func buildGoogleComputeService(accountJSON string) (*compute.Service, error) {
if accountJSON == "" {
return nil, fmt.Errorf("missing account-json")
}
a, err := loadGoogleAccountJSON(accountJSON)
if err != nil {
return nil, err
}
config := jwt.Config{
Email: a.ClientEmail,
PrivateKey: []byte(a.PrivateKey),
Scopes: []string{
compute.DevstorageFullControlScope,
compute.ComputeScope,
},
TokenURL: "https://accounts.google.com/o/oauth2/token",
}
client := config.Client(oauth2.NoContext)
if gceCustomHTTPTransport != nil {
client.Transport = gceCustomHTTPTransport
}
return compute.New(client)
}
func buildGoogleComputeService(accountJSON string) (*compute.Service, error) {
a, err := loadGoogleAccountJSON(accountJSON)
if err != nil {
return nil, err
}
config := jwt.Config{
Email: a.ClientEmail,
PrivateKey: []byte(a.PrivateKey),
Scopes: []string{
compute.DevstorageFullControlScope,
compute.ComputeScope,
},
TokenURL: "https://accounts.google.com/o/oauth2/token",
}
client := config.Client(oauth2.NoContext)
cs, err := compute.New(client)
if err != nil {
return nil, err
}
cs.UserAgent = "gcloud-cleanup"
return cs, nil
}
// GetUserGroups returns the names of the groups that the specified user is a
// member of.
func GetUserGroups(emailAddress string) ([]string, error) {
conf := jwt.Config{
Email: *googleServiceEmail,
PrivateKey: []byte(*googleServicePrivateKey),
Scopes: []string{"https://www.googleapis.com/auth/admin.directory.group.readonly"},
TokenURL: google.JWTTokenURL,
Subject: *googleServiceUser,
}
client := conf.Client(oauth2.NoContext)
response, err := client.Get(fmt.Sprintf("https://www.googleapis.com/admin/directory/v1/groups?userKey=%s", emailAddress))
if err != nil {
return nil, fmt.Errorf("fetching groups: %s", err)
}
if response.StatusCode != 200 {
responseBody, err := ioutil.ReadAll(response.Body)
if err != nil {
return nil, fmt.Errorf("fetching groups: returned %s", response.Status)
}
return nil, fmt.Errorf("fetching groups: returned %s: %s",
response.Status, responseBody)
}
groupsResponse := GroupsResponse{}
if err := json.NewDecoder(response.Body).Decode(&groupsResponse); err != nil {
return nil, fmt.Errorf("parsing groups response: %s", err)
}
groupNames := []string{}
for _, group := range groupsResponse.Groups {
groupNames = append(groupNames, group.Name)
}
return groupNames, nil
}
func NewDriverGCE(ui packer.Ui, p string, a *accountFile) (Driver, error) {
var err error
var client *http.Client
// Auth with AccountFile first if provided
if a.PrivateKey != "" {
log.Printf("[INFO] Requesting Google token via AccountFile...")
log.Printf("[INFO] -- Email: %s", a.ClientEmail)
log.Printf("[INFO] -- Scopes: %s", DriverScopes)
log.Printf("[INFO] -- Private Key Length: %d", len(a.PrivateKey))
conf := jwt.Config{
Email: a.ClientEmail,
PrivateKey: []byte(a.PrivateKey),
Scopes: DriverScopes,
TokenURL: "https://accounts.google.com/o/oauth2/token",
}
// Initiate an http.Client. The following GET request will be
// authorized and authenticated on the behalf of
// your service account.
client = conf.Client(oauth2.NoContext)
} else {
log.Printf("[INFO] Requesting Google token via GCE Service Role...")
client = &http.Client{
Transport: &oauth2.Transport{
// Fetch from Google Compute Engine's metadata server to retrieve
// an access token for the provided account.
// If no account is specified, "default" is used.
Source: google.ComputeTokenSource(""),
},
}
}
if err != nil {
return nil, err
}
log.Printf("[INFO] Instantiating GCE client...")
service, err := compute.New(client)
// Set UserAgent
versionString := version.FormattedVersion()
service.UserAgent = fmt.Sprintf(
"(%s %s) Packer/%s", runtime.GOOS, runtime.GOARCH, versionString)
if err != nil {
return nil, err
}
return &driverGCE{
projectId: p,
service: service,
ui: ui,
}, nil
}
// NewBigQueryService returns a new BigQuery service (client), authenticated via OAuth2/JWT.
