Package cloud is the root of the packages used to access Google CloudServices. Seehttps://pkg.go.dev/cloud.google.com/go#section-directories for afull list of sub-modules.

Client Options

All clients in sub-packages are configurable via client options. These optionsare described here:https://pkg.go.dev/google.golang.org/api/option.

Endpoint Override

Endpoint configuration is used to specify the URL to which requests aresent. It is used for services that support or require regional endpoints, aswell as for other use cases such astesting against fake servers.

For example, the Vertex AI service recommends that you configure the endpoint tothe location with the features you want that is closest to your physicallocation or the location of your users. There is no global endpoint for VertexAI. SeeVertex AI - Locations for more details. The following exampledemonstrates configuring a Vertex AI client with a regional endpoint:

ctx:=context.Background()endpoint:="us-central1-aiplatform.googleapis.com:443"client,err:=aiplatform.NewDatasetClient(ctx,option.WithEndpoint(endpoint))

Authentication and Authorization

All of the clients support authentication viaGoogle Application Default Credentials,or by providing a JSON key file for a Service Account. See examples below.

Google Application Default Credentials (ADC) is the recommended way to authorizeand authenticate clients. For information on how to create and obtainApplication Default Credentials, seehttps://cloud.google.com/docs/authentication/production. If you have yourenvironment configured correctly you will not need to pass any extra informationto the client libraries. Here is an example of a client using ADC toauthenticate:

client,err:=secretmanager.NewClient(context.Background())iferr!=nil{// TODO: handle error.}_=client// Use the client.

You can use a file with credentials to authenticate and authorize, such as aJSON key file associated with a Google service account. Service Account keys canbe created and downloaded fromhttps://console.cloud.google.com/iam-admin/serviceaccounts.This example uses the Secret Manger client, but the same steps apply to theall other client libraries this package as well. Example:

client,err:=secretmanager.NewClient(context.Background(),option.WithCredentialsFile("/path/to/service-account-key.json"))iferr!=nil{// TODO: handle error.}_=client// Use the client.

In some cases (for instance, you don't want to store secrets on disk), you cancreate credentials from in-memory JSON and use the WithCredentials option.This example uses the Secret Manager client, but the same steps apply toall other client libraries as well. Note that scopes can befound athttps://developers.google.com/identity/protocols/oauth2/scopes, andare also provided in all auto-generated libraries: for example,cloud.google.com/go/secretmanager/apiv1 provides DefaultAuthScopes. Example:

ctx:=context.Background()// https://pkg.go.dev/cloud.google.com/go/auth/credentialscreds,err:=credentials.DetectDefault(&credentials.DetectOptions{Scopes:secretmanager.DefaultAuthScopes(),CredentialsJSON:[]byte("JSON creds")}),secretmanager.DefaultAuthScopes()...)iferr!=nil{// TODO: handle error.}client,err:=secretmanager.NewClient(ctx,option.WithAuthCredentials(creds))iferr!=nil{// TODO: handle error.}_=client// Use the client.

Timeouts and Cancellation

By default, non-streaming methods, like Create or Get, will have a defaultdeadline applied to the context provided at call time, unless a context deadlineis already set. Streaming methods have no default deadline and will runindefinitely. To set timeouts or arrange for cancellation, usecontext. Transient errors will be retried when correctness allows.

Here is an example of setting a timeout for an RPC usingcontext.WithTimeout:

ctx:=context.Background()// Do not set a timeout on the context passed to NewClient: dialing happens// asynchronously, and the context is used to refresh credentials in the// background.client,err:=secretmanager.NewClient(ctx)iferr!=nil{// TODO: handle error.}// Time out if it takes more than 10 seconds to create a dataset.tctx,cancel:=context.WithTimeout(ctx,10*time.Second)defercancel()// Always call cancel.req:=&secretmanagerpb.DeleteSecretRequest{Name:"projects/project-id/secrets/name"}iferr:=client.DeleteSecret(tctx,req);err!=nil{// TODO: handle error.}

Here is an example of setting a timeout for an RPC usinggithub.com/googleapis/gax-go/v2.WithTimeout:

ctx:=context.Background()// Do not set a timeout on the context passed to NewClient: dialing happens// asynchronously, and the context is used to refresh credentials in the// background.client,err:=secretmanager.NewClient(ctx)iferr!=nil{// TODO: handle error.}req:=&secretmanagerpb.DeleteSecretRequest{Name:"projects/project-id/secrets/name"}// Time out if it takes more than 10 seconds to create a dataset.iferr:=client.DeleteSecret(tctx,req,gax.WithTimeout(10*time.Second));err!=nil{// TODO: handle error.}

