fix: correct GCP credential loading

Author: Calvin-Huang

cloudproxy/providers/gcp/functions.py

@@ -9,6 +9,9 @@
 from cloudproxy.providers.config import set_auth
 from cloudproxy.providers.settings import config
 
+gcp = None
+compute = None
+
 def get_client(instance_config=None):
     """
     Initialize and return a GCP client based on the provided configuration.
@@ -21,21 +24,27 @@ def get_client(instance_config=None):
     """
 
     global gcp, compute
+    if gcp is not None and compute is not None:
+        return gcp, compute
 
     if instance_config is None:
         instance_config = config["providers"]["gcp"]["instances"]["default"]
 
     gcp = config["providers"]["gcp"]
-    if gcp["enabled"] == 'True':
-        try:
+    try:
+        if 'sa_json' in instance_config["secrets"]:
+            credentials = service_account.Credentials.from_service_account_file(
+                instance_config["secrets"]["sa_json"]
+            )
+        else:
             credentials = service_account.Credentials.from_service_account_info(
-                json.loads(gcp["secrets"]["service_account_key"])
+                json.loads(instance_config["secrets"]["service_account_key"])
             )
-            compute = googleapiclient.discovery.build('compute', 'v1', credentials=credentials)
+        compute = googleapiclient.discovery.build('compute', 'v1', credentials=credentials)
 
-            return gcp, compute
-        except TypeError:
-            logger.error("GCP -> Invalid service account key")
+        return gcp, compute
+    except TypeError:
+        logger.error("GCP -> Invalid service account key")
 
 
 def create_proxy(instance_config=None):

cloudproxy/providers/settings.py

@@ -148,6 +148,7 @@
 config["providers"]["gcp"]["instances"]["default"]["secrets"]["service_account_key"] = os.environ.get(
     "GCP_SERVICE_ACCOUNT_KEY"
 )
+config["providers"]["gcp"]["instances"]["default"]["secrets"]["sa_json"] = os.environ.get("GCP_SA_JSON")
 config["providers"]["gcp"]["instances"]["default"]["scaling"]["min_scaling"] = int(
     os.environ.get("GCP_MIN_SCALING", 2)
 )

docs/gcp.md

@@ -21,7 +21,9 @@ Now you have your credentials, you can use GCP as a proxy provider. Set up the e
 #### Required:
 ``GCP_ENABLED`` - to enable GCP as a provider, set as True. Default value: False
 
-``GCP_SA_JSON`` - the path to the service account JSON key file. For Docker, mount the file to the container and provide the path.
+``GCP_SA_JSON`` or `GCP_SERVICE_ACCOUNT_KEY` - the path to the service account JSON key file. For Docker, mount the file to the container and provide the path. If both `GCP_SA_JSON` and `GCP_SERVICE_ACCOUNT_KEY` are set, `GCP_SA_JSON` will override the other.
+
+``GCP_SERVICE_ACCOUNT_KEY`` or (`GCP_SA_JSON`) - service acount JSON key content. If both `GCP_SA_JSON` and `GCP_SERVICE_ACCOUNT_KEY` are set, `GCP_SA_JSON` will override the other.
 
 ``GCP_ZONE`` - the GCP zone where the instances will be created. Default value: us-central1-a