[GCP Bindings Bucket] Adds Component Metadata Schema (#2936)

Signed-off-by: Roberto J Rojas <[email protected]>
Signed-off-by: Roberto Rojas <[email protected]>
Co-authored-by: Alessandro (Ale) Segala <[email protected]>

Author: robertojrojas

.build-tools/builtin-authentication-profiles.yaml

@@ -103,3 +103,72 @@ azuread:
           - AzurePublicCloud
           - AzureChinaCloud
           - AzureUSGovernmentCloud
+
+gcp:
+  - title: "GCP API Authentication with Service Account Key"
+    description: |
+      Authenticate authenticates API calls with the given service account or refresh token JSON credentials.
+    metadata:
+      - name: privateKeyID
+        required: true
+        sensitive: true
+        description: |
+          The GCP private key id. Replace with the value of "private_key_id" field of the Service Account Key file.
+        example: '"privateKeyID"'
+      - name: privateKey
+        required: true
+        sensitive: true
+        description: |
+          The GCP credentials private key. Replace with the value of "private_key" field of the Service Account Key file.
+        example: '"-----BEGIN PRIVATE KEY-----\nMIIE...\\n-----END PRIVATE KEY-----\n"'
+      - name: type
+        type: string
+        required: false
+        description: |
+          The GCP credentials type.
+        example: '"service_account"'
+        allowedValues:
+          - service_account
+      - name: projectID
+        type: string
+        required: true
+        description: |
+          GCP project id.
+        example: '"projectID"'
+      - name: clientEmail
+        type: string
+        required: true
+        description: |
+          GCP client email.
+        example: '"[email protected]"'
+      - name: clientID
+        type: string
+        required: true
+        description: |
+          The GCP client ID.
+        example: '"0123456789-0123456789"'
+      - name: authURI
+        type: string
+        required: false
+        description: |
+          The GCP account OAuth2 authorization server endpoint URI.
+        example: '"https://accounts.google.com/o/oauth2/auth"'
+      - name: tokenURI
+        type: string
+        required: false
+        description: |
+         The GCP account token server endpoint URI.
+        example: '"https://oauth2.googleapis.com/token"'
+      - name: authProviderX509CertURL
+        type: string
+        required: false
+        description: |
+          The GCP URL of the public x509 certificate, used to verify the signature
+           on JWTs, such as ID tokens, signed by the authentication provider.
+        example: '"https://www.googleapis.com/oauth2/v1/certs"'
+      - name: clientX509CertURL
+        type: string
+        required: false
+        description: |
+          The GCP URL of the public x509 certificate, used to verify JWTs signed by the client.
+        example: '"https://www.googleapis.com/robot/v1/metadata/x509/<PROJECT_NAME>.iam.gserviceaccount.com"'

bindings/gcp/bucket/bucket.go

@@ -54,19 +54,21 @@ type GCPStorage struct {
 }
 
 type gcpMetadata struct {
-	Bucket              string `json:"bucket" mapstructure:"bucket"`
-	Type                string `json:"type" mapstructure:"type"`
-	ProjectID           string `json:"project_id" mapstructure:"project_id"`
-	PrivateKeyID        string `json:"private_key_id" mapstructure:"private_key_id"`
-	PrivateKey          string `json:"private_key" mapstructure:"private_key"`
-	ClientEmail         string `json:"client_email " mapstructure:"client_email"`
-	ClientID            string `json:"client_id" mapstructure:"client_id"`
-	AuthURI             string `json:"auth_uri" mapstructure:"auth_uri"`
-	TokenURI            string `json:"token_uri" mapstructure:"token_uri"`
-	AuthProviderCertURL string `json:"auth_provider_x509_cert_url" mapstructure:"auth_provider_x509_cert_url"`
-	ClientCertURL       string `json:"client_x509_cert_url" mapstructure:"client_x509_cert_url"`
-	DecodeBase64        bool   `json:"decodeBase64,string" mapstructure:"decodeBase64"`
-	EncodeBase64        bool   `json:"encodeBase64,string" mapstructure:"encodeBase64"`
+	// Ignored by metadata parser because included in built-in authentication profile
+	Type                string `json:"type" mapstructure:"type" mdignore:"true"`
+	ProjectID           string `json:"project_id" mapstructure:"projectID" mdignore:"true" mapstructurealiases:"project_id"`
+	PrivateKeyID        string `json:"private_key_id" mapstructure:"privateKeyID" mdignore:"true" mapstructurealiases:"private_key_id"`
+	PrivateKey          string `json:"private_key" mapstructure:"privateKey" mdignore:"true" mapstructurealiases:"private_key"`
+	ClientEmail         string `json:"client_email " mapstructure:"clientEmail" mdignore:"true" mapstructurealiases:"client_email"`
+	ClientID            string `json:"client_id" mapstructure:"clientID" mdignore:"true" mapstructurealiases:"client_id"`
+	AuthURI             string `json:"auth_uri" mapstructure:"authURI" mdignore:"true" mapstructurealiases:"auth_uri"`
+	TokenURI            string `json:"token_uri" mapstructure:"tokenURI" mdignore:"true" mapstructurealiases:"token_uri"`
+	AuthProviderCertURL string `json:"auth_provider_x509_cert_url" mapstructure:"authProviderX509CertURL" mdignore:"true" mapstructurealiases:"auth_provider_x509_cert_url"`
+	ClientCertURL       string `json:"client_x509_cert_url" mapstructure:"clientX509CertURL" mdignore:"true" mapstructurealiases:"client_x509_cert_url"`
+
+	Bucket       string `json:"bucket" mapstructure:"bucket"`
+	DecodeBase64 bool   `json:"decodeBase64,string" mapstructure:"decodeBase64"`
+	EncodeBase64 bool   `json:"encodeBase64,string" mapstructure:"encodeBase64"`
 }
 
