From 6283a7a319d34a4f54442462836e1b0d917996c3 Mon Sep 17 00:00:00 2001 From: Alex Cazacu Date: Tue, 1 Jun 2021 22:50:22 +0200 Subject: [PATCH] Implement service account key authentication dns_gcloud.sh --- dnsapi/dns_gcloud.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index 03060a8c..8e529575 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -12,6 +12,8 @@ dns_gcloud_add() { _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" + _dns_gcloud_authenticate || return $? + _dns_gcloud_find_zone || return $? # Add an extra RR @@ -33,6 +35,8 @@ dns_gcloud_rm() { _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" + _dns_gcloud_authenticate || return $? + _dns_gcloud_find_zone || return $? # Remove one RR @@ -47,6 +51,56 @@ dns_gcloud_rm() { #################### Private functions below ################################## +_dns_gcloud_authenticate() { + _info "_dns_gcloud_authenticate: authenticating gcloud" + _debug "_dns_gcloud_authenticate: checking authenticated status" + + account=$(gcloud auth list \ + --filter "status:ACTIVE" \ + --format "value(account)" \ + --verbosity error + ) + + if [ "$account" ]; then + _info "_dns_gcloud_authenticate: already authenticated" + return 0 + fi + + _debug "_dns_gcloud_authenticate: attempting to authenticate using service account key" + + GCLOUD_Service_Account_Key="${CF_Token:-$(_readaccountconf_mutable GCLOUD_Service_Account_Key)}" + GCLOUD_Project_ID="${CF_Account_ID:-$(_readaccountconf_mutable GCLOUD_Project_ID)}" + + if [ -z "$GCLOUD_Service_Account_Key" ]; then + GCLOUD_Service_Account_Key="" + GCLOUD_Project_ID="" + _err "_dns_gcloud_authenticate: missing Google Cloud service account key" + return 1 + fi + + if [ -z "$GCLOUD_Project_ID" ]; then + GCLOUD_Service_Account_Key="" + GCLOUD_Project_ID="" + _err "_dns_gcloud_authenticate: missing Google Cloud project ID" + return 1 + fi + + if ! echo "$GCLOUD_Service_Account_Key" | gcloud auth activate-service-account --key-file -; then + _err "_dns_gcloud_authenticate: failed to authenticate with service account key" + return 1 + fi + + _info "_dns_gcloud_authenticate: successfully authenticated using service account key" + + gcloud config set project "$GCLOUD_Project_ID" + + _info "_dns_gcloud_authenticate: configured gcloud project" +} + +_dns_gcloud_authenticate() { + account=$(gcloud auth list --filter "status:ACTIVE" --format "value(account)") +} + _dns_gcloud_start_tr() { if ! trd=$(mktemp -d); then _err "_dns_gcloud_start_tr: failed to create temporary directory"