//
// NOTE: This function authenticates with Google OAuth2 service,
// thus susceptible to network delays and blocks.
func NewBigQueryService(c *jwt.Config) (service *bigquery.Service, err error) {
// Create *http.Client.
client := c.Client(oauth2.NoContext)
// Create authenticated BigQuery service.
service, err = bigquery.New(client)
// No need to check if err != nil since we return anyways.
return
}
func newAPIClient(ctx context.Context, jc *jwt.Config) (*APIClient, error) {
var hc *http.Client
if jc != nil {
hc = jc.Client(ctx)
} else {
var err error
hc, err = google.DefaultClient(ctx, identitytoolkitScope)
if err != nil {
return nil, err
}
}
return &APIClient{
http.Client{
Transport: &transport{hc.Transport},
},
}, nil
}
func (g *gcsdesc) Save(file string) (url string, err error) {
privateKey, err := ioutil.ReadFile(setting.PrivateKeyFilePath + setting.PrivateKeyFile)
if err != nil {
log.Fatal(err)
}
s := []string{setting.Scope}
conf := jwt.Config{
Email: setting.Clientemail,
PrivateKey: privateKey,
Scopes: s,
TokenURL: google.JWTTokenURL,
}
//new storage service and token, we dont need context here
client := conf.Client(oauth2.NoContext)
gcsToken, err := conf.TokenSource(oauth2.NoContext).Token()
service, err := storage.New(client)
if err != nil {
log.Fatalf("GCS unable to create storage service: %v", err)
}
//Split filename as a objectName
var objectName string
for _, objectName = range strings.Split(file, "/") {
}
object := &storage.Object{Name: objectName}
// Insert an object into a bucket.
fileDes, err := os.Open(file)
if err != nil {
log.Fatalf("Error opening %q: %v", file, err)
}
objs, err := service.Objects.Insert(setting.Bucket, object).Media(fileDes).Do()
if err != nil {
log.Fatalf("GCS Objects.Insert failed: %v", err)
}
retUrl := objs.MediaLink + "&access_token=" + gcsToken.AccessToken
if err != nil {
return "", err
} else {
return retUrl, nil
}
}
// NewClient ...
func NewClient(email, pemKeyPath string) (*Client, error) {
pemKeyBytes, err := ioutil.ReadFile(pemKeyPath)
if err != nil {
return nil, err
}
conf := jwt.Config{
Email: email,
PrivateKey: pemKeyBytes,
Scopes: []string{bigquery.BigqueryScope},
TokenURL: google.JWTTokenURL,
}
client := conf.Client(oauth2.NoContext)
service, err := bigquery.New(client)
if err != nil {
return nil, err
}
return &Client{BigQueryService: service}, nil
}
func (w *Writer) Connect(email string, pem []byte) error {
cfg := jwt.Config{
Email: email,
PrivateKey: pem,
Scopes: []string{bq.BigqueryScope},
TokenURL: "https://accounts.google.com/o/oauth2/token",
}
ctx := context.Background()
client := cfg.Client(ctx)
bq, err := bq.New(client)
if err != nil {
w.warnf("connect error %v", err)
return err
}
w.service = &bigqueryService{bq}
w.debugf("connected")
return nil
}
// FromParameters constructs a new Driver with a given parameters map
// Required parameters:
// - bucket
func FromParameters(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
bucket, ok := parameters["bucket"]
if !ok || fmt.Sprint(bucket) == "" {
return nil, fmt.Errorf("No bucket parameter provided")
}
rootDirectory, ok := parameters["rootdirectory"]
if !ok {
rootDirectory = ""
}
var ts oauth2.TokenSource
jwtConf := new(jwt.Config)
if keyfile, ok := parameters["keyfile"]; ok {
jsonKey, err := ioutil.ReadFile(fmt.Sprint(keyfile))
if err != nil {
return nil, err
}
jwtConf, err = google.JWTConfigFromJSON(jsonKey, storage.ScopeFullControl)
if err != nil {
return nil, err
}
ts = jwtConf.TokenSource(context.Background())
} else {
var err error
ts, err = google.DefaultTokenSource(context.Background(), storage.ScopeFullControl)
if err != nil {
return nil, err
}
}
params := driverParameters{
bucket: fmt.Sprint(bucket),
rootDirectory: fmt.Sprint(rootDirectory),
email: jwtConf.Email,
privateKey: jwtConf.PrivateKey,
