From 6283a7a319d34a4f54442462836e1b0d917996c3 Mon Sep 17 00:00:00 2001 From: Alex Cazacu Date: Tue, 1 Jun 2021 22:50:22 +0200 Subject: [PATCH 1/7] Implement service account key authentication dns_gcloud.sh --- dnsapi/dns_gcloud.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index 03060a8c..8e529575 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -12,6 +12,8 @@ dns_gcloud_add() { _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" + _dns_gcloud_authenticate || return $? + _dns_gcloud_find_zone || return $? # Add an extra RR @@ -33,6 +35,8 @@ dns_gcloud_rm() { _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" + _dns_gcloud_authenticate || return $? + _dns_gcloud_find_zone || return $? # Remove one RR @@ -47,6 +51,56 @@ dns_gcloud_rm() { #################### Private functions below ################################## +_dns_gcloud_authenticate() { + _info "_dns_gcloud_authenticate: authenticating gcloud" + _debug "_dns_gcloud_authenticate: checking authenticated status" + + account=$(gcloud auth list \ + --filter "status:ACTIVE" \ + --format "value(account)" \ + --verbosity error + ) + + if [ "$account" ]; then + _info "_dns_gcloud_authenticate: already authenticated" + return 0 + fi + + _debug "_dns_gcloud_authenticate: attempting to authenticate using service account key" + + GCLOUD_Service_Account_Key="${CF_Token:-$(_readaccountconf_mutable GCLOUD_Service_Account_Key)}" + GCLOUD_Project_ID="${CF_Account_ID:-$(_readaccountconf_mutable GCLOUD_Project_ID)}" + + if [ -z "$GCLOUD_Service_Account_Key" ]; then + GCLOUD_Service_Account_Key="" + GCLOUD_Project_ID="" + _err "_dns_gcloud_authenticate: missing Google Cloud service account key" + return 1 + fi + + if [ -z "$GCLOUD_Project_ID" ]; then + GCLOUD_Service_Account_Key="" + GCLOUD_Project_ID="" + _err "_dns_gcloud_authenticate: missing Google Cloud project ID" + return 1 + fi + + if ! echo "$GCLOUD_Service_Account_Key" | gcloud auth activate-service-account --key-file -; then + _err "_dns_gcloud_authenticate: failed to authenticate with service account key" + return 1 + fi + + _info "_dns_gcloud_authenticate: successfully authenticated using service account key" + + gcloud config set project "$GCLOUD_Project_ID" + + _info "_dns_gcloud_authenticate: configured gcloud project" +} + +_dns_gcloud_authenticate() { + account=$(gcloud auth list --filter "status:ACTIVE" --format "value(account)") +} + _dns_gcloud_start_tr() { if ! trd=$(mktemp -d); then _err "_dns_gcloud_start_tr: failed to create temporary directory" From 63438b3a3d7841aaeaa8cd699259d9aaab7eaa63 Mon Sep 17 00:00:00 2001 From: Alex Cazacu Date: Tue, 1 Jun 2021 22:54:07 +0200 Subject: [PATCH 2/7] Save credentials after successful authentication --- dnsapi/dns_gcloud.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index 8e529575..2ddfd788 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -95,6 +95,9 @@ _dns_gcloud_authenticate() { gcloud config set project "$GCLOUD_Project_ID" _info "_dns_gcloud_authenticate: configured gcloud project" + + _saveaccountconf_mutable CF_Token "$CF_Token" + _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID" } _dns_gcloud_authenticate() { From 00dac9b87f1c8d157ef3de7a7e7934c5902332a5 Mon Sep 17 00:00:00 2001 From: Alex Cazacu Date: Wed, 2 Jun 2021 09:43:51 +0200 Subject: [PATCH 3/7] Fix formatting --- dnsapi/dns_gcloud.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index 2ddfd788..338711fb 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -55,11 +55,12 @@ _dns_gcloud_authenticate() { _info "_dns_gcloud_authenticate: authenticating gcloud" _debug "_dns_gcloud_authenticate: checking authenticated status" - account=$(gcloud auth list \ - --filter "status:ACTIVE" \ - --format "value(account)" \ - --verbosity error - ) + account=$( + gcloud auth list \ + --filter "status:ACTIVE" \ + --format "value(account)" \ + --verbosity error + ) if [ "$account" ]; then _info "_dns_gcloud_authenticate: already authenticated" From 16d1bf8392bc6a4e171a829999aa59f0b7a6fa50 Mon Sep 17 00:00:00 2001 From: Alex Cazacu Date: Wed, 2 Jun 2021 14:49:12 +0200 Subject: [PATCH 4/7] Remove dead code --- dnsapi/dns_gcloud.