github.com/hashicorp/packer@v1.14.3/internal/hcp/env/env.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 // Package env provides HCP Packer environment variables. 5 package env 6 7 import ( 8 "errors" 9 "fmt" 10 "log" 11 "os" 12 "path/filepath" 13 "strings" 14 ) 15 16 func HasHCPAuth() (bool, error) { 17 // Client crendential authentication requires the following environment variables be set; `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET`. 18 hasClientCredentials := HasHCPClientCredentials() 19 // Client certificate authentication requires a valid HCP certificate file placed in either the default location (~/.config/hcp/cred_file.json) or at a location specified in the `HCP_CRED_FILE` env var 20 hasCertificate, err := HasHCPCertificateFile() 21 if err != nil { 22 return false, err 23 } 24 if hasClientCredentials && hasCertificate { 25 fmt.Printf("HCP Client Credentials (HCP_CLIENT_ID/HCP_CLIENT_SECRET environment variables) and certificate (HCP_CRED_FILE environment variable, or certificate located at default path (%s) are both supplied, only one is required. The HCP SDK will determine which authentication mechanism to configure here, it is reccomended to only configure one authentication method", HCPDefaultCredFilePathFull) 26 } 27 return (hasClientCredentials || hasCertificate), nil 28 } 29 30 func HasProjectID() bool { 31 return hasEnvVar(HCPProjectID) 32 } 33 34 func HasOrganizationID() bool { 35 return hasEnvVar(HCPOrganizationID) 36 } 37 38 func HasClientID() bool { 39 return hasEnvVar(HCPClientID) 40 } 41 42 func HasClientSecret() bool { 43 return hasEnvVar(HCPClientSecret) 44 } 45 46 func HasPackerRegistryBucket() bool { 47 return hasEnvVar(HCPPackerBucket) 48 } 49 50 func hasEnvVar(varName string) bool { 51 val, ok := os.LookupEnv(varName) 52 if !ok { 53 return false 54 } 55 return val != "" 56 } 57 58 func HasHCPClientCredentials() bool { 59 checks := []func() bool{ 60 HasClientID, 61 HasClientSecret, 62 } 63 64 for _, check := range checks { 65 if !check() { 66 return false 67 } 68 } 69 70 return true 71 } 72 73 func HasHCPCertificateFile() (bool, error) { 74 envVarCredFile, _ := os.LookupEnv(HCPCredFile) 75 var envVarCertExists bool 76 var err error 77 if envVarCredFile != "" { 78 envVarCertExists, err = fileExists(envVarCredFile) 79 if err != nil { 80 return false, err 81 } 82 } 83 // Get the user's home directory. 84 userHome, err := os.UserHomeDir() 85 if err != nil { 86 return false, fmt.Errorf("failed to retrieve user's home directory path: %v", err) 87 } 88 89 // builds file path ~/.config/hcp/cred_file.json, if we don't parse the home directory os.Stat can't find the default credential path 90 defaultCredFilePath := filepath.Join(userHome, HCPDefaultCredFilePath, HCPDefaultCredFile) 91 log.Printf("Checking for default HCP credential file at path %s", defaultCredFilePath) 92 defaultPathCertExists, err := fileExists(defaultCredFilePath) 93 if err != nil { 94 return false, err 95 } 96 log.Printf("Default file found status - %t", defaultPathCertExists) 97 if envVarCertExists && defaultPathCertExists { 98 fmt.Println("A HCP credential file was found at the default path, and an HCP_CRED_FILE was specified, the HCP SDK will use the HCP_CRED_FILE") 99 } 100 if envVarCertExists || defaultPathCertExists { 101 return true, nil 102 } 103 return false, nil 104 } 105 106 func IsHCPDisabled() bool { 107 hcp, ok := os.LookupEnv(HCPPackerRegistry) 108 return ok && strings.ToLower(hcp) == "off" || hcp == "0" 109 } 110 111 // IsHCPExplicitelyEnabled returns true if the client enabled HCP_PACKER_REGISTRY explicitely, i.e. it is defined and not 0 or off 112 func IsHCPExplicitelyEnabled() bool { 113 _, ok := os.LookupEnv(HCPPackerRegistry) 114 return ok && !IsHCPDisabled() 115 } 116 117 func fileExists(path string) (bool, error) { 118 _, err := os.Stat(path) 119 if err == nil { 120 return true, nil // Path exists, no error 121 } 122 if errors.Is(err, os.ErrNotExist) { 123 return false, nil // Path does not exist 124 } 125 return false, err // Another error occurred 126 }