2022-09-05 03:06:08 -04:00
|
|
|
/*
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
|
|
|
|
2022-06-07 08:52:06 -04:00
|
|
|
package gcpshared
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net/url"
|
|
|
|
)
|
|
|
|
|
|
|
|
// ServiceAccountKey is a GCP service account key.
|
|
|
|
type ServiceAccountKey struct {
|
|
|
|
Type string `json:"type"`
|
|
|
|
ProjectID string `json:"project_id"`
|
|
|
|
PrivateKeyID string `json:"private_key_id"`
|
|
|
|
PrivateKey string `json:"private_key"`
|
|
|
|
ClientEmail string `json:"client_email"`
|
|
|
|
ClientID string `json:"client_id"`
|
|
|
|
AuthURI string `json:"auth_uri"`
|
|
|
|
TokenURI string `json:"token_uri"`
|
|
|
|
AuthProviderX509CertURL string `json:"auth_provider_x509_cert_url"`
|
|
|
|
ClientX509CertURL string `json:"client_x509_cert_url"`
|
|
|
|
}
|
|
|
|
|
2022-11-09 09:57:54 -05:00
|
|
|
// ServiceAccountKeyFromURI parses ServiceAccountKey from URI.
|
2022-06-07 08:52:06 -04:00
|
|
|
func ServiceAccountKeyFromURI(serviceAccountURI string) (ServiceAccountKey, error) {
|
|
|
|
uri, err := url.Parse(serviceAccountURI)
|
|
|
|
if err != nil {
|
|
|
|
return ServiceAccountKey{}, err
|
|
|
|
}
|
|
|
|
if uri.Scheme != "serviceaccount" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: invalid scheme: %s", uri.Scheme)
|
|
|
|
}
|
|
|
|
if uri.Host != "gcp" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: invalid host: %s", uri.Host)
|
|
|
|
}
|
|
|
|
query := uri.Query()
|
|
|
|
if query.Get("type") == "" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: missing parameter \"type\": %s", uri)
|
|
|
|
}
|
|
|
|
if query.Get("project_id") == "" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: missing parameter \"project_id\": %s", uri)
|
|
|
|
}
|
|
|
|
if query.Get("private_key_id") == "" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: missing parameter \"private_key_id\": %s", uri)
|
|
|
|
}
|
|
|
|
if query.Get("private_key") == "" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: missing parameter \"private_key\": %s", uri)
|
|
|
|
}
|
|
|
|
if query.Get("client_email") == "" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: missing parameter \"client_email\": %s", uri)
|
|
|
|
}
|
|
|
|
if query.Get("client_id") == "" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: missing parameter \"client_id\": %s", uri)
|
|
|
|
}
|
|
|
|
if query.Get("token_uri") == "" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: missing parameter \"token_uri\": %s", uri)
|
|
|
|
}
|
|
|
|
if query.Get("auth_provider_x509_cert_url") == "" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: missing parameter \"auth_provider_x509_cert_url\": %s", uri)
|
|
|
|
}
|
|
|
|
if query.Get("client_x509_cert_url") == "" {
|
|
|
|
return ServiceAccountKey{}, fmt.Errorf("invalid service account URI: missing parameter \"client_x509_cert_url\": %s", uri)
|
|
|
|
}
|
|
|
|
return ServiceAccountKey{
|
|
|
|
Type: query.Get("type"),
|
|
|
|
ProjectID: query.Get("project_id"),
|
|
|
|
PrivateKeyID: query.Get("private_key_id"),
|
|
|
|
PrivateKey: query.Get("private_key"),
|
|
|
|
ClientEmail: query.Get("client_email"),
|
|
|
|
ClientID: query.Get("client_id"),
|
|
|
|
AuthURI: query.Get("auth_uri"),
|
|
|
|
TokenURI: query.Get("token_uri"),
|
|
|
|
AuthProviderX509CertURL: query.Get("auth_provider_x509_cert_url"),
|
|
|
|
ClientX509CertURL: query.Get("client_x509_cert_url"),
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// ToCloudServiceAccountURI converts the ServiceAccountKey into a cloud service account URI.
|
|
|
|
func (k ServiceAccountKey) ToCloudServiceAccountURI() string {
|
|
|
|
query := url.Values{}
|
|
|
|
query.Add("type", k.Type)
|
|
|
|
query.Add("project_id", k.ProjectID)
|
|
|
|
query.Add("private_key_id", k.PrivateKeyID)
|
|
|
|
query.Add("private_key", k.PrivateKey)
|
|
|
|
query.Add("client_email", k.ClientEmail)
|
|
|
|
query.Add("client_id", k.ClientID)
|
|
|
|
query.Add("auth_uri", k.AuthURI)
|
|
|
|
query.Add("token_uri", k.TokenURI)
|
|
|
|
query.Add("auth_provider_x509_cert_url", k.AuthProviderX509CertURL)
|
|
|
|
query.Add("client_x509_cert_url", k.ClientX509CertURL)
|
|
|
|
uri := url.URL{
|
|
|
|
Scheme: "serviceaccount",
|
|
|
|
Host: "gcp",
|
|
|
|
RawQuery: query.Encode(),
|
|
|
|
}
|
|
|
|
return uri.String()
|
|
|
|
}
|