-
Couldn't load subscription status.
- Fork 6
feat: Add GCP auth login (Correctly) #13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
PrathameshBhagat
wants to merge
5
commits into
Infisical:main
Choose a base branch
from
PrathameshBhagat:prathamesh/add-gcp-auth
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
7e7d2ba
Add GCP auth login
PrathameshBhagat 8bbeb4b
Update logback core and classic versions to 1.5.19
PrathameshBhagat a8427e5
Update src/test/java/com/infisical/sdk/auth/GCPAuthIntegrationTest.java
PrathameshBhagat 3975874
Fix whitespaces in GCPAuthLogin method
PrathameshBhagat 2f2d9e2
fix greptile issues, bump auth library, remove options and update err…
PrathameshBhagat File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Some comments aren't visible on the classic Files Changed page.
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| package com.infisical.sdk.auth; | ||
|
|
||
| import java.net.UnknownHostException; | ||
| import java.util.Arrays; | ||
| import java.util.HashMap; | ||
|
|
||
| import com.google.auth.oauth2.GoogleCredentials; | ||
| import com.google.auth.oauth2.IdTokenCredentials; | ||
| import com.google.auth.oauth2.IdTokenProvider; | ||
| import com.google.auth.oauth2.IdTokenProvider.Option; | ||
| import com.infisical.sdk.util.InfisicalException; | ||
|
|
||
| public class GCPAuthProvider { | ||
|
|
||
| public static HashMap<String,String> getGCPAuthInput(String identityId) throws InfisicalException{ | ||
|
|
||
| if ( identityId == null || identityId.isEmpty() ) | ||
|
|
||
| throw new InfisicalException( "Infisical Identity ID is required"); | ||
|
|
||
| try{ | ||
|
|
||
| // This will fetch credentials from environment variable named GOOGLE_APPLICATION_CREDENTIALS or | ||
| // or if it's running in a GCP instance it will get them from the instance itself (GCP service account attached) | ||
| GoogleCredentials googleCredentials = GoogleCredentials.getApplicationDefault(); | ||
|
|
||
| IdTokenCredentials idTokenCredentials = | ||
| IdTokenCredentials.newBuilder() | ||
| .setIdTokenProvider((IdTokenProvider) googleCredentials) | ||
| .setTargetAudience(identityId) | ||
| .build(); | ||
|
|
||
| // Get the ID token. | ||
| String idToken = idTokenCredentials.refreshAccessToken().getTokenValue(); | ||
|
|
||
| // Body cannot be a string so used a HashMap, you can use builder, POJO etc | ||
| HashMap<String, String> body = new HashMap<>(); | ||
| body.put("identityId", identityId); | ||
| body.put("jwt", idToken); | ||
|
|
||
| return body; | ||
|
|
||
| } catch (Exception e){ | ||
| if (e.getCause() instanceof UnknownHostException) { | ||
PrathameshBhagat marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| throw new InfisicalException("Unknown Host, may be check network connection ?"); | ||
| } | ||
| throw new InfisicalException("Failed to fetch Google credentials: " + e.getMessage()); | ||
| } | ||
|
|
||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
src/test/java/com/infisical/sdk/auth/GCPAuthIntegrationTest.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| package com.infisical.sdk.auth; | ||
|
|
||
| import com.infisical.sdk.InfisicalSdk; | ||
| import com.infisical.sdk.config.SdkConfig; | ||
| import com.infisical.sdk.util.EnvironmentVariables; | ||
| import org.junit.jupiter.api.Test; | ||
| import org.slf4j.Logger; | ||
| import org.slf4j.LoggerFactory; | ||
|
|
||
| import static org.junit.jupiter.api.Assertions.*; | ||
|
|
||
| public class GCPAuthIntegrationTest { | ||
|
|
||
| private static final Logger logger = LoggerFactory.getLogger(GCPAuthIntegrationTest.class); | ||
| @Test | ||
| public void testGCPAuthAndFetchSecrets() { | ||
|
|
||
| try { | ||
|
|
||
| // Load env variables | ||
| var envVars = new EnvironmentVariables(); | ||
|
|
||
| // Get Machine Identity Id | ||
| String machineIdentityId = System.getenv("INFISICAL_MACHINE_IDENTITY_ID"); | ||
|
|
||
|
|
||
| // Check if env variable machine identity is set, others are already tested via env tests | ||
| assertNotNull(machineIdentityId, "INFISICAL_MACHINE_IDENTITY_ID env variable must be set"); | ||
| assertFalse(machineIdentityId.isEmpty(), "INFISICAL_MACHINE_IDENTITY_ID env variable must not be empty"); | ||
|
|
||
|
|
||
| // Create SDK instance | ||
| var sdk = new InfisicalSdk(new SdkConfig.Builder() | ||
| .withSiteUrl(envVars.getSiteUrl()) | ||
| .build() | ||
| ); | ||
|
|
||
| // Authenticate using GCP Auth | ||
| assertDoesNotThrow(() -> { | ||
| sdk.Auth().GCPAuthLogin(machineIdentityId); | ||
| }); | ||
|
|
||
| // Test if we have correctly logged in and we can list the secrets | ||
| var secrets = sdk.Secrets().ListSecrets( | ||
| envVars.getProjectId(), | ||
| "dev", | ||
| "/", | ||
| null, | ||
| null, | ||
| null); | ||
|
|
||
| logger.info("TestGCPAuth Successful"); | ||
| logger.info("Secrets length : {}", secrets.size()); | ||
|
|
||
| } catch (Exception e) { | ||
| throw new AssertionError(e); | ||
| } | ||
| } | ||
| } |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.