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index 338711fb..3bfd1568 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -101,10 +101,6 @@ _dns_gcloud_authenticate() { _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID" } -_dns_gcloud_authenticate() { - account=$(gcloud auth list --filter "status:ACTIVE" --format "value(account)") -} - _dns_gcloud_start_tr() { if ! trd=$(mktemp -d); then _err "_dns_gcloud_start_tr: failed to create temporary directory" From 86453f5c71edfae2ba1b987bd3a785adb4ed71dc Mon Sep 17 00:00:00 2001 From: Alex Cazacu Date: Wed, 2 Jun 2021 14:51:37 +0200 Subject: [PATCH 5/7] Save configuration using correct variable names --- dnsapi/dns_gcloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index 3bfd1568..67ed06b6 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -97,8 +97,8 @@ _dns_gcloud_authenticate() { _info "_dns_gcloud_authenticate: configured gcloud project" - _saveaccountconf_mutable CF_Token "$CF_Token" - _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID" + _saveaccountconf_mutable GCLOUD_Service_Account_Key "$GCLOUD_Service_Account_Key" + _saveaccountconf_mutable GCLOUD_Project_ID "$GCLOUD_Project_ID" } _dns_gcloud_start_tr() { From e32bdd054a7f10a3c237d6b7a00c3580121b9166 Mon Sep 17 00:00:00 2001 From: Alex Cazacu Date: Wed, 2 Jun 2021 14:53:53 +0200 Subject: [PATCH 6/7] Read configuration using correct variable names --- dnsapi/dns_gcloud.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index 67ed06b6..4abe6869 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -69,8 +69,8 @@ _dns_gcloud_authenticate() { _debug "_dns_gcloud_authenticate: attempting to authenticate using service account key" - GCLOUD_Service_Account_Key="${CF_Token:-$(_readaccountconf_mutable GCLOUD_Service_Account_Key)}" - GCLOUD_Project_ID="${CF_Account_ID:-$(_readaccountconf_mutable GCLOUD_Project_ID)}" + GCLOUD_Service_Account_Key="${GCLOUD_Service_Account_Key:-$(_readaccountconf_mutable GCLOUD_Service_Account_Key)}" + GCLOUD_Project_ID="${GCLOUD_Project_ID:-$(_readaccountconf_mutable GCLOUD_Project_ID)}" if [ -z "$GCLOUD_Service_Account_Key" ]; then GCLOUD_Service_Account_Key="" @@ -97,6 +97,7 @@ _dns_gcloud_authenticate() { _info "_dns_gcloud_authenticate: configured gcloud project" + #save the service account api key and project ID to the account conf file. _saveaccountconf_mutable GCLOUD_Service_Account_Key "$GCLOUD_Service_Account_Key" _saveaccountconf_mutable GCLOUD_Project_ID "$GCLOUD_Project_ID" } From af9e8302895c3c16fd8539a3faf1958c169d7341 Mon Sep 17 00:00:00 2001 From: Alex Cazacu Date: Wed, 2 Jun 2021 15:00:55 +0200 Subject: [PATCH 7/7] Update logging to be be more verbose --- dnsapi/dns_gcloud.sh | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index 4abe6869..aa386364 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -67,24 +67,22 @@ _dns_gcloud_authenticate() { return 0 fi - _debug "_dns_gcloud_authenticate: attempting to authenticate using service account key" + _debug "_dns_gcloud_authenticate: unauthenticated" + _debug "_dns_gcloud_authenticate: authenticating using service account key" GCLOUD_Service_Account_Key="${GCLOUD_Service_Account_Key:-$(_readaccountconf_mutable GCLOUD_Service_Account_Key)}" GCLOUD_Project_ID="${GCLOUD_Project_ID:-$(_readaccountconf_mutable GCLOUD_Project_ID)}" - if [ -z "$GCLOUD_Service_Account_Key" ]; then + if [ -z "$GCLOUD_Service_Account_Key" ] || [ -z "$GCLOUD_Project_ID" ]; then GCLOUD_Service_Account_Key="" GCLOUD_Project_ID="" - _err "_dns_gcloud_authenticate: missing Google Cloud service account key" + _err "_dns_gcloud_authenticate: missing Google Cloud service account key and or project ID" return 1 fi - if [ -z "$GCLOUD_Project_ID" ]; then - GCLOUD_Service_Account_Key="" - GCLOUD_Project_ID="" - _err "_dns_gcloud_authenticate: missing Google Cloud project ID" - return 1 - fi + #save the service account api key and project ID to the account conf file. + _saveaccountconf_mutable GCLOUD_Service_Account_Key "$GCLOUD_Service_Account_Key" + _saveaccountconf_mutable GCLOUD_Project_ID "$GCLOUD_Project_ID" if ! echo "$GCLOUD_Service_Account_Key" | gcloud auth activate-service-account --key-file -; then _err "_dns_gcloud_authenticate: failed to authenticate with service account key" @@ -96,10 +94,6 @@ _dns_gcloud_authenticate() { gcloud config set project "$GCLOUD_Project_ID" _info "_dns_gcloud_authenticate: configured gcloud project" - - #save the service account api key and project ID to the account conf file. - _saveaccountconf_mutable GCLOUD_Service_Account_Key "$GCLOUD_Service_Account_Key" - _saveaccountconf_mutable GCLOUD_Project_ID "$GCLOUD_Project_ID" } _dns_gcloud_start_tr() {