github.com/rudderlabs/rudder-go-kit@v0.30.0/googleutil/googleutil.go

github.com/rudderlabs/rudder-go-kit@v0.30.0/googleutil/googleutil.go (about)

     1  package googleutil
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"golang.org/x/oauth2/google"
     7  
     8  	"github.com/rudderlabs/rudder-go-kit/config"
     9  )
    10  
    11  const (
    12  	EMPTY_CREDS   = "{}"
    13  	WI_CONFIG_KEY = "workloadIdentity"
    14  )
    15  
    16  func CompatibleGoogleCredentialsJSON(jsonKey []byte) error {
    17  	// google.ConfigFromJSON checks if jsonKey is a valid console client_credentials.json
    18  	// which we won't support so "err == nil" means it is bad for us.
    19  	if _, err := google.ConfigFromJSON(jsonKey); err == nil {
    20  		return fmt.Errorf("google developers console client_credentials.json file is not supported")
    21  	}
    22  	return nil
    23  }
    24  
    25  func ShouldSkipCredentialsInit(credentials string) bool {
    26  	return isGKEEnabledWorkload() && isCredentialsStringEmpty(credentials)
    27  }
    28  
    29  /*
    30  IsCredentialsStringEmpty checks for empty credentials.
    31  The credentials are deemed to be empty when either the field credentials is
    32  sent as empty string or when the field is set with "{}"
    33  
    34  Note: This is true only for workload identity enabled rudderstack data-plane deployments
    35  */
    36  func isCredentialsStringEmpty(credentials string) bool {
    37  	return (credentials == "" || credentials == EMPTY_CREDS)
    38  }
    39  
    40  /*
    41  IsGKEEnabledWorkload  checks against rudder-server configuration to find if workload identity for google destinations is enabled
    42  */
    43  func isGKEEnabledWorkload() bool {
    44  	workloadType := config.GetString(fmt.Sprintf("%s.type", WI_CONFIG_KEY), "")
    45  	return workloadType == "GKE"
    46  }