Documentation ¶
Overview ¶
Package cloud is the root of the packages used to access Google Cloud Services. See https://pkg.go.dev/cloud.google.com/go for a full list of sub-modules.
Client Options ¶
All clients in sub-packages are configurable via client options. These options are described here: https://pkg.go.dev/google.golang.org/api/option.
Endpoint Override ¶
Endpoint configuration is used to specify the URL to which requests are sent. It is used for services that support or require regional endpoints, as well as for other use cases such as testing against fake servers.
For example, the Vertex AI service recommends that you configure the endpoint to the location with the features you want that is closest to your physical location or the location of your users. There is no global endpoint for Vertex AI. See Vertex AI - Locations for more details. The following example demonstrates configuring a Vertex AI client with a regional endpoint:
ctx := context.Background() endpoint := "us-central1-aiplatform.googleapis.com:443" client, err := aiplatform.NewDatasetClient(ctx, option.WithEndpoint(endpoint))
Authentication and Authorization ¶
All of the clients support authentication via Google Application Default Credentials, or by providing a JSON key file for a Service Account. See examples below.
Google Application Default Credentials (ADC) is the recommended way to authorize and authenticate clients. For information on how to create and obtain Application Default Credentials, see https://cloud.google.com/docs/authentication/production. If you have your environment configured correctly you will not need to pass any extra information to the client libraries. Here is an example of a client using ADC to authenticate:
client, err := secretmanager.NewClient(context.Background()) if err != nil { // TODO: handle error. } _ = client // Use the client.
You can use a file with credentials to authenticate and authorize, such as a JSON key file associated with a Google service account. Service Account keys can be created and downloaded from https://console.cloud.google.com/iam-admin/serviceaccounts. This example uses the Secret Manger client, but the same steps apply to the all other client libraries this package as well. Example:
client, err := secretmanager.NewClient(context.Background(), option.WithCredentialsFile("/path/to/service-account-key.json")) if err != nil { // TODO: handle error. } _ = client // Use the client.
In some cases (for instance, you don't want to store secrets on disk), you can create credentials from in-memory JSON and use the WithCredentials option. This example uses the Secret Manager client, but the same steps apply to all other client libraries as well. Note that scopes can be found at https://developers.google.com/identity/protocols/oauth2/scopes, and are also provided in all auto-generated libraries: for example, cloud.google.com/go/secretmanager/apiv1 provides DefaultAuthScopes. Example:
ctx := context.Background() // https://pkg.go.dev/cloud.google.com/go/auth/credentials creds, err := credentials.DetectDefault(&credentials.DetectOptions{ Scopes: secretmanager.DefaultAuthScopes(), CredentialsJSON: []byte("JSON creds") }), secretmanager.DefaultAuthScopes()...) if err != nil { // TODO: handle error. } client, err := secretmanager.NewClient(ctx, option.WithAuthCredentials(creds)) if err != nil { // TODO: handle error. } _ = client // Use the client.
Timeouts and Cancellation ¶
By default, non-streaming methods, like Create or Get, will have a default deadline applied to the context provided at call time, unless a context deadline is already set. Streaming methods have no default deadline and will run indefinitely. To set timeouts or arrange for cancellation, use context. Transient errors will be retried when correctness allows.