client: oauth2.NewClient(context.Background(), ts),
}
return New(params)
}
func initBigQueryService(credentialsFileName string) error {
var client *http.Client
credentialsData, err := ioutil.ReadFile(credentialsFileName)
if err != nil {
return err
}
var conf *jwt.Config
conf, err = google.JWTConfigFromJSON(credentialsData, bigQueryScope)
if err != nil {
return err
}
client = conf.Client(oauth2.NoContext)
if bq, err = bigquery.New(client); err != nil {
return err
}
return nil
}
func NewBigQueryService(c *jwt.Config) (service *bigquery.Service, err error) {
client := c.Client(oauth2.NoContext)
service, err = bigquery.New(client)
return
}
func (c *Config) loadAndValidate() error {
var account accountFile
// TODO: validation that it isn't blank
if c.AccountFile == "" {
c.AccountFile = os.Getenv("GOOGLE_ACCOUNT_FILE")
}
if c.Project == "" {
c.Project = os.Getenv("GOOGLE_PROJECT")
}
if c.Region == "" {
c.Region = os.Getenv("GOOGLE_REGION")
}
var client *http.Client
if c.AccountFile != "" {
if err := loadJSON(&account, c.AccountFile); err != nil {
return fmt.Errorf(
"Error loading account file '%s': %s",
c.AccountFile,
err)
}
clientScopes := []string{"https://www.googleapis.com/auth/compute"}
// Get the token for use in our requests
log.Printf("[INFO] Requesting Google token...")
log.Printf("[INFO] -- Email: %s", account.ClientEmail)
log.Printf("[INFO] -- Scopes: %s", clientScopes)
log.Printf("[INFO] -- Private Key Length: %d", len(account.PrivateKey))
conf := jwt.Config{
Email: account.ClientEmail,
PrivateKey: []byte(account.PrivateKey),
Scopes: clientScopes,
TokenURL: "https://accounts.google.com/o/oauth2/token",
}
// Initiate an http.Client. The following GET request will be
// authorized and authenticated on the behalf of
// your service account.
client = conf.Client(oauth2.NoContext)
} else {
log.Printf("[INFO] Requesting Google token via GCE Service Role...")
client = &http.Client{
Transport: &oauth2.Transport{
// Fetch from Google Compute Engine's metadata server to retrieve
// an access token for the provided account.
// If no account is specified, "default" is used.
Source: google.ComputeTokenSource(""),
},
}
}
log.Printf("[INFO] Instantiating GCE client...")
var err error
c.clientCompute, err = compute.New(client)
if err != nil {
return err
}
return nil
}
func (c *Config) loadAndValidate() error {
var account accountFile
// TODO: validation that it isn't blank
if c.AccountFile == "" {
c.AccountFile = os.Getenv("GOOGLE_ACCOUNT_FILE")
}
if c.Project == "" {
c.Project = os.Getenv("GOOGLE_PROJECT")
}
if c.Region == "" {
c.Region = os.Getenv("GOOGLE_REGION")
}
var client *http.Client
if c.AccountFile != "" {
if err := loadJSON(&account, c.AccountFile); err != nil {
return fmt.Errorf(
"Error loading account file '%s': %s",
c.AccountFile,
err)
}
clientScopes := []string{
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
"https://www.googleapis.com/auth/devstorage.full_control",
}
// Get the token for use in our requests
log.Printf("[INFO] Requesting Google token...")
log.Printf("[INFO] -- Email: %s", account.ClientEmail)
log.Printf("[INFO] -- Scopes: %s", clientScopes)
log.Printf("[INFO] -- Private Key Length: %d", len(account.PrivateKey))
conf := jwt.Config{
Email: account.ClientEmail,
PrivateKey: []byte(account.PrivateKey),
Scopes: clientScopes,
TokenURL: "https://accounts.google.com/o/oauth2/token",
}
// Initiate an http.Client. The following GET request will be
// authorized and authenticated on the behalf of
// your service account.
client = conf.Client(oauth2.NoContext)
} else {
log.Printf("[INFO] Requesting Google token via GCE Service Role...")
client = &http.Client{
Transport: &oauth2.Transport{
// Fetch from Google Compute Engine's metadata server to retrieve
// an access token for the provided account.
// If no account is specified, "default" is used.
