Skip to content

Commit

Permalink
Use custom GOOGLE_CREDENTIALS or fallback to default
Browse files Browse the repository at this point in the history
  • Loading branch information
joshkaplinsky committed May 3, 2022
1 parent 07aea97 commit 4ffb54c
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 18 deletions.
32 changes: 15 additions & 17 deletions gcpkms/keysource.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"encoding/base64"
"fmt"
"google.golang.org/api/option"
"io/ioutil"
"os"
"regexp"
"strings"
Expand Down Expand Up @@ -132,13 +131,15 @@ func (key MasterKey) createCloudKMSService() (*cloudkms.Service, error) {
}

ctx := context.Background()
var options []option.ClientOption

creds, err := getDefaultApplicationCredentials()
if err != nil {
if credentials, err := getGoogleCredentials(); err != nil {
return nil, err
} else if len(credentials) > 0 {
options = append(options, option.WithCredentialsJSON(credentials))
}

cloudkmsService, err := cloudkms.NewService(ctx, option.WithCredentialsJSON(creds))
cloudkmsService, err := cloudkms.NewService(ctx, options...)
if err != nil {
return nil, err
}
Expand All @@ -154,18 +155,15 @@ func (key MasterKey) ToMap() map[string]interface{} {
return out
}

// getDefaultApplicationCredentials allows for passing GCP Service Account
// Credentials as either a path to a file, or directly as an environment variable
// in JSON format.
func getDefaultApplicationCredentials() (token []byte, err error) {
var defaultCredentials = os.Getenv("GOOGLE_CREDENTIALS")

// getGoogleCredentials looks for a GCP Service Account in the environment
// variable: GOOGLE_CREDENTIALS, set as either a path to a credentials file or directly as the
// variable's value in JSON format.
//
// If not set, will default to use GOOGLE_APPLICATION_CREDENTIALS
func getGoogleCredentials() ([]byte, error) {
defaultCredentials := os.Getenv("GOOGLE_CREDENTIALS")
if _, err := os.Stat(defaultCredentials); err == nil {
if token, err = ioutil.ReadFile(defaultCredentials); err != nil {
return nil, err
}
} else {
token = []byte(defaultCredentials)
return os.ReadFile(defaultCredentials)
}
return
}
return []byte(defaultCredentials), nil
}
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ require (
go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a
golang.org/x/crypto v0.0.0-20220307211146-efcb8507fb70
golang.org/x/net v0.0.0-20220225172249-27dd8689420f
golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a
golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7
google.golang.org/api v0.71.0
google.golang.org/grpc v1.44.0
Expand Down Expand Up @@ -101,6 +100,7 @@ require (
github.com/stretchr/objx v0.3.0 // indirect
go.opencensus.io v0.23.0 // indirect
go.uber.org/atomic v1.9.0 // indirect
golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a // indirect
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect
Expand Down

0 comments on commit 4ffb54c

Please sign in to comment.