google-cloud/routeoptimization";
 import { google } from "@google-cloud/routeoptimization/build/protos/protos";
+import { GoogleAuth } from "google-auth-library";
 import { CallOptions } from "google-gax";
 
 import { log } from "../logging";
@@ -28,9 +29,29 @@ class FleetRoutingService {
     if (!process.env.PROJECT_ID) {
       throw Error("Missing required environment variable: PROJECT_ID");
     }
+    if (!process.env.IMPERSONATED_SERVICE_ACCOUNT) {
+      throw Error(
+        "Missing required environment variable: IMPERSONATED_SERVICE_ACCOUNT"
+      );
+    }
     this._parent = `projects/${process.env.PROJECT_ID}`;
 
+    const targetPrincipal = process.env.IMPERSONATED_SERVICE_ACCOUNT;
+    const scopes = ["https://www.googleapis.com/auth/cloud-platform"];
+
+    // Configure GoogleAuth for impersonation
+    const auth = new GoogleAuth({
+      scopes: scopes,
+      // Specify the target service account for impersonation
+      clientOptions: {
+        subject: targetPrincipal,
+      },
+      // Ensure the project ID is used if not implicitly picked up
+      projectId: process.env.PROJECT_ID,
+    });
+
     this._client = new v1.RouteOptimizationClient({
+      auth: auth, // Use the configured GoogleAuth instance
       "grpc.keepalive_time_ms": 120000, // 2m
       "grpc.keepalive_timeout_ms": 10000, // 10s
       "grpc.http2.max_pings_without_data": 0,

docs/development.md

@@ -167,7 +167,7 @@ Populate `application/.env` file with the details of your Google Cloud project a
 | API_ROOT | URL of the backend API (probably `http://localhost:8080/api`) |  |
 | FRONTEND_PROXY | URL of the frontend Angular development server (probably `http://localhost:4200/`) - *FOR DEVELOPMENT USE ONLY* |  |
 | MAP_API_KEY | API Key to load Google Maps JavaScript API in frontend (see [*Authentication*](#authentication) section) |  |
-| GOOGLE_APPLICATION_CREDENTIALS | Path to a service account credentials JSON file to authenticate Google API requests (see [*Authentication*](#authentication) section) | *Default application credentials* |
+| IMPERSONATED_SERVICE_ACCOUNT | Service Account to impersonate (Used by backend for Route Optimization API calls) (see [*Authentication*](#authentication) section) | |
 | **Optional** | | |
 | LOG_FORMAT | Log format to output (`google` or `pretty`) | `google` |
 | LOG_LEVEL | Minimum [Pino log level](https://getpino.io/#/docs/api?id=level-string) to output | `info` |