From b6f9f9f6be0878dece92b8fc330a5845ccf56e74 Mon Sep 17 00:00:00 2001 From: Roberto Rojas Date: Wed, 2 Aug 2023 17:57:54 -0400 Subject: [PATCH] updates as per PR review Signed-off-by: Roberto Rojas --- .../builtin-authentication-profiles.yaml | 67 +++++++++++++++++++ bindings/gcp/bucket/bucket.go | 29 ++++---- bindings/gcp/bucket/metadata.yaml | 67 +------------------ 3 files changed, 85 insertions(+), 78 deletions(-) diff --git a/.build-tools/builtin-authentication-profiles.yaml b/.build-tools/builtin-authentication-profiles.yaml index 548fbf5352..3d2a4b1af9 100644 --- a/.build-tools/builtin-authentication-profiles.yaml +++ b/.build-tools/builtin-authentication-profiles.yaml @@ -103,3 +103,70 @@ azuread: - AzurePublicCloud - AzureChinaCloud - AzureUSGovernmentCloud + +gcp: + - title: "GCP API call Authentication" + description: | + Authenticate authenticates API calls with the given service account or refresh token JSON credentials. + metadata: + - name: private_key_id + required: true + sensitive: true + description: | + GCP private key id. + example: '"privateKeyId"' + - name: private_key + required: true + sensitive: true + description: | + GCP credentials private key. Replace with x509 cert. + example: '"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADAsUw+2/y/MfhhkIKQTgnoiIZFHximeQN67VF9pifNR/D0k\\n-----END PRIVATE KEY-----\n"' + - name: type + type: string + required: true + description: | + The GCP credentials type. + example: '"service_account"' + - name: project_id + type: string + required: true + description: | + GCP project id. + example: '"projectId"' + - name: client_email + type: string + required: true + description: | + GCP client email. + example: '"client@email.com"' + - name: client_id + type: string + required: true + description: | + GCP client id. + example: '"0123456789-0123456789"' + - name: auth_uri + type: string + required: false + description: | + Google account OAuth endpoint. + example: '"https://accounts.google.com/o/oauth2/auth"' + - name: token_uri + type: string + required: false + description: | + Google account token uri. + example: '"https://oauth2.googleapis.com/token"' + - name: auth_provider_x509_cert_url + type: string + required: false + description: | + GCP credentials cert url. + example: '"https://www.googleapis.com/oauth2/v1/certs"' + - name: client_x509_cert_url + type: string + required: false + description: | + GCP credentials project x509 cert url. + example: '"https://www.googleapis.com/robot/v1/metadata/x509/.iam.gserviceaccount.com"' + diff --git a/bindings/gcp/bucket/bucket.go b/bindings/gcp/bucket/bucket.go index 941b43ff4c..b932835ff5 100644 --- a/bindings/gcp/bucket/bucket.go +++ b/bindings/gcp/bucket/bucket.go @@ -54,19 +54,22 @@ type GCPStorage struct { } type gcpMetadata struct { - Bucket string `json:"bucket" mapstructure:"bucket"` - Type string `json:"type" mapstructure:"type"` - ProjectID string `json:"project_id" mapstructure:"project_id"` - PrivateKeyID string `json:"private_key_id" mapstructure:"private_key_id"` - PrivateKey string `json:"private_key" mapstructure:"private_key"` - ClientEmail string `json:"client_email " mapstructure:"client_email"` - ClientID string `json:"client_id" mapstructure:"client_id"` - AuthURI string `json:"auth_uri" mapstructure:"auth_uri"` - TokenURI string `json:"token_uri" mapstructure:"token_uri"` - AuthProviderCertURL string `json:"auth_provider_x509_cert_url" mapstructure:"auth_provider_x509_cert_url"` - ClientCertURL string `json:"client_x509_cert_url" mapstructure:"client_x509_cert_url"` - DecodeBase64 bool `json:"decodeBase64,string" mapstructure:"decodeBase64"` - EncodeBase64 bool `json:"encodeBase64,string" mapstructure:"encodeBase64"` + // Ignored by metadata parser because included in built-in authentication profile + + Type string `json:"type" mapstructure:"type" mdignore:"true"` + ProjectID string `json:"project_id" mapstructure:"project_id" mdignore:"true"` + PrivateKeyID string `json:"private_key_id" mapstructure:"private_key_id" mdignore:"true"` + PrivateKey string `json:"private_key" mapstructure:"private_key" mdignore:"true"` + ClientEmail string `json:"client_email " mapstructure:"client_email" mdignore:"true"` + ClientID string `json:"client_id" mapstructure:"client_id" mdignore:"true"` + AuthURI string `json:"auth_uri" mapstructure:"auth_uri" mdignore:"true"` + TokenURI string `json:"token_uri" mapstructure:"token_uri" mdignore:"true"` + AuthProviderCertURL string `json:"auth_provider_x509_cert_url" mapstructure:"auth_provider_x509_cert_url" mdignore:"true"` + ClientCertURL string `json:"client_x509_cert_url" mapstructure:"client_x509_cert_url" mdignore:"true"` + + Bucket string `json:"bucket" mapstructure:"bucket"` + DecodeBase64 bool `json:"decodeBase64,string" mapstructure:"decodeBase64"` + EncodeBase64 bool `json:"encodeBase64,string" mapstructure:"encodeBase64"` } type listPayload struct { diff --git a/bindings/gcp/bucket/metadata.yaml b/bindings/gcp/bucket/metadata.yaml index 9c3d8729ff..cf17cd9390 100644 --- a/bindings/gcp/bucket/metadata.yaml +++ b/bindings/gcp/bucket/metadata.yaml @@ -14,23 +14,8 @@ binding: - name: create description: "Create an item." capabilities: [] -authenticationProfiles: - - title: "GCP API call Authentication" - description: | - Authenticate authenticates API calls with the given service account or refresh token JSON credentials. - metadata: - - name: private_key_id - required: true - sensitive: true - description: | - GCP private key id. - example: '"privateKeyId"' - - name: private_key - required: true - sensitive: true - description: | - GCP credentials private key. Replace with x509 cert. - example: '"12345-12345"' +builtinAuthenticationProfiles: + - name: "gcp" metadata: - name: bucket required: true @@ -38,54 +23,6 @@ metadata: The bucket name. example: '"mybucket"' type: string - - name: type - type: string - required: true - description: | - The GCP credentials type. - example: '"service_account"' - - name: project_id - type: string - required: true - description: | - GCP project id. - example: '"projectId"' - - name: client_email - type: string - required: true - description: | - GCP client email. - example: '"client@email.com"' - - name: client_id - type: string - required: true - description: | - GCP client id. - example: '"0123456789-0123456789"' - - name: auth_uri - type: string - required: false - description: | - Google account OAuth endpoint. - example: '"https://accounts.google.com/o/oauth2/auth"' - - name: token_uri - type: string - required: false - description: | - Google account token uri. - example: '"https://oauth2.googleapis.com/token"' - - name: auth_provider_x509_cert_url - type: string - required: false - description: | - GCP credentials cert url. - example: '"https://www.googleapis.com/oauth2/v1/certs"' - - name: client_x509_cert_url - type: string - required: false - description: | - GCP credentials project x509 cert url. - example: '"https://www.googleapis.com/robot/v1/metadata/x509/.iam.gserviceaccount.com"' - name: decodeBase64 type: bool required: false