A collection of Rust packages related to the Google Cloud Platform, in the spirit of Are We X Yet.

Stars ⭐ indicate my preferred stack.

Requests to Google Cloud services (both REST and gRPC) require a bearer Authorization header. This token is an expiring token, typically associated with a service account.

For code running in a Google VM (e.g. Compute Engine, Cloud Run, Cloud Build), it's possible to obtain the token for a service account using the metadata service, a special REST service available only inside this environment.

Otherwise, you can download a service account JSON file and use that to generate temporary tokens.

Many libraries are designed for the JSON-based approach and may require it even when running in environments where the metadata service would be available.

Just because a service has an API spec doesn't mean that the specified API is generally available to users. In particular, cloud storage is only generally available through a REST API even though a gRPC spec exists.

Google Cloud APIs are all specified as gRPC interfaces, which are implemented as both gRPC and REST APIs. For the most part, there is a 1:1 correspondence between the REST and gRPC APIs, but it's not perfect. I prefer gRPC APIs, in part because they seem to back the official clients and be higher priority to Google.

Unless otherwise noted, the libraries below target asynchronous Rust. The stack is pretty consistent across crates: tokio as the runtime, hyper as an HTTP client, tonic for gRPC.

Synchronous auto-renewed tokens.

Asynchronous auto-renewed tokens.

Auto-generated Rust bindings to gRPC APIs based on tonic. No direct support for authentication; instead, tonic clients can be wrapped in middleware for authentication. Single crate with each API behind a feature flag.

Auto-generated Rust bindings to the REST APIs based on hyper. One crate per API; see list of crates. Uses yup-oauth2 for authentication.

Idiomatic Rust bindings for some GCP services, including storage, based on gRPC APIs and tonic. Only supports JSON service account authentication.

Google Cloud Storage is Google's blob store, roughly equivalent to Amazon S3. Although a gRPC API spec exists, it is not (as far as I can tell) available to regular users outside of Google.

Only supports JSON service account authentication (file or directly through non-standard env vars).

Minimal API, for bucket-scoped access; built in service account authentication (standard env var) and pluggable.

Google Cloud Platform attempts to parse emitted log lines as JSON, which are allowed to contain both arbitrary key/values and well-known keys like “severity”. Libraries exist for integrating a number of popular logging/telemetry crates to emit this format.

This functionality originally came from a company Google acquired called Stackdriver. Officially, that branding has been phased out in favor of Google Cloud Operations Suite.

A tracing subscriber for stackdriver. Prints logs to stderr.

A log subscriber for stackdriver. Prints logs to stderr.

OpenTelemetry exporter for stackdriver. Writes logs over gRPC.

Confusingly, there are several similarly-named databases under the Google Cloud Platform umbrella:

• Firestore
• Firebase
• Datastore

Firestore is the database Google gently steers you towards for new projects, but I haven't seen any indication that the others are going away.

A simple object-document mapper built on firestore-serde.

Conversion between native Rust types and Firestore Values using Serde. For use with the googapis interface to Firestore.

Access to metadata for VMs running on GCP.