mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
AB#2215 Perform sanity check on GCP projectID (#349)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
parent
1b9600c307
commit
60d5578475
@ -3,6 +3,7 @@ package client
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"math/big"
|
||||
@ -14,6 +15,7 @@ import (
|
||||
"github.com/edgelesssys/constellation/internal/cloud/cloudprovider"
|
||||
"github.com/edgelesssys/constellation/internal/cloud/cloudtypes"
|
||||
"github.com/edgelesssys/constellation/internal/state"
|
||||
"golang.org/x/oauth2/google"
|
||||
)
|
||||
|
||||
// Client is a client for the Google Compute Engine.
|
||||
@ -170,6 +172,28 @@ func NewFromDefault(ctx context.Context) (*Client, error) {
|
||||
|
||||
// NewInitialized creates an initialized client.
|
||||
func NewInitialized(ctx context.Context, project, zone, region, name string) (*Client, error) {
|
||||
// check if ADC are configured for the same project as the cluster
|
||||
var defaultProject string
|
||||
creds, err := google.FindDefaultCredentials(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// if the CLI is run by a service account, use the project of the service account
|
||||
defaultProject = creds.ProjectID
|
||||
// if the CLI is run by a user directly projectID will be empty, use the quota project id of the user instead
|
||||
if defaultProject == "" {
|
||||
var projectID struct {
|
||||
ProjectID string `json:"quota_project_id"`
|
||||
}
|
||||
if err := json.Unmarshal(creds.JSON, &projectID); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defaultProject = projectID.ProjectID
|
||||
}
|
||||
if defaultProject != project {
|
||||
return nil, fmt.Errorf("application default credentials are configured for project %q, but the cluster is configured for project %q", defaultProject, project)
|
||||
}
|
||||
|
||||
client, err := NewFromDefault(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
Loading…
Reference in New Issue
Block a user