From d98fc2753aacab063e3b6fae79fe9a1a55c0dfb9 Mon Sep 17 00:00:00 2001
From: Alexander Gramovich <34745780+ggramal@users.noreply.github.com>
Date: Wed, 17 Sep 2025 17:01:28 +0300
Subject: [PATCH] logical-backup:gcs_upload: try to use gcp metadata if
 LOGICAL_GOOGLE_APPLICATION_CREDENTIALS is not set (#2837)

Co-authored-by: Felix Kunde <felix-kunde@gmx.de>
---
 logical-backup/dump.sh | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/logical-backup/dump.sh b/logical-backup/dump.sh
index 25641c3b5..a250670a6 100755
--- a/logical-backup/dump.sh
+++ b/logical-backup/dump.sh
@@ -122,7 +122,21 @@ function aws_upload {
 function gcs_upload {
     PATH_TO_BACKUP=gs://$LOGICAL_BACKUP_S3_BUCKET"/"$LOGICAL_BACKUP_S3_BUCKET_PREFIX"/"$SCOPE$LOGICAL_BACKUP_S3_BUCKET_SCOPE_SUFFIX"/logical_backups/"$(date +%s).sql.gz
 
-    gsutil -o Credentials:gs_service_key_file=$LOGICAL_BACKUP_GOOGLE_APPLICATION_CREDENTIALS cp - "$PATH_TO_BACKUP"
+    #Set local LOGICAL_GOOGLE_APPLICATION_CREDENTIALS to nothing or
+    #value of LOGICAL_GOOGLE_APPLICATION_CREDENTIALS env var. Needed
+    #because `set -o nounset` is globally set
+    local LOGICAL_BACKUP_GOOGLE_APPLICATION_CREDENTIALS=${LOGICAL_BACKUP_GOOGLE_APPLICATION_CREDENTIALS:-}
+
+    GSUTIL_OPTIONS=("-o" "Credentials:gs_service_key_file=$LOGICAL_BACKUP_GOOGLE_APPLICATION_CREDENTIALS")
+
+    #If GOOGLE_APPLICATION_CREDENTIALS is not set try to get
+    #creds from metadata
+    if [[ -z $LOGICAL_BACKUP_GOOGLE_APPLICATION_CREDENTIALS ]]
+    then
+	    GSUTIL_OPTIONS[1]="GoogleCompute:service_account=default"
+    fi
+
+    gsutil ${GSUTIL_OPTIONS[@]} cp - "$PATH_TO_BACKUP"
 }
 
 function upload {