Source: google.ComputeTokenSource(""),
},
}
}
// Build UserAgent
versionString := "0.0.0"
// TODO(dcunnin): Use Terraform's version code from version.go
// versionString := main.Version
// if main.VersionPrerelease != "" {
// versionString = fmt.Sprintf("%s-%s", versionString, main.VersionPrerelease)
// }
userAgent := fmt.Sprintf(
"(%s %s) Terraform/%s", runtime.GOOS, runtime.GOARCH, versionString)
var err error
log.Printf("[INFO] Instantiating GCE client...")
c.clientCompute, err = compute.New(client)
if err != nil {
return err
}
c.clientCompute.UserAgent = userAgent
log.Printf("[INFO] Instantiating Beta GCE client...")
c.clientComputeBeta, err = computeBeta.New(client)
if err != nil {
return err
}
c.clientComputeBeta.UserAgent = userAgent
log.Printf("[INFO] Instantiating Google Cloud DNS client...")
c.clientDns, err = dns.New(client)
if err != nil {
return err
}
c.clientDns.UserAgent = userAgent
log.Printf("[INFO] Instantiating Google Storage Client...")
c.clientStorage, err = storage.New(client)
if err != nil {
return err
}
c.clientStorage.UserAgent = userAgent
return nil
}
func (c *Config) loadAndValidate() error {
var account accountFile
clientScopes := []string{
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
"https://www.googleapis.com/auth/devstorage.full_control",
}
var client *http.Client
if c.Credentials != "" {
contents, _, err := pathorcontents.Read(c.Credentials)
if err != nil {
return fmt.Errorf("Error loading credentials: %s", err)
}
// Assume account_file is a JSON string
if err := parseJSON(&account, contents); err != nil {
return fmt.Errorf("Error parsing credentials '%s': %s", contents, err)
}
// Get the token for use in our requests
log.Printf("[INFO] Requesting Google token...")
log.Printf("[INFO] -- Email: %s", account.ClientEmail)
log.Printf("[INFO] -- Scopes: %s", clientScopes)
log.Printf("[INFO] -- Private Key Length: %d", len(account.PrivateKey))
conf := jwt.Config{
Email: account.ClientEmail,
PrivateKey: []byte(account.PrivateKey),
Scopes: clientScopes,
TokenURL: "https://accounts.google.com/o/oauth2/token",
}
// Initiate an http.Client. The following GET request will be
// authorized and authenticated on the behalf of
// your service account.
client = conf.Client(oauth2.NoContext)
} else {
log.Printf("[INFO] Authenticating using DefaultClient")
err := error(nil)
client, err = google.DefaultClient(oauth2.NoContext, clientScopes...)
if err != nil {
return err
}
}
versionString := terraform.Version
prerelease := terraform.VersionPrerelease
if len(prerelease) > 0 {
versionString = fmt.Sprintf("%s-%s", versionString, prerelease)
}
userAgent := fmt.Sprintf(
"(%s %s) Terraform/%s", runtime.GOOS, runtime.GOARCH, versionString)
var err error
log.Printf("[INFO] Instantiating Google Storage Client...")
c.clientStorage, err = storage.New(client)
if err != nil {
return err
}
c.clientStorage.UserAgent = userAgent
log.Printf("[INFO] Instantiating Google Appengine Client...")
