07a5745875
The internal GCP package used `pkg.go.dev/google.golang.org/api` [1] to interact with Compute Engine API. Modify the package to use the new and idiomatic `pkg.go.dev/cloud.google.com/go` [2] library for interacting with the Compute Engine API. The new library have been already used to interact with the Cloudbuild and Storage APIs. The new library was not used for Compute Engine since the beginning, because at that time, it didn't support Compute Engine. Update go.mod and vendored packages. [1] https://github.com/googleapis/google-api-go-client [2] https://github.com/googleapis/google-cloud-go Signed-off-by: Tomas Hozza <thozza@redhat.com>
85 lines
2.4 KiB
Go
85 lines
2.4 KiB
Go
package gcp
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
|
|
cloudbuild "cloud.google.com/go/cloudbuild/apiv1"
|
|
compute "cloud.google.com/go/compute/apiv1"
|
|
"cloud.google.com/go/storage"
|
|
"golang.org/x/oauth2/google"
|
|
)
|
|
|
|
// GCPCredentialsEnvName contains name of the environment variable used
|
|
// to specify the path to file with CGP service account credentials
|
|
const (
|
|
GCPCredentialsEnvName string = "GOOGLE_APPLICATION_CREDENTIALS"
|
|
)
|
|
|
|
// GCP structure holds necessary information to authenticate and interact with GCP.
|
|
type GCP struct {
|
|
creds *google.Credentials
|
|
}
|
|
|
|
// New returns an authenticated GCP instance, allowing to interact with GCP API.
|
|
func New(credentials []byte) (*GCP, error) {
|
|
scopes := []string{storage.ScopeReadWrite} // file upload
|
|
scopes = append(scopes, compute.DefaultAuthScopes()...) // permissions to image
|
|
scopes = append(scopes, cloudbuild.DefaultAuthScopes()...) // image import
|
|
|
|
var getCredsFunc func() (*google.Credentials, error)
|
|
if credentials != nil {
|
|
getCredsFunc = func() (*google.Credentials, error) {
|
|
return google.CredentialsFromJSON(
|
|
context.Background(),
|
|
credentials,
|
|
scopes...,
|
|
)
|
|
}
|
|
} else {
|
|
getCredsFunc = func() (*google.Credentials, error) {
|
|
return google.FindDefaultCredentials(
|
|
context.Background(),
|
|
scopes...,
|
|
)
|
|
}
|
|
}
|
|
|
|
creds, err := getCredsFunc()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to get Google credentials: %v", err)
|
|
}
|
|
|
|
return &GCP{creds}, nil
|
|
}
|
|
|
|
// GetCredentialsFromEnv reads the service account credentials JSON file from
|
|
// the path pointed to by the environment variable name stored in
|
|
// 'GCPCredentialsEnvName'. If the content of the JSON file was read successfully,
|
|
// its content is returned as []byte, otherwise nil is returned with proper error.
|
|
func GetCredentialsFromEnv() ([]byte, error) {
|
|
credsPath, exists := os.LookupEnv(GCPCredentialsEnvName)
|
|
|
|
if !exists {
|
|
return nil, fmt.Errorf("'%s' env variable is not set", GCPCredentialsEnvName)
|
|
}
|
|
if credsPath == "" {
|
|
return nil, fmt.Errorf("'%s' env variable is empty", GCPCredentialsEnvName)
|
|
}
|
|
|
|
var err error
|
|
credentials, err := ioutil.ReadFile(credsPath)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Error while reading credentials file: %s", err)
|
|
}
|
|
|
|
return credentials, nil
|
|
}
|
|
|
|
// GetProjectID returns a string with the Project ID of the project, used for
|
|
// all GCP operations.
|
|
func (g *GCP) GetProjectID() string {
|
|
return g.creds.ProjectID
|
|
}
|