Enhance: Support Service Account Application Default Credentials on google.adk.tools.google_api_tool.google_api_tool_sets module #80
Description
[Description of issue]
Currently, Google API tools in google.adk.tools.google_api_tool.google_api_tool_sets modules only support OAuth2 Flow like below code.
from google.adk.tools.google_api_tool.google_api_tool_sets import bigquery_tool_set
# setting for OAuth2 Flow
bigquery_tool_set.configure_auth(os.environ["GOOGLE_CLIENT_ID"], os.environ["GOOGLE_CLIENT_SECRET"])But some use cases of Google Cloud API like BigQuery API need using Application Default Credentials(ADC) for the compute instance( e.g Cloud Run, Agent Engine) Service Account.
But current google_api_tool_sets does not provide ADC auth.
To use the ADC auth, we should set auth setting our own like below.
from google.adk.tools.google_api_tool.google_api_tool_sets import bigquery_tool_set
from google.adk.tools.openapi_tool.auth.auth_helpers import service_account_scheme_credential, ServiceAccount
# Using ServiceAccount with use_default_credential=True to use ADC
sa = ServiceAccount(
use_default_credential=True,
scopes=["https://www.googleapis.com/auth/bigquery"]
)
auth_scheme, auth_credential = service_account_scheme_credential(sa)
bigquery_jobs_query_tool = bigquery_tool_set.get_tool("bigquery_jobs_query")
# Set auth schema and credential to internal rest_api_tool
bigquery_jobs_query_tool.rest_api_tool.auth_scheme = auth_scheme
bigquery_jobs_query_tool.rest_api_tool.auth_credential = auth_credential
agent = Agent(
...
tools=[bigquery_jobs_query_tool]
)[Proposal]
Provide configure_sa_auth method to support auth method for Service Account like below in GoogleApiToolSet.
class GoogleApiToolSet:
def configure_sa_auth(self, service_account: ServiceAccount):
auth_scheme, auth_credential = service_account_scheme_credential(sa)
self.rest_api_tool.auth_scheme = auth_scheme
self.rest_api_tool.auth_credential = auth_credential[Note]
If this proposal is approved, i will send the PR.