Here is an example of how to arrange for an RPC to be canceled, usecontext.WithCancel:

ctx:=context.Background()// Do not cancel the context passed to NewClient: dialing happens asynchronously,// and the context is used to refresh credentials in the background.client,err:=secretmanager.NewClient(ctx)iferr!=nil{// TODO: handle error.}cctx,cancel:=context.WithCancel(ctx)defercancel()// Always call cancel.// TODO: Make the cancel function available to whatever might want to cancel the// call--perhaps a GUI button.req:=&secretmanagerpb.DeleteSecretRequest{Name:"projects/proj/secrets/name"}iferr:=client.DeleteSecret(cctx,req);err!=nil{// TODO: handle error.}

Do not attempt to control the initial connection (dialing) of a service bysetting a timeout on the context passed to NewClient. Dialing is non-blocking,so timeouts would be ineffective and would only interfere with credentialrefreshing, which uses the same context.

Headers

Regardless of which transport is used, request headers can be set in the sameway using [callctx.SetHeaders]setheaders.

Here is a generic example:

// Set the header "key" to "value".ctx:=callctx.SetHeaders(context.Background(),"key","value")// Then use ctx in a subsequent request.response,err:=client.GetSecret(ctx,request)

Google-reserved headers

There are a some header keys that Google reserves for internal use that mustnot be ovewritten. The following header keys are broadly considered reservedand should not be conveyed by client library users unless instructed to do so:

*x-goog-api-client*x-goog-request-params

Be sure to check the individual package documentation for other service-specificreserved headers. For example, Storage supports a specific auditing header thatis mentioned in that [module's documentation]storagedocs.

Google Cloud system parameters

Google Cloud services respectsystem parameterssystem parameters that can beused to augment request and/or response behavior. For the most part, they arenot needed when using one of the enclosed client libraries. However, those thatmay be necessary are made available via the [callctx]callctx package. If notpresent there, consider opening an issue on that repo to request a new constant.

Connection Pooling

Connection pooling differs in clients based on their transport. Cloudclients either rely on HTTP or gRPC transports to communicatewith Google Cloud.

Cloud clients that use HTTP rely on the underlying HTTP transport to cacheconnections for later re-use. These are cached to the http.MaxIdleConnsand http.MaxIdleConnsPerHost settings in http.DefaultTransport by default.

For gRPC clients, connection pooling is configurable. Users of Cloud ClientLibraries may specifygoogle.golang.org/api/option.WithGRPCConnectionPoolas a client option to NewClient calls. This configures the underlying gRPCconnections to be pooled and accessed in a round robin fashion.

Using the Libraries in Container environments(Docker)

Minimal container images like Alpine lack CA certificates. This causes RPCs toappear to hang, because gRPC retries indefinitely. Seehttps://github.com/googleapis/google-cloud-go/issues/928 for more information.

Debugging

For tips on how to write tests against code that calls into our libraries checkout ourDebugging Guide.

Testing

For tips on how to write tests against code that calls into our libraries checkout ourTesting Guide.

Inspecting errors

Most of the errors returned by the generated clients are wrapped in angithub.com/googleapis/gax-go/v2/apierror.APIError and can be further unwrappedinto agoogle.golang.org/grpc/status.Status orgoogle.golang.org/api/googleapi.Error depending on the transport used to makethe call (gRPC or REST). Converting your errors to these types can be a usefulway to get more information about what went wrong while debugging.

APIError gives access to specific details in the error. The transport-specificerrors can still be unwrapped using the APIError.

iferr!=nil{varae*apierror.APIErroriferrors.As(err,&ae){log.Println(ae.Reason())log.Println(ae.Details().Help.GetLinks())}// If a gRPC transport was used you can extract the// google.golang.org/grpc/status.Status from the errors:=ae.GRPCStatus()log.Println(s.Code())}

Client Stability

Semver is used to communicate stability of the sub-modules of this package.Note, some stable sub-modules do contain packages, and sometimes features, thatare considered unstable. If something is unstable it will be explicitly labeledas such. Example of package does in an unstable package:

NOTE:Thispackageisinbeta.Itisnotstable,andmaybesubjecttochanges.

Clients that contain alpha and beta in their import path may change or go awaywithout notice.

Clients marked stable will maintain compatibility with future versions for aslong as we can reasonably sustain. Incompatible changes might be made in somesituations, including:

• Security bugs may prompt backwards-incompatible changes.
• Situations in which components are no longer feasible to maintain withoutmaking breaking changes, including removal.
• Parts of the client surface may be outright unstable and subject to change.These parts of the surface will be labeled with the note, "It is EXPERIMENTALand subject to change or removal without notice."