Remove ServiceeAccountCredentials

bouzuya · Apr 15, 2024 · 3069275 · 3069275
1 parent 5f67617
commit 3069275
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 96 deletions.
diff --git a/src/lib.rs b/src/lib.rs
@@ -28,7 +28,6 @@
 //!
 pub mod html_form_data;
 mod private;
-mod service_account_credentials;
 mod signing_key;
 
 use std::str::FromStr;
@@ -46,7 +45,6 @@ use self::private::Service;
 use self::private::SignedUrl;
 
 pub use self::html_form_data::{HtmlFormData, HtmlFormDataBuilder, PolicyDocumentSigningOptions};
-pub use self::service_account_credentials::ServiceAccountCredentials;
 pub use self::signing_key::SigningKey;
 
 #[derive(Debug, thiserror::Error)]
@@ -62,27 +60,13 @@ enum ErrorKind {
     #[error("expiration out of range")]
     ExpirationOutOfRange,
     #[error(transparent)]
-    File(std::io::Error),
-    #[error(transparent)]
     HttpMethod(crate::private::http_verb::Error),
     #[error(transparent)]
     HttpRequest(http::Error),
-    #[error("invalid json")]
-    InvalidServiceAccountJson(serde_json::Error),
     #[error(transparent)]
     Location(crate::private::location::Error),
     #[error("now out of range")]
     Now,
-    #[error("client_email is not found")]
-    ServiceAccountJsonClientEmailIsNotFound,
-    #[error("client_email is not string")]
-    ServiceAccountJsonClientEmailIsNotString,
-    #[error("json root is not object")]
-    ServiceAccountJsonRootIsNotObject,
-    #[error("private_key is not found")]
-    ServiceAccountJsonPrivateKeyIsNotFound,
-    #[error("private_key is not string")]
-    ServiceAccountJsonPrivateKeyIsNotString,
     #[error(transparent)]
     SignedUrl(crate::private::signed_url::Error),
 }

diff --git a/src/service_account_credentials.rs b/src/service_account_credentials.rs
diff --git a/src/signing_key.rs b/src/signing_key.rs
@@ -1,5 +1,30 @@
 use crate::private::{BoundToken, SigningKeyInner};
 
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub struct Error(#[from] ErrorKind);
+
+#[allow(clippy::enum_variant_names)]
+#[derive(Debug, thiserror::Error)]
+enum ErrorKind {
+    #[error("service account file open error: {0}")]
+    ServiceAccountFileOpen(#[source] std::io::Error),
+    #[error("service account file open error: {0}")]
+    ServiceAccountFileRead(#[source] std::io::Error),
+    #[error("service account json client_email is not found")]
+    ServiceAccountJsonClientEmailIsNotFound,
+    #[error("service account json client_email is not string")]
+    ServiceAccountJsonClientEmailIsNotString,
+    #[error("service account json deserialize error")]
+    ServiceAccountJsonDeserialize(#[source] serde_json::Error),
+    #[error("service account json private_key is not found")]
+    ServiceAccountJsonPrivateKeyIsNotFound,
+    #[error("service account json private_key is not string")]
+    ServiceAccountJsonPrivateKeyIsNotString,
+    #[error("service account json root is not object")]
+    ServiceAccountJsonRootIsNotObject,
+}
+
 #[derive(Clone)]
 pub struct SigningKey(pub(crate) SigningKeyInner);
 
