fix(gcs): resolve credential conflict and improve backup logging (#7951)

* fix(gcs): resolve credential conflict and improve backup logging

- Workaround GCS SDK's "multiple credential options" error by manually constructing an authenticated HTTP client.
- Include source entry path in filer backup error logs for better visibility on missing volumes/404s.

* fix: address PR review feedback

- Add nil check for EventNotification in getSourceKey
- Avoid reassigning google_application_credentials parameter in gcs_sink.go

* fix(gcs): return errors instead of calling glog.Fatalf in initialize

Adheres to Go best practices and allows for more graceful failure handling by callers.

* read from bind ip

weed/replication/sink/gcssink/gcs_sink.go

@@ -4,14 +4,15 @@ import (
 	"context"
 	"fmt"
 	"os"
-
-	"github.com/seaweedfs/seaweedfs/weed/replication/repl_util"
+	"strings"
 
 	"cloud.google.com/go/storage"
+	"github.com/seaweedfs/seaweedfs/weed/replication/repl_util"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/google"
 	"google.golang.org/api/option"
 
 	"github.com/seaweedfs/seaweedfs/weed/filer"
-	"github.com/seaweedfs/seaweedfs/weed/glog"
 	"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
 	"github.com/seaweedfs/seaweedfs/weed/replication/sink"
 	"github.com/seaweedfs/seaweedfs/weed/replication/source"
@@ -60,16 +61,30 @@ func (g *GcsSink) initialize(google_application_credentials, bucketName, dir str
 	g.dir = dir
 
 	// Creates a client.
-	if google_application_credentials == "" {
-		var found bool
-		google_application_credentials, found = os.LookupEnv("GOOGLE_APPLICATION_CREDENTIALS")
-		if !found {
-			glog.Fatalf("need to specific GOOGLE_APPLICATION_CREDENTIALS env variable or google_application_credentials in replication.toml")
+	var clientOpts []option.ClientOption
+	if google_application_credentials != "" {
+		var data []byte
+		var err error
+		if strings.HasPrefix(google_application_credentials, "{") {
+			data = []byte(google_application_credentials)
+		} else {
+			googleCredentialsPath := util.ResolvePath(google_application_credentials)
+			data, err = os.ReadFile(googleCredentialsPath)
+			if err != nil {
+				return fmt.Errorf("failed to read credentials file %s: %v", googleCredentialsPath, err)
+			}
 		}
+		creds, err := google.CredentialsFromJSON(context.Background(), data, storage.ScopeFullControl)
+		if err != nil {
+			return fmt.Errorf("failed to parse credentials: %v", err)
+		}
+		httpClient := oauth2.NewClient(context.Background(), creds.TokenSource)
+		clientOpts = append(clientOpts, option.WithHTTPClient(httpClient), option.WithoutAuthentication())
 	}
-	client, err := storage.NewClient(context.Background(), option.WithCredentialsFile(google_application_credentials))
+	client, err := storage.NewClient(context.Background(), clientOpts...)
 	if err != nil {
-		glog.Fatalf("Failed to create client: %v", err)
+		return fmt.Errorf("failed to create client with credentials \"%s\" env \"%s\": %v",
+			google_application_credentials, os.Getenv("GOOGLE_APPLICATION_CREDENTIALS"), err)
 	}
 
 	g.client = client