Enable ADC for Gcloud provider (#1583)

Fallback to using Application Default Credentials if no private_key is available in the creds.json-file. This allows usage with various short lived credentials, for example GCE-instances, gcloud auth application-default login, OIDC Workload Identity etc Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
2024-05-11 05:55:12 +00:00 · 2022-07-05 21:53:51 +02:00
parent 053bd5adf6
commit 0f04639891
2 changed files with 42 additions and 14 deletions
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -4,11 +4,13 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/StackExchange/dnscontrol/v3/pkg/printer"
 	"log"
+	"net/http"
 	"strings"
 	"time"

+	"github.com/StackExchange/dnscontrol/v3/pkg/printer"
+
 	"google.golang.org/api/googleapi"
 	"google.golang.org/api/option"

@@ -66,19 +68,27 @@ func New(cfg map[string]string, metadata json.RawMessage) (providers.DNSServiceP
 	// the key as downloaded is json encoded with literal "\n" instead of newlines.
 	// in some cases (round-tripping through env vars) this tends to get messed up.
 	// fix it if we find that.
+
+	ctx := context.Background()
+	var hc *http.Client
 	if key, ok := cfg["private_key"]; ok {
 		cfg["private_key"] = strings.Replace(key, "\\n", "\n", -1)
+		raw, err := json.Marshal(cfg)
+		if err != nil {
+			return nil, err
+		}
+		config, err := gauth.JWTConfigFromJSON(raw, "https://www.googleapis.com/auth/ndev.clouddns.readwrite")
+		if err != nil {
+			return nil, err
+		}
+		hc = config.Client(ctx)
+	} else {
+		var err error
+		hc, err = gauth.DefaultClient(ctx, "https://www.googleapis.com/auth/ndev.clouddns.readwrite")
+		if err != nil {
+			return nil, fmt.Errorf("No creds.json private_key found and ADC failed with:\n%s", err)
+		}
 	}
-	raw, err := json.Marshal(cfg)
-	if err != nil {
-		return nil, err
-	}
-	config, err := gauth.JWTConfigFromJSON(raw, "https://www.googleapis.com/auth/ndev.clouddns.readwrite")
-	if err != nil {
-		return nil, err
-	}
-	ctx := context.Background()
-	hc := config.Client(ctx)
 	// FIXME(tlim): Is it a problem that ctx is included with hc and in
 	// the call to NewService?  Seems redundant.
 	dcli, err := gdns.NewService(ctx, option.WithHTTPClient(hc))