/
gcloud.go
125 lines (109 loc) · 3.29 KB
/
gcloud.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
package devcheck
import (
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"net/http"
"os/exec"
"strings"
)
type GCloudCheck struct {
CommandCheck *CommandCheck
RequiredIdentitySuffix string
}
func NewGCloudCheck(gcloudCommand *CommandCheck) *GCloudCheck {
return &GCloudCheck{CommandCheck: gcloudCommand}
}
func (c *GCloudCheck) WithRequiredIdentitySuffix(suffix string) *GCloudCheck {
c.RequiredIdentitySuffix = suffix
return c
}
func (c *GCloudCheck) gcloud(arg ...string) (string, error) {
output, err := exec.Command(c.CommandCheck.Path, arg...).Output()
if err != nil {
return "", err
}
return string(output), nil
}
type identityResponse struct {
Email string
}
func getIdentity(token string) (string, error) {
req, err := http.NewRequest("GET", "https://openidconnect.googleapis.com/v1/userinfo", nil)
if err != nil {
return "", err
}
req.Header.Set("Authorization", "Bearer "+token)
client := &http.Client{}
res, err := client.Do(req)
if err != nil {
return "", err
}
defer res.Body.Close()
if res.StatusCode != 200 {
return "", fmt.Errorf("Error status calling Google API: %v", res.StatusCode)
}
body, err := ioutil.ReadAll(res.Body)
if err != nil {
return "", err
}
var response identityResponse
err = json.Unmarshal(body, &response)
if err != nil {
return "", err
}
return response.Email, nil
}
func (c *GCloudCheck) Check(l *Logger) error {
var errs []error
if c.CommandCheck.Path == "" {
l.Warning("skipping since gcloud command was not found")
return nil
}
app_default_token, err := c.gcloud("auth", "application-default", "print-access-token")
app_default_token = strings.TrimSpace(app_default_token)
if err != nil {
errs = append(errs, err)
l.Failure("Application default credentials not configured")
l.Indented().Info("Try using the 'gcloud auth application-default login' command")
} else {
l.Success("Application default credentials are configured")
app_default_email, err := getIdentity(app_default_token)
if err != nil {
l.Failure("Could not determine application default credentials identity: %v", err)
errs = append(errs, err)
} else {
l.Success("Application default credentials identity: %v", app_default_email)
if !strings.HasSuffix(app_default_email, c.RequiredIdentitySuffix) {
l.Failure("Application default credentials identity does not end in '%v'", c.RequiredIdentitySuffix)
l.Indented().Info("Try using the 'gcloud auth application-default login' command")
}
}
}
auth_token, err := c.gcloud("auth", "print-access-token")
auth_token = strings.TrimSpace(auth_token)
if err != nil {
errs = append(errs, err)
l.Failure("SDK credentials not configured")
l.Indented().Info("Try using the 'gcloud auth login' command")
} else {
l.Success("SDK credentials are configured")
auth_email, err := getIdentity(auth_token)
if err != nil {
l.Failure("Could not determine SDK credentials identity: %v", err)
errs = append(errs, err)
} else {
l.Success("SDK credentials identity: %v", auth_email)
if !strings.HasSuffix(auth_email, c.RequiredIdentitySuffix) {
l.Failure("SDK credentials identity does not end in '%v'", c.RequiredIdentitySuffix)
l.Indented().Info("Try using the 'gcloud auth login' command")
}
}
}
if len(errs) > 0 {
return errors.Join(errs...)
} else {
return nil
}
}