Here is an example of setting a timeout for an RPC using context.WithTimeout:
ctx := context.Background() // Do not set a timeout on the context passed to NewClient: dialing happens // asynchronously, and the context is used to refresh credentials in the // background. client, err := secretmanager.NewClient(ctx) if err != nil { // TODO: handle error. } // Time out if it takes more than 10 seconds to create a dataset. tctx, cancel := context.WithTimeout(ctx, 10*time.Second) defer cancel() // Always call cancel. req := &secretmanagerpb.DeleteSecretRequest{Name: "projects/project-id/secrets/name"} if err := client.DeleteSecret(tctx, req); err != nil { // TODO: handle error. }
Here is an example of setting a timeout for an RPC using github.com/googleapis/gax-go/v2.WithTimeout:
ctx := context.Background() // Do not set a timeout on the context passed to NewClient: dialing happens // asynchronously, and the context is used to refresh credentials in the // background. client, err := secretmanager.NewClient(ctx) if err != nil { // TODO: handle error. } req := &secretmanagerpb.DeleteSecretRequest{Name: "projects/project-id/secrets/name"} // Time out if it takes more than 10 seconds to create a dataset. if err := client.DeleteSecret(tctx, req, gax.WithTimeout(10*time.Second)); err != nil { // TODO: handle error. }
Here is an example of how to arrange for an RPC to be canceled, use context.WithCancel:
ctx := context.Background() // Do not cancel the context passed to NewClient: dialing happens asynchronously, // and the context is used to refresh credentials in the background. client, err := secretmanager.NewClient(ctx) if err != nil { // TODO: handle error. } cctx, cancel := context.WithCancel(ctx) defer cancel() // Always call cancel. // TODO: Make the cancel function available to whatever might want to cancel the // call--perhaps a GUI button. req := &secretmanagerpb.DeleteSecretRequest{Name: "projects/proj/secrets/name"} if err := client.DeleteSecret(cctx, req); err != nil { // TODO: handle error. }
Do not attempt to control the initial connection (dialing) of a service by setting a timeout on the context passed to NewClient. Dialing is non-blocking, so timeouts would be ineffective and would only interfere with credential refreshing, which uses the same context.
Headers ¶
Regardless of which transport is used, request headers can be set in the same way using [`callctx.SetHeaders`]setheaders.
Here is a generic example:
// Set the header "key" to "value". ctx := callctx.SetHeaders(context.Background(), "key", "value") // Then use ctx in a subsequent request. response, err := client.GetSecret(ctx, request)
## Google-reserved headers
There are a some header keys that Google reserves for internal use that must not be ovewritten. The following header keys are broadly considered reserved and should not be conveyed by client library users unless instructed to do so:
* `x-goog-api-client` * `x-goog-request-params`
Be sure to check the individual package documentation for other service-specific reserved headers. For example, Storage supports a specific auditing header that is mentioned in that [module's documentation]storagedocs.
## Google Cloud system parameters
Google Cloud services respect system parameterssystem parameters that can be used to augment request and/or response behavior. For the most part, they are not needed when using one of the enclosed client libraries. However, those that may be necessary are made available via the [`callctx`]callctx package. If not present there, consider opening an issue on that repo to request a new constant.
Connection Pooling ¶
Connection pooling differs in clients based on their transport. Cloud clients either rely on HTTP or gRPC transports to communicate with Google Cloud.
Cloud clients that use HTTP rely on the underlying HTTP transport to cache connections for later re-use. These are cached to the http.MaxIdleConns and http.MaxIdleConnsPerHost settings in http.DefaultTransport by default.
For gRPC clients, connection pooling is configurable. Users of Cloud Client Libraries may specify option.WithGRPCConnectionPool(n) as a client option to NewClient calls. This configures the underlying gRPC connections to be pooled and accessed in a round robin fashion.
Using the Libraries in Container environments(Docker) ¶
Minimal container images like Alpine lack CA certificates. This causes RPCs to appear to hang, because gRPC retries indefinitely. See https://github.com/googleapis/google-cloud-go/issues/928 for more information.
Debugging ¶
For tips on how to write tests against code that calls into our libraries check out our Debugging Guide.
Testing ¶
For tips on how to write tests against code that calls into our libraries check out our Testing Guide.
Inspecting errors ¶
Most of the errors returned by the generated clients are wrapped in an github.com/googleapis/gax-go/v2/apierror.APIError and can be further unwrapped into a google.golang.org/grpc/status.Status or google.golang.org/api/googleapi.Error depending on the transport used to make the call (gRPC or REST). Converting your errors to these types can be a useful way to get more information about what went wrong while debugging.
APIError gives access to specific details in the error. The transport-specific errors can still be unwrapped using the APIError.
if err != nil { var ae *apierror.APIError if errors.As(err, &ae) { log.Println(ae.Reason()) log.Println(ae.Details().Help.GetLinks()) } }
If the gRPC transport was used, the google.golang.org/grpc/status.Status can still be parsed using the google.golang.org/grpc/status.FromError function.
if err != nil { if s, ok := status.FromError(err); ok { log.Println(s.Message()) for _, d := range s.Proto().Details { log.Println(d) } } }
Client Stability ¶
Semver is used to communicate stability of the sub-modules of this package. Note, some stable sub-modules do contain packages, and sometimes features, that are considered unstable. If something is unstable it will be explicitly labeled as such. Example of package does in an unstable package:
NOTE: This package is in beta. It is not stable, and may be subject to changes.