 type listPayload struct {

bindings/gcp/bucket/bucket_test.go

@@ -27,17 +27,17 @@ func TestParseMetadata(t *testing.T) {
 	t.Run("Has correct metadata", func(t *testing.T) {
 		m := bindings.Metadata{}
 		m.Properties = map[string]string{
-			"auth_provider_x509_cert_url": "my_auth_provider_x509",
-			"auth_uri":                    "my_auth_uri",
-			"Bucket":                      "my_bucket",
-			"client_x509_cert_url":        "my_client_x509",
-			"client_email":                "[email protected]",
-			"client_id":                   "my_client_id",
-			"private_key":                 "my_private_key",
-			"private_key_id":              "my_private_key_id",
-			"project_id":                  "my_project_id",
-			"token_uri":                   "my_token_uri",
-			"type":                        "my_type",
+			"authProviderX509CertURL": "my_auth_provider_x509",
+			"authURI":                 "my_auth_uri",
+			"Bucket":                  "my_bucket",
+			"clientX509CertURL":       "my_client_x509",
+			"clientEmail":             "[email protected]",
+			"clientID":                "my_client_id",
+			"privateKey":              "my_private_key",
+			"privateKeyID":            "my_private_key_id",
+			"projectID":               "my_project_id",
+			"tokenURI":                "my_token_uri",
+			"type":                    "my_type",
 		}
 		gs := GCPStorage{logger: logger.NewLogger("test")}
 		meta, err := gs.parseMetadata(m)
@@ -73,18 +73,18 @@ func TestMergeWithRequestMetadata(t *testing.T) {
 	t.Run("Has merged metadata", func(t *testing.T) {
 		m := bindings.Metadata{}
 		m.Properties = map[string]string{
-			"auth_provider_x509_cert_url": "my_auth_provider_x509",
-			"auth_uri":                    "my_auth_uri",
-			"Bucket":                      "my_bucket",
-			"client_x509_cert_url":        "my_client_x509",
-			"client_email":                "[email protected]",
-			"client_id":                   "my_client_id",
-			"private_key":                 "my_private_key",
-			"private_key_id":              "my_private_key_id",
-			"project_id":                  "my_project_id",
-			"token_uri":                   "my_token_uri",
-			"type":                        "my_type",
-			"decodeBase64":                "false",
+			"authProviderX509CertURL": "my_auth_provider_x509",
+			"authURI":                 "my_auth_uri",
+			"Bucket":                  "my_bucket",
+			"clientX509CertURL":       "my_client_x509",
+			"clientEmail":             "[email protected]",
+			"clientID":                "my_client_id",
+			"privateKey":              "my_private_key",
+			"privateKeyID":            "my_private_key_id",
+			"projectID":               "my_project_id",
+			"tokenURI":                "my_token_uri",
+			"type":                    "my_type",
+			"decodeBase64":            "false",
 		}
 		gs := GCPStorage{logger: logger.NewLogger("test")}
 		meta, err := gs.parseMetadata(m)
@@ -129,18 +129,18 @@ func TestMergeWithRequestMetadata(t *testing.T) {
 	t.Run("Has invalid merged metadata decodeBase64", func(t *testing.T) {
 		m := bindings.Metadata{}
 		m.Properties = map[string]string{
-			"auth_provider_x509_cert_url": "my_auth_provider_x509",
-			"auth_uri":                    "my_auth_uri",
-			"Bucket":                      "my_bucket",
-			"client_x509_cert_url":        "my_client_x509",
-			"client_email":                "[email protected]",
-			"client_id":                   "my_client_id",
-			"private_key":                 "my_private_key",
-			"private_key_id":              "my_private_key_id",
-			"project_id":                  "my_project_id",