@@ -18,4 +43,33 @@ impl SigningKey {
             private_key,
         })
     }
+
+    pub fn service_account_from_path<P: AsRef<std::path::Path>>(path: P) -> Result<Self, Error> {
+        let mut file = std::fs::File::open(path).map_err(ErrorKind::ServiceAccountFileOpen)?;
+        let mut s = String::new();
+        std::io::Read::read_to_string(&mut file, &mut s)
+            .map_err(ErrorKind::ServiceAccountFileRead)?;
+        Self::service_account_from_str(s)
+    }
+
+    pub fn service_account_from_str<S: AsRef<str>>(s: S) -> Result<Self, Error> {
+        let json_value: serde_json::Value =
+            serde_json::from_str(s.as_ref()).map_err(ErrorKind::ServiceAccountJsonDeserialize)?;
+        let json_object = json_value
+            .as_object()
+            .ok_or_else(|| ErrorKind::ServiceAccountJsonRootIsNotObject)?;
+        let client_email = json_object
+            .get("client_email")
+            .ok_or_else(|| ErrorKind::ServiceAccountJsonClientEmailIsNotFound)?
+            .as_str()
+            .ok_or_else(|| ErrorKind::ServiceAccountJsonClientEmailIsNotString)?
+            .to_string();
+        let private_key = json_object
+            .get("private_key")
+            .ok_or_else(|| ErrorKind::ServiceAccountJsonPrivateKeyIsNotFound)?
+            .as_str()
+            .ok_or_else(|| ErrorKind::ServiceAccountJsonPrivateKeyIsNotString)?
+            .to_string();
+        Ok(Self::service_account(client_email, private_key))
+    }
 }
diff --git a/tests/lib.rs b/tests/lib.rs
@@ -22,17 +22,10 @@ async fn test_build_html_form_data() -> anyhow::Result<()> {
     use cloud_storage_signature::BuildSignedUrlOptions;
     use cloud_storage_signature::HtmlFormData;
     use cloud_storage_signature::PolicyDocumentSigningOptions;
-    use cloud_storage_signature::ServiceAccountCredentials;
     use cloud_storage_signature::SigningKey;
 
-    let ServiceAccountCredentials {
-        client_email: service_account_client_email,
-        private_key: service_account_private_key,
-    } = ServiceAccountCredentials::load(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
-    let signing_key = SigningKey::service_account(
-        service_account_client_email.clone(),
-        service_account_private_key.clone(),
-    );
+    let signing_key =
+        SigningKey::service_account_from_path(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let bucket_name = std::env::var("BUCKET_NAME")?;
     let object_name = "foo";
 
@@ -93,18 +86,13 @@ async fn test_build_html_form_data() -> anyhow::Result<()> {
 async fn test_setup_a_txt() -> anyhow::Result<()> {
     use cloud_storage_signature::build_signed_url;
     use cloud_storage_signature::BuildSignedUrlOptions;
-    use cloud_storage_signature::ServiceAccountCredentials;
     use cloud_storage_signature::SigningKey;
 
     let bucket_name = std::env::var("BUCKET_NAME")?;
     let object_name = "a.txt";
 
-    let ServiceAccountCredentials {
-        client_email: service_account_client_email,
-        private_key: service_account_private_key,
-    } = ServiceAccountCredentials::load(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let signing_key =
-        SigningKey::service_account(service_account_client_email, service_account_private_key);
+        SigningKey::service_account_from_path(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let now = SystemTime::now();
     let url = build_signed_url(BuildSignedUrlOptions {
         bucket_name: bucket_name.clone(),
@@ -153,18 +141,13 @@ async fn test_setup_a_txt() -> anyhow::Result<()> {
 async fn test_get() -> anyhow::Result<()> {
     use cloud_storage_signature::build_signed_url;
     use cloud_storage_signature::BuildSignedUrlOptions;
-    use cloud_storage_signature::ServiceAccountCredentials;
     use cloud_storage_signature::SigningKey;
 
     let bucket_name = std::env::var("BUCKET_NAME")?;
     let object_name = "a.txt";
 
