maxmustermann/pulumi
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
pulumi/pkg/backend/filestate/gcpauth.go
CyrusNajmabadi 66bd3f4aa8
Breaking changes due to Feature 2.0 work 
* Make `async:true` the default for `invoke` calls (#3750)

* Switch away from native grpc impl. (#3728)

* Remove usage of the 'deasync' library from @pulumi/pulumi. (#3752)

* Only retry as long as we get unavailable back.  Anything else continues. (#3769)

* Handle all errors for now. (#3781)


* Do not assume --yes was present when using pulumi in non-interactive mode (#3793)

* Upgrade all paths for sdk and pkg to v2

* Backport C# invoke classes and other recent gen changes (#4288)

Adjust C# generation

* Replace IDeployment with a sealed class (#4318)

Replace IDeployment with a sealed class

* .NET: default to args subtype rather than Args.Empty (#4320)

* Adding system namespace for Dotnet code gen

This is required for using Obsolute attributes for deprecations

```
Iam/InstanceProfile.cs(142,10): error CS0246: The type or namespace name 'ObsoleteAttribute' could not be found (are you missing a using directive or an assembly reference?) [/Users/stack72/code/go/src/github.com/pulumi/pulumi-aws/sdk/dotnet/Pulumi.Aws.csproj]
Iam/InstanceProfile.cs(142,10): error CS0246: The type or namespace name 'Obsolete' could not be found (are you missing a using directive or an assembly reference?) [/Users/stack72/code/go/src/github.com/pulumi/pulumi-aws/sdk/dotnet/Pulumi.Aws.csproj]
```

* Fix the nullability of config type properties in C# codegen (#4379)
2020-04-14 09:30:25 +01:00

86 lines
2.6 KiB
Go
Raw Blame History

package filestate
import (
"context"
"encoding/json"
"os"
"github.com/pulumi/pulumi/sdk/v2/go/common/diag"
"github.com/pulumi/pulumi/sdk/v2/go/common/util/cmdutil"
"golang.org/x/oauth2/google"
"gocloud.dev/blob/gcsblob"
"cloud.google.com/go/storage"
"github.com/pkg/errors"
"gocloud.dev/blob"
"gocloud.dev/gcp"
)
type GoogleCredentials struct {
PrivateKeyID string `json:"private_key_id"`
PrivateKey string `json:"private_key"`
ClientEmail string `json:"client_email"`
ClientID string `json:"client_id"`
}
func googleCredentials(ctx context.Context) (*google.Credentials, error) {
// GOOGLE_CREDENTIALS aren't part of the gcloud standard authorization variables
// but the GCP terraform provider uses this variable to allow users to authenticate
// with the contents of a credentials.json file instead of just a file path.
// https://www.terraform.io/docs/backends/types/gcs.html
if creds := os.Getenv("GOOGLE_CREDENTIALS"); creds != "" {
// We try $GOOGLE_CREDENTIALS before gcp.DefaultCredentials
// so that users can override the default creds
credentials, err := google.CredentialsFromJSON(ctx, []byte(creds), storage.ScopeReadWrite)
if err != nil {
return nil, errors.Wrap(err, "unable to parse credentials from $GOOGLE_CREDENTIALS")
}
return credentials, nil
}
// DefaultCredentials will attempt to load creds in the following order:
// 1. a file located at $GOOGLE_APPLICATION_CREDENTIALS
// 2. application_default_credentials.json file in ~/.config/gcloud or $APPDATA\gcloud
credentials, err := gcp.DefaultCredentials(ctx)
if err != nil {
return nil, errors.Wrap(err, "unable to find gcp credentials")
}
return credentials, nil
}
func GoogleCredentialsMux(ctx context.Context) (*blob.URLMux, error) {
credentials, err := googleCredentials(ctx)
if err != nil {
return nil, errors.New("missing google credentials")
}
client, err := gcp.NewHTTPClient(gcp.DefaultTransport(), credentials.TokenSource)
if err != nil {
return nil, err
}
options := gcsblob.Options{}
account := GoogleCredentials{}
err = json.Unmarshal(credentials.JSON, &account)
if err == nil && account.ClientEmail != "" && account.PrivateKey != "" {
options.GoogleAccessID = account.ClientEmail
options.PrivateKey = []byte(account.PrivateKey)
} else {
cmdutil.Diag().Warningf(diag.Message("",
"Pulumi will not be able to print a statefile permalink using these credentials. "+
"Neither a GoogleAccessID or PrivateKey are available. "+
"Try using a GCP Service Account."))
}
blobmux := &blob.URLMux{}
blobmux.RegisterBucket(gcsblob.Scheme, &gcsblob.URLOpener{
Client: client,
Options: options,
})
return blobmux, nil
}
Reference in a new issue View git blame Copy permalink