Merge pull request #58 from devoteamgcloud/fix/signed-url-credentials

get secret from Secret Manager if project-id and secret-id flags are …
devoteamgcloud · Jun 8, 2022 · 973b1f7 · 973b1f7
2 parents 9175af5 + 831cf14
commit 973b1f7
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 15 deletions.
diff --git a/server/cmd/server.go b/server/cmd/server.go
@@ -51,8 +51,13 @@ func init() {
 	rootCmd.PersistentFlags().StringVar(&flagGCSBucket, "gcs-bucket", "", "Name of the Google Cloud Storage bucket you want to use for storage.")
 	rootCmd.PersistentFlags().StringVar(&flagProjetID, "project-id", "", "Google Cloud project ID where the service account is stored in Secret Manager.")
 	rootCmd.PersistentFlags().StringVar(&flagSecretID, "secret-id", "", "(Google Cloud Secret Manager) Secret ID of your service-account that allows you to generate signed URLs.")
-
 	rootCmd.PersistentFlags().StringVar(&flagListenAddr, "listen-address", "3000", "Address to listen on")
+
+	// Making Flags required
+	err := rootCmd.MarkPersistentFlagRequired("gcs-bucket")
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+	}
 }
 
 const (

diff --git a/server/module/download.go b/server/module/download.go
@@ -81,23 +81,37 @@ func (b *GCSBackend) getModule(mod Module, ctx context.Context) (string, error)
 	fmt.Println("mod :", modPath(mod))
 	fmt.Println("context : ", ctx)
 
-	saKeyFile := getServiceAccountFromSecretManager()
-
-	cfg, err := google.JWTConfigFromJSON(saKeyFile)
-	if err != nil {
-		log.Fatalln(err)
+	var options *storage.SignedURLOptions
+
+	if secretManagerInfo.projectID != "" && secretManagerInfo.secretID != "" {
+		fmt.Println("Get secret from Secret Manager to create signed url")
+		saKeyFile := getServiceAccountFromSecretManager()
+
+		cfg, err := google.JWTConfigFromJSON(saKeyFile)
+		if err != nil {
+			log.Fatalln(err)
+		}
+
+		options = &storage.SignedURLOptions{
+			GoogleAccessID: cfg.Email,
+			PrivateKey:     cfg.PrivateKey,
+			Method:         "GET",
+			Expires:        time.Now().Add(2 * time.Minute),
+		}
+	} else {
+		fmt.Println("Use existing credentials to create signed url")
+		options = &storage.SignedURLOptions{
+			Method:  "GET",
+			Expires: time.Now().Add(2 * time.Minute),
+		}
 	}
 
-	opts := &storage.SignedURLOptions{
-		GoogleAccessID: cfg.Email,
-		PrivateKey:     cfg.PrivateKey,
-		Method:         "GET",
-		Expires:        time.Now().Add(2 * time.Minute),
-	}
-
-	signedUrl, err := b.client.Bucket(b.bucket).SignedURL(modPath(mod), opts)
+	signedUrl, err := b.client.Bucket(b.bucket).SignedURL(modPath(mod), options)
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("Bucket(%q).SignedURL: %v", b.bucket, err)
 	}
+
+	fmt.Println("Generated GET signed URL:")
+	fmt.Printf("%q\n", signedUrl)
 	return fmt.Sprintln(signedUrl), nil
 }