-    let ServiceAccountCredentials {
-        client_email: service_account_client_email,
-        private_key: service_account_private_key,
-    } = ServiceAccountCredentials::load(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let signing_key =
-        SigningKey::service_account(service_account_client_email, service_account_private_key);
+        SigningKey::service_account_from_path(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let signed_url = build_signed_url(BuildSignedUrlOptions {
         bucket_name,
         object_name: object_name.to_string(),
@@ -189,18 +172,13 @@ async fn test_get() -> anyhow::Result<()> {
 async fn test_get_timeout() -> anyhow::Result<()> {
     use cloud_storage_signature::build_signed_url;
     use cloud_storage_signature::BuildSignedUrlOptions;
-    use cloud_storage_signature::ServiceAccountCredentials;
     use cloud_storage_signature::SigningKey;
 
     let bucket_name = std::env::var("BUCKET_NAME")?;
     let object_name = "a.txt";
 
-    let ServiceAccountCredentials {
-        client_email: service_account_client_email,
-        private_key: service_account_private_key,
-    } = ServiceAccountCredentials::load(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let signing_key =
-        SigningKey::service_account(service_account_client_email, service_account_private_key);
+        SigningKey::service_account_from_path(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let signed_url = build_signed_url(BuildSignedUrlOptions {
         bucket_name,
         object_name: object_name.to_string(),
@@ -226,18 +204,13 @@ async fn test_get_timeout() -> anyhow::Result<()> {
 async fn test_post_invalid_http_method() -> anyhow::Result<()> {
     use cloud_storage_signature::build_signed_url;
     use cloud_storage_signature::BuildSignedUrlOptions;
-    use cloud_storage_signature::ServiceAccountCredentials;
     use cloud_storage_signature::SigningKey;
 
     let bucket_name = std::env::var("BUCKET_NAME")?;
     let object_name = "a.txt";
 
-    let ServiceAccountCredentials {
-        client_email: service_account_client_email,
-        private_key: service_account_private_key,
-    } = ServiceAccountCredentials::load(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let signing_key =
-        SigningKey::service_account(service_account_client_email, service_account_private_key);
+        SigningKey::service_account_from_path(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let signed_url = build_signed_url(BuildSignedUrlOptions {
         bucket_name,
         object_name: object_name.to_string(),
@@ -261,18 +234,13 @@ async fn test_post_invalid_http_method() -> anyhow::Result<()> {
 async fn test_post() -> anyhow::Result<()> {
     use cloud_storage_signature::build_signed_url;
     use cloud_storage_signature::BuildSignedUrlOptions;
-    use cloud_storage_signature::ServiceAccountCredentials;
     use cloud_storage_signature::SigningKey;
 
     let bucket_name = std::env::var("BUCKET_NAME")?;
     let object_name = "b.txt";
 
-    let ServiceAccountCredentials {
-        client_email: service_account_client_email,
-        private_key: service_account_private_key,
-    } = ServiceAccountCredentials::load(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let signing_key =
-        SigningKey::service_account(service_account_client_email, service_account_private_key);
+        SigningKey::service_account_from_path(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let url = build_signed_url(BuildSignedUrlOptions {
         bucket_name: bucket_name.clone(),
         object_name: object_name.to_string(),
@@ -314,18 +282,13 @@ async fn test_post() -> anyhow::Result<()> {
 async fn test_post_bin() -> anyhow::Result<()> {
     use cloud_storage_signature::build_signed_url;
     use cloud_storage_signature::BuildSignedUrlOptions;
-    use cloud_storage_signature::ServiceAccountCredentials;
     use cloud_storage_signature::SigningKey;
 
     let bucket_name = std::env::var("BUCKET_NAME")?;
     let object_name = "c.png";
 
-    let ServiceAccountCredentials {
-        client_email: service_account_client_email,
-        private_key: service_account_private_key,
-    } = ServiceAccountCredentials::load(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let signing_key =
-        SigningKey::service_account(service_account_client_email, service_account_private_key);
+        SigningKey::service_account_from_path(std::env::var("GOOGLE_APPLICATION_CREDENTIALS")?)?;
     let url = build_signed_url(BuildSignedUrlOptions {
         bucket_name: bucket_name.clone(),
         object_name: object_name.to_string(),