Exemple #1
0
// DetectCredentials is part of the environs.ProviderCredentials interface.
func (environProviderCredentials) DetectCredentials() (*cloud.CloudCredential, error) {
	// Google recommends credentials in a json file:
	// 1. whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
	// 2. whose location is known to the gcloud command-line tool.
	//   On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
	//   On other systems, $HOME/.config/gcloud/application_default_credentials.json.

	validatePath := func(possibleFilePath string) string {
		if possibleFilePath == "" {
			return ""
		}
		fi, err := os.Stat(possibleFilePath)
		if err != nil || fi.IsDir() {
			return ""
		}
		return possibleFilePath
	}

	possibleFilePath := validatePath(os.Getenv("GOOGLE_APPLICATION_CREDENTIALS"))
	if possibleFilePath == "" {
		possibleFilePath = validatePath(wellKnownCredentialsFile())
	}
	if possibleFilePath == "" {
		return nil, errors.NotFoundf("gce credentials")
	}

	authFile, err := os.Open(possibleFilePath)
	if err != nil {
		return nil, errors.Trace(err)
	}
	defer authFile.Close()

	parsedCred, err := parseJSONAuthFile(authFile)
	if err != nil {
		return nil, errors.Annotatef(err, "invalid json credential file %s", possibleFilePath)
	}

	user, err := utils.LocalUsername()
	if err != nil {
		return nil, errors.Trace(err)
	}
	cred := cloud.NewCredential(cloud.JSONFileAuthType, map[string]string{
		"file": possibleFilePath,
	})
	credName := parsedCred.Attributes()[credAttrClientEmail]
	if credName == "" {
		credName = parsedCred.Attributes()[credAttrClientID]
	}
	cred.Label = fmt.Sprintf("google credential %q", credName)
	return &cloud.CloudCredential{
		DefaultRegion: os.Getenv("CLOUDSDK_COMPUTE_REGION"),
		AuthCredentials: map[string]cloud.Credential{
			user: cred,
		}}, nil
}
Exemple #2
0
func (c OpenstackCredentials) detectCredential() (*cloud.Credential, string, string, error) {
	creds := identity.CredentialsFromEnv()
	if creds.TenantName == "" {
		return nil, "", "", errors.NewNotFound(nil, "OS_TENANT_NAME environment variable not set")
	}
	if creds.User == "" {
		return nil, "", "", errors.NewNotFound(nil, "neither OS_USERNAME nor OS_ACCESS_KEY environment variable not set")
	}
	if creds.Secrets == "" {
		return nil, "", "", errors.NewNotFound(nil, "neither OS_PASSWORD nor OS_SECRET_KEY environment variable not set")
	}

	user, err := utils.LocalUsername()
	if err != nil {
		return nil, "", "", errors.Trace(err)
	}

	// If OS_USERNAME or NOVA_USERNAME is set, assume userpass.
	var credential cloud.Credential
	if os.Getenv("OS_USERNAME") != "" || os.Getenv("NOVA_USERNAME") != "" {
		user = creds.User
		credential = cloud.NewCredential(
			cloud.UserPassAuthType,
			map[string]string{
				credAttrUserName:   creds.User,
				credAttrPassword:   creds.Secrets,
				credAttrTenantName: creds.TenantName,
				credAttrDomainName: creds.DomainName,
			},
		)
	} else {
		credential = cloud.NewCredential(
			cloud.AccessKeyAuthType,
			map[string]string{
				credAttrAccessKey:  creds.User,
				credAttrSecretKey:  creds.Secrets,
				credAttrTenantName: creds.TenantName,
			},
		)
	}
	region := creds.Region
	if region == "" {
		region = "<unspecified>"
	}
	credential.Label = fmt.Sprintf("openstack region %q project %q user %q", region, creds.TenantName, user)
	return &credential, user, creds.Region, nil
}
Exemple #3
0
func (environProviderCredentials) detectEnvCredentials() (*cloud.CloudCredential, error) {
	auth, err := aws.EnvAuth()
	if err != nil {
		return nil, errors.NewNotFound(err, "credentials not found")
	}
	accessKeyCredential := cloud.NewCredential(
		cloud.AccessKeyAuthType,
		map[string]string{
			"access-key": auth.AccessKey,
			"secret-key": auth.SecretKey,
		},
	)
	user, err := utils.LocalUsername()
	if err != nil {
		return nil, errors.Trace(err)
	}
	accessKeyCredential.Label = fmt.Sprintf("aws credential %q", user)
	return &cloud.CloudCredential{
		AuthCredentials: map[string]cloud.Credential{
			user: accessKeyCredential,
		}}, nil
}