providers/google: remove secrets file

fixes #452
This commit is contained in:
stungtoat 2014-10-14 00:00:44 -07:00 committed by Paul Hinze
parent 045e23e55f
commit d3814d6180
4 changed files with 24 additions and 71 deletions

View File

@ -17,17 +17,26 @@ const clientScopes string = "https://www.googleapis.com/auth/compute"
// Config is the configuration structure used to instantiate the Google
// provider.
type Config struct {
AccountFile string
ClientSecretsFile string
Project string
Region string
AccountFile string
Project string
Region string
clientCompute *compute.Service
}
func (c *Config) loadAndValidate() error {
var account accountFile
var secrets clientSecretsFile
// TODO: validation that it isn't blank
if c.AccountFile == "" {
c.AccountFile = os.Getenv("GOOGLE_ACCOUNT_FILE")
}
if c.Project == "" {
c.Project = os.Getenv("GOOGLE_PROJECT")
}
if c.Region == "" {
c.Region = os.Getenv("GOOGLE_REGION")
}
if err := loadJSON(&account, c.AccountFile); err != nil {
return fmt.Errorf(
@ -36,24 +45,15 @@ func (c *Config) loadAndValidate() error {
err)
}
if err := loadJSON(&secrets, c.ClientSecretsFile); err != nil {
return fmt.Errorf(
"Error loading client secrets file '%s': %s",
c.ClientSecretsFile,
err)
}
// Get the token for use in our requests
log.Printf("[INFO] Requesting Google token...")
log.Printf("[INFO] -- Email: %s", account.ClientEmail)
log.Printf("[INFO] -- Scopes: %s", clientScopes)
log.Printf("[INFO] -- Private Key Length: %d", len(account.PrivateKey))
log.Printf("[INFO] -- Token URL: %s", secrets.Web.TokenURI)
jwtTok := jwt.NewToken(
account.ClientEmail,
clientScopes,
[]byte(account.PrivateKey))
jwtTok.ClaimSet.Aud = secrets.Web.TokenURI
token, err := jwtTok.Assert(new(http.Client))
if err != nil {
return fmt.Errorf("Error retrieving auth token: %s", err)
@ -64,8 +64,6 @@ func (c *Config) loadAndValidate() error {
Config: &oauth.Config{
ClientId: account.ClientId,
Scope: clientScopes,
TokenURL: secrets.Web.TokenURI,
AuthURL: secrets.Web.AuthURI,
},
Token: token,
}
@ -87,16 +85,6 @@ type accountFile struct {
ClientId string `json:"client_id"`
}
// clientSecretsFile represents the structure of the client secrets JSON file.
type clientSecretsFile struct {
Web struct {
AuthURI string `json:"auth_uri"`
ClientEmail string `json:"client_email"`
ClientId string `json:"client_id"`
TokenURI string `json:"token_uri"`
}
}
func loadJSON(result interface{}, path string) error {
f, err := os.Open(path)
if err != nil {

View File

@ -22,20 +22,3 @@ func TestConfigLoadJSON_account(t *testing.T) {
t.Fatalf("bad: %#v", actual)
}
}
func TestConfigLoadJSON_client(t *testing.T) {
var actual clientSecretsFile
if err := loadJSON(&actual, "./test-fixtures/fake_client.json"); err != nil {
t.Fatalf("err: %s", err)
}
var expected clientSecretsFile
expected.Web.AuthURI = "https://accounts.google.com/o/oauth2/auth"
expected.Web.ClientEmail = "foo@developer.gserviceaccount.com"
expected.Web.ClientId = "foo.apps.googleusercontent.com"
expected.Web.TokenURI = "https://accounts.google.com/o/oauth2/token"
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}

View File

@ -15,12 +15,6 @@ func Provider() terraform.ResourceProvider {
DefaultFunc: schema.EnvDefaultFunc("GOOGLE_ACCOUNT_FILE", nil),
},
"client_secrets_file": &schema.Schema{
Type: schema.TypeString,
Required: true,
DefaultFunc: schema.EnvDefaultFunc("GOOGLE_CLIENT_FILE", nil),
},
"project": &schema.Schema{
Type: schema.TypeString,
Required: true,
@ -49,10 +43,9 @@ func Provider() terraform.ResourceProvider {
func providerConfigure(d *schema.ResourceData) (interface{}, error) {
config := Config{
AccountFile: d.Get("account_file").(string),
ClientSecretsFile: d.Get("client_secrets_file").(string),
Project: d.Get("project").(string),
Region: d.Get("region").(string),
AccountFile: d.Get("account_file").(string),
Project: d.Get("project").(string),
Region: d.Get("region").(string),
}
if err := config.loadAndValidate(); err != nil {

View File

@ -20,7 +20,6 @@ Use the navigation to the left to read about the available resources.
# Configure the Google Cloud provider
provider "google" {
account_file = "account.json"
client_secrets_file = "client_secrets.json"
project = "my-gce-project"
region = "us-central1"
}
@ -39,33 +38,23 @@ The following keys can be used to configure the provider.
your account credentials, downloaded from Google Cloud Console. More
details on retrieving this file are below.
* `client_secrets_file` - (Required) Path to the JSON file containing
the secrets for your account, downloaded from Google Cloud Console.
More details on retrieving this file are below.
* `project` - (Required) The name of the project to apply any resources to.
* `region` - (Required) The region to operate under.
## Authentication JSON Files
## Authentication JSON File
Authenticating with Google Cloud services requires two separate JSON
files: one which we call the _account file_ and the _client secrets file_.
Authenticating with Google Cloud services requires a JSON
file which we call the _account file_.
Both of these files are downloaded directly from the
This file is downloaded directly from the
[Google Developers Console](https://console.developers.google.com). To make
the process more straightforwarded, it is documented here.
the process more straightforwarded, it is documented here:
1. Log into the [Google Developers Console](https://console.developers.google.com)
and select a project.
2. Under the "APIs & Auth" section, click "Credentials."
3. Create a new OAuth client ID and select "Installed application" as the
type of account. Once created, click the "Download JSON" button underneath
the account. The file should start with "client\_secret". This is your _client
secrets file_.
4. Create a new OAuth client ID and select "Service account" as the type
of account. Once created, a JSON file should be downloaded. This is your
_account file_.
3. Create a new OAuth client ID and select "Service account" as the type
of account. Once created, and after a P12 key is downloaded, a JSON file should be downloaded. This is your _account file_.