33# shellcheck source=${WORKER_LIB_DIR}/utils.sh disable=SC1091
44source " ${WORKER_LIB_DIR} /utils.sh"
55
6- # Function to authenticate GCP service accounts
6+ # Function to set ADC credentials
77#
88# Example usage of the function
99# gcp_authenticate "/path/to/your/gcp_creds.json"
10+ # gcp_authenticate "${GCP_CREDS}"
1011#
1112
12- # Function to authenticate GCP service accounts
13+ # Function to set ADC credentials
1314gcp_authenticate () {
1415 local creds_json=" $1 "
1516
@@ -22,6 +23,12 @@ gcp_authenticate() {
2223 return 1
2324 fi
2425
26+ # If GOOGLE_APPLICATION_CREDENTIALS already set, do not override
27+ if [ -n " $GOOGLE_APPLICATION_CREDENTIALS " ; then
28+ log_info " GCP Authentication" " GOOGLE_APPLICATION_CREDENTIALS already set, skipping authentication."
29+ return 0
30+ fi
31+
2532 # Extract necessary fields from the JSON credentials
2633 local clientEmail privateKey projectId
2734
@@ -34,44 +41,31 @@ gcp_authenticate() {
3441 return 1
3542 fi
3643
37- # Adjust privateKey formatting
38- # Replace "\\n" with actual new line, handle BEGIN and END markers
39- privateKey=$( echo " $privateKey " | sed ' s/\\n/\n/g' | sed ' s/- /\n-/g' | sed ' s/ -/-\n/g' )
40-
41- # Create a temporary credentials file for gcloud authentication
42- local temp_creds_file=" /tmp/gcp_creds.json"
43- # Use jq to create a valid JSON with the modified privateKey
44- jq -n --arg clientEmail " $clientEmail " " $privateKey " " $projectId "
45- ' {client_email: $clientEmail, private_key: $privateKey, project_id: $projectId}' > " $temp_creds_file "
46-
47- # Set GOOGLE_APPLICATION_CREDENTIALS only if ACTORS_CLEANUP is disabled
48- if [ " $ACTORS_CLEANUP " = false ]; then
49- if [ -f " $GCP_CREDS " ; then
50- # If GCP_CREDS is a file path and exists, use it directly
51- export GOOGLE_APPLICATION_CREDENTIALS=" $GCP_CREDS "
52- else
53- # Otherwise create and use a local copy
54- mkdir -p " $HOME /creds"
55- cat " $creds_json " > " $HOME /creds/gcp_creds.json"
56- export GOOGLE_APPLICATION_CREDENTIALS=" $HOME /creds/gcp_creds.json"
57- fi
44+ if [ -f " $GCP_CREDS " ; then
45+ # If GCP_CREDS is a file path and exists, use it directly
46+ export GOOGLE_APPLICATION_CREDENTIALS=" $GCP_CREDS "
47+ else
48+
49+ # Adjust privateKey formatting
50+ # Replace "\\n" with actual new line, handle BEGIN and END markers
51+ privateKey=$( echo " $privateKey " | sed ' s/\\n/\n/g' | sed ' s/- /\n-/g' | sed ' s/ -/-\n/g' )
52+
53+ jq -n --arg clientEmail " $clientEmail " " $privateKey " " $projectId "
54+ ' {type: "service_account", client_email: $clientEmail, private_key: $privateKey, project_id: $projectId}' > " $LOCAL_CREDS_DIR /gcp_creds.json"
55+
56+ export GOOGLE_APPLICATION_CREDENTIALS=" $LOCAL_CREDS_DIR /gcp_creds.json"
5857 fi
5958
60- log_info " GCP Authentication" " Authenticating GCP service account..."
61- if ! gcloud auth activate-service-account " $clientEmail " " $temp_creds_file " > /dev/null 2>&1 ; then
62- log_error " GCP Authentication" " GCP service account authentication failed."
63- rm -f " $temp_creds_file "
64- return 1
59+ # If GOOGLE_APPLICATION_CREDENTIALS is set, authorize environment with provided credentials
60+ if [ -n " $GOOGLE_APPLICATION_CREDENTIALS " ; then
61+ log_info " GCP Authentication" " Authorizing environment with provided credentials."
62+ gcloud auth login --cred-file=" $GOOGLE_APPLICATION_CREDENTIALS " > /dev/null 2>&1
6563 fi
6664
6765 if ! gcloud config set project " $projectId " > /dev/null 2>&1 ; then
6866 log_error " GCP Authentication" " Failed to set GCP project."
69- rm -f " $temp_creds_file "
7067 return 1
7168 fi
7269
7370 log_success " GCP Authentication" " GCP service account authenticated and project set."
74-
75- # Clean up temporary credentials file
76- rm -f " $temp_creds_file "
7771}
0 commit comments