c.clientAppengine, err = appengine.New(client)
if err != nil {
return err
}
c.clientAppengine.UserAgent = userAgent
return nil
}
func main() {
configs := createConfigsModelFromEnvs()
fmt.Println()
configs.print()
if err := configs.validate(); err != nil {
fmt.Println()
log.Error("Issue with input: %s", err)
os.Exit(1)
}
//
// Create client
fmt.Println()
log.Info("Authenticateing")
jwtConfig := new(jwt.Config)
if configs.JSONKeyPath != "" {
jsonKeyPth := ""
if strings.HasPrefix(configs.JSONKeyPath, "file://") {
jsonKeyPth = strings.TrimPrefix(configs.JSONKeyPath, "file://")
} else {
tmpDir, err := pathutil.NormalizedOSTempDirPath("__google-play-deploy__")
if err != nil {
log.Error("Failed to create tmp dir, error: %s", err)
os.Exit(1)
}
jsonKeyPth = filepath.Join(tmpDir, "key.json")
if err := downloadFile(configs.JSONKeyPath, jsonKeyPth); err != nil {
log.Error("Failed to download json key file, error: %s", err)
os.Exit(1)
}
}
authConfig, err := jwtConfigFromJSONKeyFile(jsonKeyPth)
if err != nil {
log.Error("Failed to create auth config from json key file, error: %s", err)
os.Exit(1)
}
jwtConfig = authConfig
} else {
p12KeyPath := ""
if strings.HasPrefix(configs.P12KeyPath, "file://") {
p12KeyPath = strings.TrimPrefix(configs.P12KeyPath, "file://")
} else {
tmpDir, err := pathutil.NormalizedOSTempDirPath("__google-play-deploy__")
if err != nil {
log.Error("Failed to create tmp dir, error: %s", err)
os.Exit(1)
}
p12KeyPath = filepath.Join(tmpDir, "key.p12")
if err := downloadFile(configs.P12KeyPath, p12KeyPath); err != nil {
log.Error("Failed to download p12 key file, error: %s", err)
os.Exit(1)
}
}
authConfig, err := jwtConfigFromP12KeyFile(p12KeyPath, configs.ServiceAccountEmail)
if err != nil {
log.Error("Failed to create auth config from p12 key file, error: %s", err)
os.Exit(1)
}
jwtConfig = authConfig
}
client := jwtConfig.Client(oauth2.NoContext)
service, err := androidpublisher.New(client)
if err != nil {
log.Error("Failed to create publisher service, error: %s", err)
os.Exit(1)
}
log.Done("Authenticated client created")
// ---
//
// Create insert edit
fmt.Println()
log.Info("Create new edit")
editsService := androidpublisher.NewEditsService(service)
editsInsertCall := editsService.Insert(configs.PackageName, nil)
appEdit, err := editsInsertCall.Do()
if err != nil {
log.Error("Failed to perform edit insert call, error: %s", err)
os.Exit(1)
}
log.Detail(" editID: %s", appEdit.Id)
// ---
//
// Upload APKs
fmt.Println()
log.Info("Upload apks")
versionCodes := []int64{}
apkPaths := strings.Split(configs.ApkPath, "|")
for _, apkPath := range apkPaths {
apkFile, err := os.Open(apkPath)
if err != nil {
log.Error("Failed to read apk (%s), error: %s", apkPath, err)
os.Exit(1)
}
editsApksService := androidpublisher.NewEditsApksService(service)
editsApksUloadCall := editsApksService.Upload(configs.PackageName, appEdit.Id)
editsApksUloadCall.Media(apkFile, googleapi.ContentType("application/vnd.android.package-archive"))
apk, err := editsApksUloadCall.Do()
if err != nil {
log.Error("Failed to upload apk, error: %s", err)
os.Exit(1)
}
log.Detail(" uploaded apk version: %d", apk.VersionCode)
versionCodes = append(versionCodes, apk.VersionCode)
}
// ---
//
// Update track
fmt.Println()
log.Info("Update track")
editsTracksService := androidpublisher.NewEditsTracksService(service)
newTrack := androidpublisher.Track{
Track: configs.Track,
VersionCodes: versionCodes,
}
if configs.Track == "rollout" {
userFraction, err := strconv.ParseFloat(configs.UserFraction, 64)
if err != nil {
log.Error("Failed to parse user fraction, error: %s", err)
os.Exit(1)
}
newTrack.UserFraction = userFraction
}
editsTracksUpdateCall := editsTracksService.Update(configs.PackageName, appEdit.Id, configs.Track, &newTrack)
track, err := editsTracksUpdateCall.Do()
if err != nil {
log.Error("Failed to update track, error: %s", err)
os.Exit(1)
}
log.Detail(" updated track: %s", track.Track)
log.Detail(" assigned apk versions: %v", track.VersionCodes)
// ---
//
// Update listing
if configs.WhatsnewsDir != "" {
fmt.Println()
log.Info("Update listing")
recentChangesMap, err := readLocalisedRecentChanges(configs.WhatsnewsDir)
if err != nil {
