Revert "removing functionality of ServiceAccountEmail"

marceljk · marceljk · commit ca6f0ddb93c1 · 2024-12-12T15:51:50.000+01:00
diff --git a/core/auth/auth.go b/core/auth/auth.go
@@ -32,6 +32,8 @@ const (
 func SetupAuth(cfg *config.Configuration) (rt http.RoundTripper, err error) {
 	if cfg == nil {
 		cfg = &config.Configuration{}
+		email := getServiceAccountEmail(cfg)
+		cfg.ServiceAccountEmail = email
 	}
 
 	if cfg.CustomAuth != nil {
@@ -242,6 +244,27 @@ func readCredential(cred credentialType, credentials *Credentials) (string, erro
 	return credentialValue, nil
 }
 
+// getServiceAccountEmail searches for an email in the following order: client configuration, environment variable, credentials file.
+// is not required for authentication, so it can be empty.
+//
+// Deprecated: ServiceAccountEmail is not required and will be removed after 12th June 2025.
+func getServiceAccountEmail(cfg *config.Configuration) string {
+	if cfg.ServiceAccountEmail != "" {
+		return cfg.ServiceAccountEmail
+	}
+
+	email, emailSet := os.LookupEnv("STACKIT_SERVICE_ACCOUNT_EMAIL")
+	if !emailSet || email == "" {
+		credentials, err := readCredentialsFile(cfg.CredentialsFilePath)
+		if err != nil {
+			// email is not required for authentication, so it shouldnt block it
+			return ""
+		}
+		return credentials.STACKIT_SERVICE_ACCOUNT_EMAIL
+	}
+	return email
+}
+
 // getKey searches for a key in the following order: client configuration, environment variable, credentials file.
 func getKey(cfgKey, cfgKeyPath *string, envVar, credType credentialType, cfgCredFilePath string) error {
 	if *cfgKey != "" {
diff --git a/core/auth/auth_test.go b/core/auth/auth_test.go
@@ -170,6 +170,8 @@ func TestSetupAuth(t *testing.T) {
 				t.Setenv("STACKIT_CREDENTIALS_PATH", "")
 			}
 
+			t.Setenv("STACKIT_SERVICE_ACCOUNT_EMAIL", "test-email")
+
 			authRoundTripper, err := SetupAuth(test.config)
 
 			if err != nil && test.isValid {
@@ -568,6 +570,78 @@ func TestNoAuth(t *testing.T) {
 	}
 }
 
+func TestGetServiceAccountEmail(t *testing.T) {
+	for _, test := range []struct {
+		description   string
+		cfg           *config.Configuration
+		envEmailSet   bool
+		path          string
+		expectedEmail string
+		isValid       bool
+	}{
+		{
+			description: "custom_config",
+			cfg: &config.Configuration{
+				ServiceAccountEmail: "test_email",
+			},
+			path:          "",
+			expectedEmail: "test_email",
+			isValid:       true,
+		},
+		{
+			description:   "config_over_env_var",
+			cfg:           &config.Configuration{},
+			envEmailSet:   true,
+			path:          "",
+			expectedEmail: "env_email",
+			isValid:       true,
+		},
+		{
+			description: "env_variable",
+			cfg: &config.Configuration{
+				ServiceAccountEmail: "test_email",
+			},
+			envEmailSet:   true,
+			path:          "",
+			expectedEmail: "test_email",
+			isValid:       true,
+		},
+		{
+			description:   "path",
+			cfg:           &config.Configuration{},
+			envEmailSet:   false,
+			path:          "test_resources/test_credentials_bar.json",
+			expectedEmail: "bar_email",
+			isValid:       true,
+		},
+		{
+			description:   "invalid_structure",
+			cfg:           &config.Configuration{},
+			envEmailSet:   false,
+			path:          "test_resources/test_invalid_structure.json",
+			expectedEmail: "",
+			isValid:       false,
+		},
+	} {
+		t.Run(test.description, func(t *testing.T) {
+			if test.envEmailSet {
+				t.Setenv("STACKIT_SERVICE_ACCOUNT_EMAIL", "env_email")
+			} else {
+				t.Setenv("STACKIT_SERVICE_ACCOUNT_EMAIL", "")
+			}
+			t.Setenv("STACKIT_CREDENTIALS_PATH", test.path)
+			got := getServiceAccountEmail(test.cfg)
+			if (got != "") && !test.isValid {
+				t.Errorf("getServiceAccountEmail() did not return empty value for invalid test case")
+				return
+			}
+			if got != test.expectedEmail {
+				t.Errorf("getServiceAccountEmail() = %v, want %v", got, test.expectedEmail)
+			}
+		})
+	}
+}
+
 func generatePrivateKey() (string, error) {
 	// Generate a new RSA key pair with a size of 2048 bits
 	privKey, err := rsa.GenerateKey(rand.Reader, 2048)
diff --git a/core/config/config.go b/core/config/config.go
@@ -178,8 +178,9 @@ func WithTokenEndpoint(url string) ConfigurationOption {
 // WithServiceAccountEmail returns a ConfigurationOption that sets the service account email
 //
 // Deprecated: WithServiceAccountEmail is not required and will be removed after 12th June 2025.
-func WithServiceAccountEmail(_ string) ConfigurationOption {
-	return func(_ *Configuration) error {
+func WithServiceAccountEmail(serviceAccountEmail string) ConfigurationOption {
+	return func(config *Configuration) error {
+		config.ServiceAccountEmail = serviceAccountEmail
 		return nil
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -178,8 +178,9 @@ func WithTokenEndpoint(url string) ConfigurationOption {`
`178`	`178`	`// WithServiceAccountEmail returns a ConfigurationOption that sets the service account email`
`179`	`179`	`//`
`180`	`180`	`// Deprecated: WithServiceAccountEmail is not required and will be removed after 12th June 2025.`
`181`		`-func WithServiceAccountEmail(_ string) ConfigurationOption {`
`182`		`- return func(_ *Configuration) error {`
	`181`	`+func WithServiceAccountEmail(serviceAccountEmail string) ConfigurationOption {`
	`182`	`+ return func(config *Configuration) error {`
	`183`	`+ config.ServiceAccountEmail = serviceAccountEmail`
`183`	`184`	`return nil`
`184`	`185`	`}`
`185`	`186`	`}`