github.com/secure-build/gitlab-runner@v12.5.0+incompatible/cache/gcs/credentials_resolver.go

github.com/secure-build/gitlab-runner@v12.5.0+incompatible/cache/gcs/credentials_resolver.go (about)

     1  package gcs
     2  
     3  import (
     4  	"encoding/json"
     5  	"fmt"
     6  	"io/ioutil"
     7  
     8  	"github.com/sirupsen/logrus"
     9  
    10  	"gitlab.com/gitlab-org/gitlab-runner/common"
    11  )
    12  
    13  type credentialsResolver interface {
    14  	Credentials() *common.CacheGCSCredentials
    15  	Resolve() error
    16  }
    17  
    18  const TypeServiceAccount = "service_account"
    19  
    20  type credentialsFile struct {
    21  	Type        string `json:"type"`
    22  	ClientEmail string `json:"client_email"`
    23  	PrivateKey  string `json:"private_key"`
    24  }
    25  
    26  type defaultCredentialsResolver struct {
    27  	config      *common.CacheGCSConfig
    28  	credentials *common.CacheGCSCredentials
    29  }
    30  
    31  func (cr *defaultCredentialsResolver) Credentials() *common.CacheGCSCredentials {
    32  	return cr.credentials
    33  }
    34  
    35  func (cr *defaultCredentialsResolver) Resolve() error {
    36  	if cr.config.CredentialsFile != "" {
    37  		return cr.readCredentialsFromFile()
    38  	}
    39  
    40  	return cr.readCredentialsFromConfig()
    41  }
    42  
    43  func (cr *defaultCredentialsResolver) readCredentialsFromFile() error {
    44  	data, err := ioutil.ReadFile(cr.config.CredentialsFile)
    45  	if err != nil {
    46  		return fmt.Errorf("error while reading credentials file: %v", err)
    47  	}
    48  
    49  	var credentialsFileContent credentialsFile
    50  	err = json.Unmarshal(data, &credentialsFileContent)
    51  	if err != nil {
    52  		return fmt.Errorf("error while parsing credentials file: %v", err)
    53  	}
    54  
    55  	if credentialsFileContent.Type != TypeServiceAccount {
    56  		return fmt.Errorf("unsupported credentials file type: %s", credentialsFileContent.Type)
    57  	}
    58  
    59  	logrus.Debugln("Credentials loaded from file. Skipping direct settings from Runner configuration file")
    60  
    61  	cr.credentials.AccessID = credentialsFileContent.ClientEmail
    62  	cr.credentials.PrivateKey = credentialsFileContent.PrivateKey
    63  
    64  	return nil
    65  }
    66  
    67  func (cr *defaultCredentialsResolver) readCredentialsFromConfig() error {
    68  	if cr.config.AccessID == "" || cr.config.PrivateKey == "" {
    69  		return fmt.Errorf("GCS config present, but credentials are not configured")
    70  	}
    71  
    72  	cr.credentials.AccessID = cr.config.AccessID
    73  	cr.credentials.PrivateKey = cr.config.PrivateKey
    74  
    75  	return nil
    76  }
    77  
    78  func newDefaultCredentialsResolver(config *common.CacheGCSConfig) (*defaultCredentialsResolver, error) {
    79  	if config == nil {
    80  		return nil, fmt.Errorf("config can't be nil")
    81  	}
    82  
    83  	credentials := &defaultCredentialsResolver{
    84  		config:      config,
    85  		credentials: &common.CacheGCSCredentials{},
    86  	}
    87  
    88  	return credentials, nil
    89  }
    90  
    91  var credentialsResolverInitializer = newDefaultCredentialsResolver