log.Error("Failed to read whatsnews, error: %s", err)
os.Exit(1)
}
editsApklistingsService := androidpublisher.NewEditsApklistingsService(service)
for _, versionCode := range versionCodes {
log.Detail(" updating recent changes for version: %d", versionCode)
for language, recentChanges := range recentChangesMap {
newApkListing := androidpublisher.ApkListing{
Language: language,
RecentChanges: recentChanges,
}
editsApkListingsCall := editsApklistingsService.Update(configs.PackageName, appEdit.Id, versionCode, language, &newApkListing)
apkListing, err := editsApkListingsCall.Do()
if err != nil {
log.Error("Failed to update listing, error: %s", err)
os.Exit(1)
}
log.Detail(" - language: %s", apkListing.Language)
}
}
}
// ---
//
// Validate edit
fmt.Println()
log.Info("Validating edit")
editsValidateCall := editsService.Validate(configs.PackageName, appEdit.Id)
if _, err := editsValidateCall.Do(); err != nil {
log.Error("Failed to validate edit, error: %s", err)
os.Exit(1)
}
log.Done("Edit is valid")
// ---
//
// Commit edit
fmt.Println()
log.Info("Committing edit")
editsCommitCall := editsService.Commit(configs.PackageName, appEdit.Id)
if _, err := editsCommitCall.Do(); err != nil {
log.Error("Failed to commit edit, error: %s", err)
os.Exit(1)
}
log.Done("Edit committed")
// ---
}
// FromParameters constructs a new Driver with a given parameters map
// Required parameters:
// - bucket
func FromParameters(parameters map[string]interface{}) (storagedriver.StorageDriver, error) {
bucket, ok := parameters["bucket"]
if !ok || fmt.Sprint(bucket) == "" {
return nil, fmt.Errorf("No bucket parameter provided")
}
rootDirectory, ok := parameters["rootdirectory"]
if !ok {
rootDirectory = ""
}
chunkSize := defaultChunkSize
chunkSizeParam, ok := parameters["chunksize"]
if ok {
switch v := chunkSizeParam.(type) {
case string:
vv, err := strconv.Atoi(v)
if err != nil {
return nil, fmt.Errorf("chunksize parameter must be an integer, %v invalid", chunkSizeParam)
}
chunkSize = vv
case int, uint, int32, uint32, uint64, int64:
chunkSize = int(reflect.ValueOf(v).Convert(reflect.TypeOf(chunkSize)).Int())
default:
return nil, fmt.Errorf("invalid valud for chunksize: %#v", chunkSizeParam)
}
if chunkSize < minChunkSize {
return nil, fmt.Errorf("The chunksize %#v parameter should be a number that is larger than or equal to %d", chunkSize, minChunkSize)
}
if chunkSize%minChunkSize != 0 {
return nil, fmt.Errorf("chunksize should be a multiple of %d", minChunkSize)
}
}
var ts oauth2.TokenSource
jwtConf := new(jwt.Config)
if keyfile, ok := parameters["keyfile"]; ok {
jsonKey, err := ioutil.ReadFile(fmt.Sprint(keyfile))
if err != nil {
return nil, err
}
jwtConf, err = google.JWTConfigFromJSON(jsonKey, storage.ScopeFullControl)
if err != nil {
return nil, err
}
ts = jwtConf.TokenSource(context.Background())
} else {
var err error
ts, err = google.DefaultTokenSource(context.Background(), storage.ScopeFullControl)
if err != nil {
return nil, err
}
}
params := driverParameters{
bucket: fmt.Sprint(bucket),
rootDirectory: fmt.Sprint(rootDirectory),
email: jwtConf.Email,
privateKey: jwtConf.PrivateKey,
client: oauth2.NewClient(context.Background(), ts),
chunkSize: chunkSize,
}
return New(params)
}
func NewDriverGCE(ui packer.Ui, p string, a *AccountFile) (Driver, error) {
var err error
var client *http.Client
// Auth with AccountFile first if provided
if a.PrivateKey != "" {
log.Printf("[INFO] Requesting Google token via AccountFile...")
log.Printf("[INFO] -- Email: %s", a.ClientEmail)
log.Printf("[INFO] -- Scopes: %s", DriverScopes)
log.Printf("[INFO] -- Private Key Length: %d", len(a.PrivateKey))
conf := jwt.Config{
Email: a.ClientEmail,
PrivateKey: []byte(a.PrivateKey),
Scopes: DriverScopes,
TokenURL: "https://accounts.google.com/o/oauth2/token",
}
// Initiate an http.Client. The following GET request will be
// authorized and authenticated on the behalf of
// your service account.
client = conf.Client(oauth2.NoContext)
} else {
log.Printf("[INFO] Requesting Google token via GCE API Default Client Token Source...")
client, err = google.DefaultClient(oauth2.NoContext, DriverScopes...)
// The DefaultClient uses the DefaultTokenSource of the google lib.
