github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/boom/application/applications/reconciling/config/auth/google.go

github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/boom/application/applications/reconciling/config/auth/google.go (about)

     1  package auth
     2  
     3  import (
     4  	"fmt"
     5  	"io/ioutil"
     6  	"os"
     7  	"path/filepath"
     8  
     9  	"github.com/caos/orbos/internal/operator/boom/api/latest/reconciling/auth/google"
    10  	"github.com/caos/orbos/pkg/secret/read"
    11  )
    12  
    13  type googleConnector struct {
    14  	Issuer                 string   `yaml:"issuer,omitempty"`
    15  	ClientID               string   `yaml:"clientID,omitempty"`
    16  	ClientSecret           string   `yaml:"clientSecret,omitempty"`
    17  	RedirectURI            string   `yaml:"redirectURI,omitempty"`
    18  	HostedDomains          []string `yaml:"hostedDomains,omitempty"`
    19  	Groups                 []string `yaml:"groups,omitempty"`
    20  	ServiceAccountFilePath string   `yaml:"serviceAccountFilePath,omitempty"`
    21  	AdminEmail             string   `yaml:"adminEmail,omitempty"`
    22  }
    23  
    24  func getGoogle(spec *google.Connector, redirect string) (interface{}, error) {
    25  	clientID, err := read.GetSecretValueOnlyIncluster(spec.Config.ClientID, spec.Config.ExistingClientIDSecret)
    26  	if err != nil {
    27  		return nil, err
    28  	}
    29  
    30  	clientSecret, err := read.GetSecretValueOnlyIncluster(spec.Config.ClientSecret, spec.Config.ExistingClientSecretSecret)
    31  	if err != nil {
    32  		return nil, err
    33  	}
    34  
    35  	serviceAccountJSON, err := read.GetSecretValueOnlyIncluster(spec.Config.ServiceAccountJSON, spec.Config.ExistingServiceAccountJSONSecret)
    36  	if err != nil {
    37  		return nil, err
    38  	}
    39  
    40  	if clientID == "" || clientSecret == "" {
    41  		return nil, nil
    42  	}
    43  
    44  	// get base path
    45  	base, err := filepath.Abs(spec.Config.ServiceAccountFilePath)
    46  	if err != nil {
    47  		return nil, err
    48  	}
    49  
    50  	// remove file if alread exists
    51  	_, err = os.Stat(spec.Config.ServiceAccountFilePath)
    52  	if !os.IsNotExist(err) {
    53  		if err := os.Remove(spec.Config.ServiceAccountFilePath); err != nil {
    54  			return nil, err
    55  		}
    56  	}
    57  
    58  	// create all directories to the file
    59  	if err := os.MkdirAll(base, os.ModePerm); err != nil {
    60  		return nil, err
    61  	}
    62  
    63  	if serviceAccountJSON != "" {
    64  		// write json to file
    65  		err = ioutil.WriteFile(spec.Config.ServiceAccountFilePath, []byte(serviceAccountJSON), 0644)
    66  		if err != nil {
    67  			return nil, fmt.Errorf("error while writing json to file %s: %w", spec.Config.ServiceAccountFilePath, err)
    68  		}
    69  	}
    70  
    71  	google := &googleConnector{
    72  		ClientID:               clientID,
    73  		ClientSecret:           clientSecret,
    74  		RedirectURI:            redirect,
    75  		Groups:                 spec.Config.Groups,
    76  		HostedDomains:          spec.Config.HostedDomains,
    77  		ServiceAccountFilePath: spec.Config.ServiceAccountFilePath,
    78  		AdminEmail:             spec.Config.AdminEmail,
    79  		Issuer:                 "https://accounts.google.com",
    80  	}
    81  
    82  	return google, nil
    83  }