// newClient creates http.Client with a jwt service account when // jsonFile flag is specified, otherwise by obtaining the GCE service // account's access token. func newClient(jsonFile string) (*http.Client, error) { if jsonFile != "" { jsonKey, err := ioutil.ReadFile(jsonFile) if err != nil { return nil, err } conf, err := google.JWTConfigFromJSON(jsonKey, pubsub.ScopePubSub) if err != nil { return nil, err } return conf.Client(oauth2.NoContext), nil } if metadata.OnGCE() { c := &http.Client{ Transport: &oauth2.Transport{ Source: google.ComputeTokenSource(""), }, } if *projID == "" { projectID, err := metadata.ProjectID() if err != nil { return nil, fmt.Errorf("ProjectID failed, %v", err) } *projID = projectID } return c, nil } return nil, errors.New("Could not create an authenticated client.") }
func (h *DeployHandler) refreshZones() error { h.zonesMu.Lock() defer h.zonesMu.Unlock() defer func() { h.regions = make([]string, 0, len(h.zones)) for r, _ := range h.zones { h.regions = append(h.regions, r) } }() // TODO(mpl): get projectID and access tokens from metadata once camweb is on GCE. accountFile := os.Getenv("CAMLI_GCE_SERVICE_ACCOUNT") if accountFile == "" { h.Printf("No service account to query for the zones, using hard-coded ones instead.") h.zones = backupZones return nil } project := os.Getenv("CAMLI_GCE_PROJECT") if project == "" { h.Printf("No project we can query on to get the zones, using hard-coded ones instead.") h.zones = backupZones return nil } data, err := ioutil.ReadFile(accountFile) if err != nil { return err } conf, err := google.JWTConfigFromJSON(data, "https://www.googleapis.com/auth/compute.readonly") if err != nil { return err } s, err := compute.New(conf.Client(oauth2.NoContext)) if err != nil { return err } rl, err := compute.NewRegionsService(s).List(project).Do() if err != nil { return fmt.Errorf("could not get a list of regions: %v", err) } h.zones = make(map[string][]string) for _, r := range rl.Items { zones := make([]string, 0, len(r.Zones)) for _, z := range r.Zones { zone := path.Base(z) if zone == "europe-west1-a" { // Because even though the docs mark it as deprecated, it still shows up here, go figure. continue } zone = strings.Replace(zone, r.Name, "", 1) zones = append(zones, zone) } h.zones[r.Name] = zones } return nil }
func Context(scopes ...string) context.Context { key, projID := os.Getenv(envPrivateKey), os.Getenv(envProjID) if key == "" || projID == "" { log.Fatal("GCLOUD_TESTS_GOLANG_KEY and GCLOUD_TESTS_GOLANG_PROJECT_ID must be set. See CONTRIBUTING.md for details.") } jsonKey, err := ioutil.ReadFile(key) if err != nil { log.Fatalf("Cannot read the JSON key file, err: %v", err) } conf, err := google.JWTConfigFromJSON(jsonKey, scopes...) if err != nil { log.Fatal(err) } return cloud.NewContext(projID, conf.Client(oauth2.NoContext)) }
// ProjectTokenSource returns an OAuth2 TokenSource for the given Google Project ID. func ProjectTokenSource(proj string, scopes ...string) (oauth2.TokenSource, error) { // TODO(bradfitz): try different strategies too, like // three-legged flow if the service account doesn't exist, and // then cache the token file on disk somewhere. Or maybe that should be an // option, for environments without stdin/stdout available to the user. // We'll figure it out as needed. fileName := filepath.Join(homedir(), "keys", proj+".key.json") jsonConf, err := ioutil.ReadFile(fileName) if err != nil { if os.IsNotExist(err) { return nil, fmt.Errorf("Missing JSON key configuration. Download the Service Account JSON key from https://console.developers.google.com/project/%s/apiui/credential and place it at %s", proj, fileName) } return nil, err } conf, err := google.JWTConfigFromJSON(jsonConf, scopes...) if err != nil { return nil, fmt.Errorf("reading JSON config from %s: %v", fileName, err) } return conf.TokenSource(oauth2.NoContext), nil }
func Example_auth() context.Context { // Initialize an authorized context with Google Developers Console // JSON key. Read the google package examples to learn more about // different authorization flows you can use. // http://godoc.org/golang.org/x/oauth2/google jsonKey, err := ioutil.ReadFile("/path/to/json/keyfile.json") if err != nil { log.Fatal(err) } conf, err := google.JWTConfigFromJSON( jsonKey, pubsub.ScopeCloudPlatform, pubsub.ScopePubSub, ) if err != nil { log.Fatal(err) } ctx := cloud.NewContext("project-id", conf.Client(oauth2.NoContext)) // See the other samples to learn how to use the context. return ctx }