Clients that contain alpha and beta in their import path may change or go away without notice.
Clients marked stable will maintain compatibility with future versions for as long as we can reasonably sustain. Incompatible changes might be made in some situations, including:
- Security bugs may prompt backwards-incompatible changes.
- Situations in which components are no longer feasible to maintain without making breaking changes, including removal.
- Parts of the client surface may be outright unstable and subject to change. These parts of the surface will be labeled with the note, "It is EXPERIMENTAL and subject to change or removal without notice."
Directories ¶
Path | Synopsis |
---|---|
accessapproval
module
|
|
accesscontextmanager
module
|
|
advisorynotifications
module
|
|
ai
module
|
|
aiplatform
module
|
|
alloydb
module
|
|
alloydbconn
module
|
|
analytics
module
|
|
apigateway
module
|
|
apigeeconnect
module
|
|
apigeeregistry
module
|
|
apihub
module
|
|
apikeys
module
|
|
appengine
module
|
|
apphub
module
|
|
apps
module
|
|
area120
module
|
|
artifactregistry
module
|
|
asset
module
|
|
assuredworkloads
module
|
|
auth
module
|
|
oauth2adapt
Module
|
|
automl
module
|
|
backupdr
module
|
|
baremetalsolution
module
|
|
batch
module
|
|
beyondcorp
module
|
|
bigquery
module
|
|
bigtable
module
|
|
billing
module
|
|
binaryauthorization
module
|
|
cbt
module
|
|
certificatemanager
module
|
|
channel
module
|
|
chat
module
|
|
Package civil implements types for civil time, a time-zone-independent representation of time that follows the rules of the proleptic Gregorian calendar with exactly 24-hour days, 60-minute hours, and 60-second minutes.
|
Package civil implements types for civil time, a time-zone-independent representation of time that follows the rules of the proleptic Gregorian calendar with exactly 24-hour days, 60-minute hours, and 60-second minutes. |
cloudbuild
module
|
|
cloudcontrolspartner
module
|
|
clouddms
module
|
|
cloudprofiler
module
|
|
cloudquotas
module
|
|
cloudsqlconn
module
|
|
cloudtasks
module
|
|
commerce
module
|
|
compute
module
|
|
metadata
Module
|
|
confidentialcomputing
module
|
|
config
module
|
|
contactcenterinsights
module
|
|
container
module
|
|
containeranalysis
module
|
|
datacatalog
module
|
|
dataflow
module
|
|
dataform
module
|
|
datafusion
module
|
|
datalabeling
module
|
|
dataplex
module
|
|
dataproc
module
|
|
dataqna
module
|
|
datastore
module
|
|
datastream
module
|
|
debugger
|
|
apiv2
Package debugger is an auto-generated package for the Stackdriver Debugger API.
|
Package debugger is an auto-generated package for the Stackdriver Debugger API. |
deploy
module
|
|
developerconnect
module
|
|
dialogflow
module
|
|
discoveryengine
module
|
|
dlp
module
|
|
documentai
module
|
|
domains
module
|
|
edgecontainer
module
|
|
edgenetwork
module
|
|
errorreporting
module
|
|
essentialcontacts
module
|
|
eventarc
module
|
|
filestore
module
|
|
firestore
module
|
|
functions
module
|
|
gaming
module
|
|
gkebackup
module
|
|
gkeconnect
module
|
|
gkehub
module
|
|
gkemulticloud
module
|
|
grafeas
module
|
|
gsuiteaddons
module
|
|
Package httpreplay provides an API for recording and replaying traffic from HTTP-based Google API clients.
|
Package httpreplay provides an API for recording and replaying traffic from HTTP-based Google API clients. |
internal/proxy
Package proxy provides a record/replay HTTP proxy.
|
Package proxy provides a record/replay HTTP proxy. |
iam
module
|
|
iap
module
|
|
identitytoolkit
module
|
|
ids
module
|
|
btree
Package btree implements in-memory B-Trees of arbitrary degree.