// The DefaultTokenSource uses the "Application Default Credentials"
// It looks for credentials in the following places, preferring the first location found:
// 1. A JSON file whose path is specified by the
// GOOGLE_APPLICATION_CREDENTIALS environment variable.
// 2. A JSON file in a location known to the gcloud command-line tool.
// On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
// On other systems, $HOME/.config/gcloud/application_default_credentials.json.
// 3. On Google App Engine it uses the appengine.AccessToken function.
// 4. On Google Compute Engine and Google App Engine Managed VMs, it fetches
// credentials from the metadata server.
// (In this final case any provided scopes are ignored.)
}
if err != nil {
return nil, err
}
log.Printf("[INFO] Instantiating GCE client...")
service, err := compute.New(client)
// Set UserAgent
versionString := version.FormattedVersion()
service.UserAgent = fmt.Sprintf(
"(%s %s) Packer/%s", runtime.GOOS, runtime.GOARCH, versionString)
if err != nil {
return nil, err
}
return &driverGCE{
projectId: p,
service: service,
ui: ui,
}, nil
}
func (c *Config) loadAndValidate() error {
var account accountFile
clientScopes := []string{
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
"https://www.googleapis.com/auth/devstorage.full_control",
}
if c.AccountFile == "" {
c.AccountFile = os.Getenv("GOOGLE_ACCOUNT_FILE")
}
if c.Project == "" {
c.Project = os.Getenv("GOOGLE_PROJECT")
}
if c.Region == "" {
c.Region = os.Getenv("GOOGLE_REGION")
}
var client *http.Client
if c.AccountFile != "" {
contents := c.AccountFile
// Assume account_file is a JSON string
if err := parseJSON(&account, contents); err != nil {
// If account_file was not JSON, assume it is a file path instead
if _, err := os.Stat(c.AccountFile); os.IsNotExist(err) {
return fmt.Errorf(
"account_file path does not exist: %s",
c.AccountFile)
}
b, err := ioutil.ReadFile(c.AccountFile)
if err != nil {
return fmt.Errorf(
"Error reading account_file from path '%s': %s",
c.AccountFile,
err)
}
contents = string(b)
if err := parseJSON(&account, contents); err != nil {
return fmt.Errorf(
"Error parsing account file '%s': %s",
contents,
err)
}
}
// Get the token for use in our requests
log.Printf("[INFO] Requesting Google token...")
log.Printf("[INFO] -- Email: %s", account.ClientEmail)
log.Printf("[INFO] -- Scopes: %s", clientScopes)
log.Printf("[INFO] -- Private Key Length: %d", len(account.PrivateKey))
conf := jwt.Config{
Email: account.ClientEmail,
PrivateKey: []byte(account.PrivateKey),
Scopes: clientScopes,
TokenURL: "https://accounts.google.com/o/oauth2/token",
}
// Initiate an http.Client. The following GET request will be
// authorized and authenticated on the behalf of
// your service account.
client = conf.Client(oauth2.NoContext)
} else {
log.Printf("[INFO] Authenticating using DefaultClient")
err := error(nil)
client, err = google.DefaultClient(oauth2.NoContext, clientScopes...)
if err != nil {
return err
}
}
// Build UserAgent
versionString := "0.0.0"
// TODO(dcunnin): Use Terraform's version code from version.go
// versionString := main.Version
// if main.VersionPrerelease != "" {
// versionString = fmt.Sprintf("%s-%s", versionString, main.VersionPrerelease)
// }
userAgent := fmt.Sprintf(
"(%s %s) Terraform/%s", runtime.GOOS, runtime.GOARCH, versionString)
var err error
log.Printf("[INFO] Instantiating GCE client...")
c.clientCompute, err = compute.New(client)
if err != nil {
return err
}
c.clientCompute.UserAgent = userAgent
log.Printf("[INFO] Instantiating GKE client...")
c.clientContainer, err = container.New(client)
if err != nil {
return err
}
c.clientContainer.UserAgent = userAgent
log.Printf("[INFO] Instantiating Google Cloud DNS client...")
c.clientDns, err = dns.New(client)
if err != nil {
return err
}
c.clientDns.UserAgent = userAgent
log.Printf("[INFO] Instantiating Google Storage Client...")
c.clientStorage, err = storage.New(client)
if err != nil {
return err
}
c.clientStorage.UserAgent = userAgent
return nil
}