-			"token_uri":                   "my_token_uri",
-			"type":                        "my_type",
-			"decodeBase64":                "false",
+			"authProviderX509CertURL": "my_auth_provider_x509",
+			"authURI":                 "my_auth_uri",
+			"Bucket":                  "my_bucket",
+			"clientX509CertURL":       "my_client_x509",
+			"clientEmail":             "[email protected]",
+			"clientID":                "my_client_id",
+			"privateKey":              "my_private_key",
+			"privateKeyID":            "my_private_key_id",
+			"projectID":               "my_project_id",
+			"tokenURI":                "my_token_uri",
+			"type":                    "my_type",
+			"decodeBase64":            "false",
 		}
 		gs := GCPStorage{logger: logger.NewLogger("test")}
 		meta, err := gs.parseMetadata(m)
@@ -173,19 +173,19 @@ func TestMergeWithRequestMetadata(t *testing.T) {
 	t.Run("Has invalid merged metadata encodeBase64", func(t *testing.T) {
 		m := bindings.Metadata{}
 		m.Properties = map[string]string{
-			"auth_provider_x509_cert_url": "my_auth_provider_x509",
-			"auth_uri":                    "my_auth_uri",
-			"Bucket":                      "my_bucket",
-			"client_x509_cert_url":        "my_client_x509",
-			"client_email":                "[email protected]",
-			"client_id":                   "my_client_id",
-			"private_key":                 "my_private_key",
-			"private_key_id":              "my_private_key_id",
-			"project_id":                  "my_project_id",
-			"token_uri":                   "my_token_uri",
-			"type":                        "my_type",
-			"decodeBase64":                "false",
-			"encodeBase64":                "true",
+			"authProviderX509CertURL": "my_auth_provider_x509",
+			"authURI":                 "my_auth_uri",
+			"Bucket":                  "my_bucket",
+			"clientX509CertURL":       "my_client_x509",
+			"clientEmail":             "[email protected]",
+			"clientID":                "my_client_id",
+			"privateKey":              "my_private_key",
+			"privateKeyID":            "my_private_key_id",
+			"projectID":               "my_project_id",
+			"tokenURI":                "my_token_uri",
+			"type":                    "my_type",
+			"decodeBase64":            "false",
+			"encodeBase64":            "true",
 		}
 		gs := GCPStorage{logger: logger.NewLogger("test")}
 		meta, err := gs.parseMetadata(m)

bindings/gcp/bucket/metadata.yaml

@@ -0,0 +1,41 @@
+# yaml-language-server: $schema=../../../component-metadata-schema.json
+schemaVersion: v1
+type: bindings
+name: gcp.bucket
+version: v1
+status: alpha
+title: "GCP Storage Bucket"
+urls:
+  - title: Reference
+    url: https://docs.dapr.io/reference/components-reference/supported-bindings/gcpbucket/
+binding:
+  output: true
+  operations:
+    - name: create
+      description: "Create an item."
+capabilities: []
+builtinAuthenticationProfiles:
+  - name: "gcp"
+metadata:
+  - name: bucket
+    required: true
+    description: |
+      The bucket name.
+    example: '"mybucket"'
+    type: string
+  - name: decodeBase64
+    type: bool
+    required: false
+    default: 'false'
+    description: |
+      Configuration to decode base64 file content before saving to bucket storage. 
+      (In case of opening a file with binary content).
+    example: '"true, false"'
+  - name: encodeBase64
+    type: bool
+    required: false
+    default: 'false'
+    description: |
+      Configuration to encode base64 file content before return the content. 
+      (In case of saving a file with binary content).
+    example: '"true, false"'