Commit 9a4eb1d5 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

feat: extend implicit variables

parent c5caffa2

README.md

+6 −5
Original line number Diff line number Diff line
@@ -43,11 +43,12 @@ Retrieve authentication token using API. 
When not explicitly set, `serviceAccount` and `workloadIdentityProvider` values are retrieved from to-be-continuous standard variables for the associated `envType` (`envType` itself may also be guessed, see next chapter):



| `envType`        | `serviceAccount` value                                        | `workloadIdentityProvider` value                                |

| ---------------- | ---------------------- | -------------------------------- |

| ---------------- | ------------------------------------------------------------- | --------------------------------------------------------------- |

| `production`     | `$GCP_PROD_OIDC_ACCOUNT` or `$GCP_OIDC_ACCOUNT` (fallback)    | `$GCP_PROD_OIDC_PROVIDER` or `$GCP_OIDC_PROVIDER` (fallback)    |

| `staging`        | `$GCP_STAGING_OIDC_ACCOUNT` or `$GCP_OIDC_ACCOUNT` (fallback) | `$GCP_STAGING_OIDC_PROVIDER` or `$GCP_OIDC_PROVIDER` (fallback) |

| `integration`    | `$GCP_INTEG_OIDC_ACCOUNT` or `$GCP_OIDC_ACCOUNT` (fallback)   | `$GCP_INTEG_OIDC_PROVIDER` or `$GCP_OIDC_PROVIDER` (fallback)   |

| `review`         | `$GCP_REVIEW_OIDC_ACCOUNT` or `$GCP_OIDC_ACCOUNT` (fallback)  | `$GCP_REVIEW_OIDC_PROVIDER` or `$GCP_OIDC_PROVIDER` (fallback)  |

| `<any>`          | `$GCP_<ANY>_OIDC_ACCOUNT` or `$GCP_OIDC_ACCOUNT` (fallback)   | `$GCP_<ANY>_OIDC_PROVIDER` or `$GCP_OIDC_PROVIDER` (fallback)   |



##### How is guessed `envType`?

app/gcp_client.py

+1 −1
Original line number Diff line number Diff line
@@ -26,7 +26,7 @@ def get_iam_credentials(service_account, federated_token): 




def get_sts_token(audience):

    if CI_JOB_JWT_V2 is None:

    if not CI_JOB_JWT_V2:

        raise HTTPException(

            status_code=401,

            detail='Missing $CI_JOB_JWT_V2 token'

app/main.py

+4 −10
Original line number Diff line number Diff line
@@ -35,17 +35,11 @@ def guess_env_type() -> str: 




def get_var_prefix(env_type: str) -> str:

    if env_type == "review":

        return "REVIEW"

    if env_type == "integ" or env_type == "integration":

    if env_type == "integration":

        return "INTEG"

    if env_type == "staging":

        return "STAGING"

    if env_type == "prod" or env_type == "production":

    if env_type == "production":

        return "PROD"

    raise HTTPException(

        status_code=404, detail=f"Unsupported environment type '{env_type}'"

    )

    return env_type.upper()





def get_oidc_account(var_prefix: str) -> str:
@@ -74,7 +68,7 @@ def token( 
    # projects/%s/locations/global/workloadIdentityPools/%s/providers/%s

    if (not workload_identity_provider) or (not service_account):

        # retrieve from TBC standard variables

        if env_type is None:

        if not env_type:

            env_type = guess_env_type()



        var_prefix = get_var_prefix(env_type)