|
Package btree implements in-memory B-Trees of arbitrary degree. |
detect
Package detect is used find information from the environment.
|
Package detect is used find information from the environment. |
fields
Package fields provides a view of the fields of a struct that follows the Go rules, amended to consider tags and case insensitivity.
|
Package fields provides a view of the fields of a struct that follows the Go rules, amended to consider tags and case insensitivity. |
leakcheck
Package leakcheck contains functions to check leaked goroutines.
|
Package leakcheck contains functions to check leaked goroutines. |
optional
Package optional provides versions of primitive types that can be nil.
|
Package optional provides versions of primitive types that can be nil. |
pretty
Package pretty implements a simple pretty-printer.
|
Package pretty implements a simple pretty-printer. |
protostruct
Package protostruct supports operations on the protocol buffer Struct message.
|
Package protostruct supports operations on the protocol buffer Struct message. |
testutil
Package testutil contains helper functions for writing tests.
|
Package testutil contains helper functions for writing tests. |
tracecontext
Package tracecontext provides encoders and decoders for Stackdriver Trace contexts.
|
Package tracecontext provides encoders and decoders for Stackdriver Trace contexts. |
uid
Package uid supports generating unique IDs.
|
Package uid supports generating unique IDs. |
version
Package version contains version information for Google Cloud Client Libraries for Go, as reported in request headers.
|
Package version contains version information for Google Cloud Client Libraries for Go, as reported in request headers. |
aliasfix
Module
|
|
aliasgen
Module
|
|
examples/fake
Module
|
|
examples/mock
Module
|
|
gapicgen
Module
|
|
gensnippets
Module
|
|
godocfx
Module
|
|
postprocessor
Module
|
|
iot
module
|
|
kms
module
|
|
language
module
|
|
lifesciences
module
|
|
logging
module
|
|
longrunning
module
|
|
managedidentities
module
|
|
managedkafka
module
|
|
maps
module
|
|
mediatranslation
module
|
|
memcache
module
|
|
metastore
module
|
|
migrationcenter
module
|
|
monitoring
module
|
|
netapp
module
|
|
networkconnectivity
module
|
|
networkmanagement
module
|
|
networksecurity
module
|
|
networkservices
module
|
|
notebooks
module
|
|
optimization
module
|
|
oracledatabase
module
|
|
orchestration
module
|
|
orgpolicy
module
|
|
osconfig
module
|
|
oslogin
module
|
|
parallelstore
module
|
|
phishingprotection
module
|
|
policysimulator
module
|
|
policytroubleshooter
module
|
|
privatecatalog
module
|
|
privilegedaccessmanager
module
|
|
profiler
module
|
|
pubsub
module
|
|
pubsublite
module
|
|
rapidmigrationassessment
module
|
|
recaptchaenterprise
module
|
|
recommendationengine
module
|
|
recommender
module
|
|
redis
module
|
|
resourcemanager
module
|
|
resourcesettings
module
|
|
retail
module
|
|
Package rpcreplay supports the capture and replay of gRPC calls.
|
Package rpcreplay supports the capture and replay of gRPC calls. |
run
module
|
|
scheduler
module
|
|
secretmanager
module
|
|
securesourcemanager
module
|
|
security
module
|
|
securitycenter
module
|
|
securitycentermanagement
module
|
|
securityposture
module
|
|
servicecontrol
module
|
|
servicedirectory
module
|
|
servicehealth
module
|
|
servicemanagement
module
|
|
serviceusage
module
|
|
shell
module
|
|
shopping
module
|
|
spanner
module
|
|
speech
module
|
|
storage
module
|
|
storageinsights
module
|
|
storagetransfer
module
|
|
streetview
module
|
|
support
module
|
|
talent
module
|
|
telcoautomation
module
|
|
texttospeech
module
|
|
third_party
|
|
pkgsite
Package pkgsite is not for external use.
|
Package pkgsite is not for external use. |
tpu
module
|
|
trace
module
|
|
translate
module
|
|
vertexai
module
|
|
video
module
|
|
videointelligence
module
|
|
vision
module
|
|
visionai
module
|
|
vmmigration
module
|
|
vmwareengine
module
|
|
vpcaccess
module
|
|
webrisk
module
|
|
websecurityscanner
module
|
|
workflows
module
|
|
workstations
module
|