This repository has been archived by the owner on Aug 22, 2023. It is now read-only.
/
data_source_google_service_account_key.go
98 lines (82 loc) · 2.74 KB
/
data_source_google_service_account_key.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package google
import (
"fmt"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
"regexp"
)
func dataSourceGoogleServiceAccountKey() *schema.Resource {
return &schema.Resource{
Read: dataSourceGoogleServiceAccountKeyRead,
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validateRegexp(ServiceAccountKeyNameRegex),
},
"public_key_type": {
Type: schema.TypeString,
Default: "TYPE_X509_PEM_FILE",
Optional: true,
ValidateFunc: validation.StringInSlice([]string{"TYPE_NONE", "TYPE_X509_PEM_FILE", "TYPE_RAW_PUBLIC_KEY"}, false),
},
"project": {
Type: schema.TypeString,
Optional: true,
},
"key_algorithm": {
Type: schema.TypeString,
Computed: true,
},
"public_key": {
Type: schema.TypeString,
Computed: true,
},
"service_account_id": {
Type: schema.TypeString,
Optional: true,
ConflictsWith: []string{"name"},
Deprecated: "Please use name to specify full service account key path projects/{project}/serviceAccounts/{serviceAccount}/keys/{keyId}",
},
},
}
}
func dataSourceGoogleServiceAccountKeyRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
keyName, err := getDataSourceServiceAccountKeyName(d)
if err != nil {
return err
}
publicKeyType := d.Get("public_key_type").(string)
// Confirm the service account key exists
sak, err := config.clientIAM.Projects.ServiceAccounts.Keys.Get(keyName).PublicKeyType(publicKeyType).Do()
if err != nil {
return handleNotFoundError(err, d, fmt.Sprintf("Service Account Key %q", keyName))
}
d.SetId(sak.Name)
d.Set("name", sak.Name)
d.Set("key_algorithm", sak.KeyAlgorithm)
d.Set("public_key", sak.PublicKeyData)
return nil
}
func getDataSourceServiceAccountKeyName(d *schema.ResourceData) (string, error) {
keyName := d.Get("name").(string)
keyFromSAId := d.Get("service_account_id").(string)
// Neither name nor service_account_id specified
if keyName == "" && keyFromSAId == "" {
return "", fmt.Errorf("please use name to specify service account key being added as this data source")
}
fullKeyName := keyName
if fullKeyName == "" {
// Key name specified as incorrectly named, deprecated service account ID field
fullKeyName = keyFromSAId
}
// Validate name since interpolated values (i.e from a key or service
// account resource) will not get validated at plan time.
r := regexp.MustCompile(ServiceAccountKeyNameRegex)
if r.MatchString(fullKeyName) {
return fullKeyName, nil
}
return "", fmt.Errorf("invalid key name %q does not match regexp %q", fullKeyName, ServiceAccountKeyNameRegex)
}