worker: refactor handling of GCP credentials

Make the handling of GCP credentials more consistent with what is being done e.g. for Azure. Make the GCP section in worker's configuration a pointer so that it does not show up in the printed worker's configuration during start up if it was not specified in the actual configuration file. Load the GCP credentials file, if provided, during the worker start up to prevent failure later on while processing a job with GCP upload target. Pass the loaded GCP credentials as []byte to the OSBuildJobImpl. Signed-off-by: Tomas Hozza <thozza@redhat.com>
2021-03-10 14:56:48 +01:00 · 2021-03-10 14:56:48 +01:00 · 7e6adec695
commit 7e6adec695
parent 87d82e529d
2 changed files with 24 additions and 25 deletions
--- a/cmd/osbuild-worker/jobimpl-osbuild.go
+++ b/cmd/osbuild-worker/jobimpl-osbuild.go
@ -29,11 +29,11 @@ import (
 )

 type OSBuildJobImpl struct {
-	Store        string
-	Output       string
-	KojiServers  map[string]koji.GSSAPICredentials
-	GCPCredsPath string
-	AzureCreds   *azure.Credentials
+	Store       string
+	Output      string
+	KojiServers map[string]koji.GSSAPICredentials
+	GCPCreds    []byte
+	AzureCreds  *azure.Credentials
 }

 func packageMetadataToSignature(pkg osbuild.RPMPackageMetadata) *string {
@ -261,20 +261,7 @@ func (impl *OSBuildJobImpl) Run(job worker.Job) error {
 				continue
 			}

-			// Check if the credentials file was provided in the worker configuration,
-			// otherwise let it up to the Google client library to authenticate
-			var gcpCreds []byte
-			if impl.GCPCredsPath != "" {
-				gcpCreds, err = ioutil.ReadFile(impl.GCPCredsPath)
-				if err != nil {
-					r = append(r, err)
-					continue
-				}
-			} else {
-				gcpCreds = nil
-			}
-
-			g, err := gcp.New(gcpCreds)
+			g, err := gcp.New(impl.GCPCreds)
 			if err != nil {
 				r = append(r, err)
 				continue
--- a/cmd/osbuild-worker/main.go
+++ b/cmd/osbuild-worker/main.go
@ -84,7 +84,7 @@ func main() {
 				KeyTab    string `toml:"keytab"`
 			} `toml:"kerberos,omitempty"`
 		} `toml:"koji"`
-		GCP struct {
+		GCP *struct {
 			Credentials string `toml:"credentials"`
 		} `toml:"gcp"`
 		Azure *struct {
@ -169,13 +169,25 @@ func main() {
 		}
 	}

+	// Check if the credentials file was provided in the worker configuration,
+	// and load it early to prevent potential failure due to issues with the file.
+	// Note that the content validity of the provided file is not checked and
+	// can not be reasonable checked with GCP other than by making real API calls.
+	var gcpCredentials []byte
+	if config.GCP != nil {
+		gcpCredentials, err = ioutil.ReadFile(config.GCP.Credentials)
+		if err != nil {
+			log.Fatalf("cannot load GCP credentials: %v", err)
+		}
+	}
+
 	jobImpls := map[string]JobImplementation{
 		"osbuild": &OSBuildJobImpl{
-			Store:        store,
-			Output:       output,
-			KojiServers:  kojiServers,
-			GCPCredsPath: config.GCP.Credentials,
-			AzureCreds:   azureCredentials,
+			Store:       store,
+			Output:      output,
+			KojiServers: kojiServers,
+			GCPCreds:    gcpCredentials,
+			AzureCreds:  azureCredentials,
 		},
 		"osbuild-koji": &OSBuildKojiJobImpl{
 			Store:       store,