feat: GCP Auth Login #11
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| package com.infisical.sdk.auth; | ||
|
|
||
| import java.io.IOException; | ||
| import java.util.Arrays; | ||
| import java.util.HashMap; | ||
|
|
||
| import com.google.auth.oauth2.GoogleCredentials; | ||
| import com.google.auth.oauth2.IdTokenCredentials; | ||
| import com.google.auth.oauth2.IdTokenProvider; | ||
| import com.google.auth.oauth2.IdTokenProvider.Option; | ||
| import com.infisical.sdk.util.InfisicalException; | ||
|
|
||
| public class GCPAuthProvider { | ||
|
|
||
| public static HashMap<String,String> getGCPAuthInput(String identityId) throws InfisicalException{ | ||
|
|
||
| if ( identityId == null || identityId.isEmpty() ) | ||
|
|
||
| throw new InfisicalException( "Identity ID is required"); | ||
|
|
||
| try{ | ||
|
|
||
| // This will fetch credentials from environment variable named GOOGLE_APPLICATION_CREDENTIALS or | ||
| // or if it's running in a GCP instance it will get them from the instance itself (GCP service account attached) | ||
| GoogleCredentials googleCredentials = GoogleCredentials.getApplicationDefault(); | ||
|
|
||
| IdTokenCredentials idTokenCredentials = | ||
| IdTokenCredentials.newBuilder() | ||
| .setIdTokenProvider((IdTokenProvider) googleCredentials) | ||
| .setTargetAudience(identityId) | ||
| .setOptions(Arrays.asList(Option.FORMAT_FULL, Option.LICENSES_TRUE)) | ||
| .build(); | ||
|
|
||
| // Get the ID token. | ||
| String idToken = idTokenCredentials.refreshAccessToken().getTokenValue(); | ||
|
|
||
| // Body cannot be a string so used a HashMap, you can use builder, POJO etc | ||
| HashMap<String, String> body = new HashMap<>(); | ||
| body.put("identityId", identityId); | ||
| body.put("jwt", idToken); | ||
|
|
||
| return body; | ||
|
|
||
| } catch (IOException e){ | ||
| throw new RuntimeException("Failed to fetch Google credentails", e); | ||
PrathameshBhagat marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| } catch (Exception e){ | ||
| throw new RuntimeException("Error during GCP Authentication", e); | ||
| } | ||
|
|
||
| } | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| package com.infisical.sdk.auth; | ||
|
|
||
| import com.infisical.sdk.InfisicalSdk; | ||
| import com.infisical.sdk.config.SdkConfig; | ||
| import com.infisical.sdk.util.EnvironmentVariables; | ||
| import org.junit.jupiter.api.Test; | ||
| import org.slf4j.Logger; | ||
| import org.slf4j.LoggerFactory; | ||
|
|
||
| import static org.junit.jupiter.api.Assertions.*; | ||
|
|
||
| public class GCPAuthIntegrationTest { | ||
|
|
||
| private static final Logger logger = LoggerFactory.getLogger(GCPAuthIntegrationTest.class); | ||
| @Test | ||
| public void testGCPAuthAndFetchSecrets() throws Exception { | ||
|
|
||
| // Load env variables | ||
| var envVars = new EnvironmentVariables(); | ||
|
|
||
| // Get Machine Identity Id | ||
| String machineIdentityId = System.getenv("INFISICAL_MACHINE_IDENTITY_ID"); | ||
|
There was a problem hiding this comment. style: Consider using envVars.getMachineIdentityId() if this method exists, for consistency with other environment variable access patterns in the codebase Prompt To Fix With AIThis is a comment left during a code review.
Path: src/test/java/com/infisical/sdk/auth/GCPAuthIntegrationTest.java
Line: 22:22
Comment:
**style:** Consider using envVars.getMachineIdentityId() if this method exists, for consistency with other environment variable access patterns in the codebase
How can I resolve this? If you propose a fix, please make it concise.
Author
There was a problem hiding this comment. I didn't wanted to update existing code hence did this, let me know if I need to change this. |
||
|
|
||
|
|
||
| // Check if env variable machine identity is set others are already tested via env tests | ||
| assertNotNull(machineIdentityId, "INFISICAL_MACHINE_IDENTITY_ID env variable must be set"); | ||
|
|
||
|
|
||
| // Create SDK instance | ||
| var sdk = new InfisicalSdk(new SdkConfig.Builder() | ||
| .withSiteUrl(envVars.getSiteUrl()) | ||
| .build() | ||
| ); | ||
|
|
||
| // Authenticate using GCP Auth | ||
| assertDoesNotThrow(() -> { | ||
| sdk.Auth().GCPAuthLogin(machineIdentityId); | ||
| }); | ||
|
|
||
|
|
||
|
|
||
| try { | ||
|
|
||
| // Test if we have correctly logged in and we can list the secrets | ||
| var secrets = sdk.Secrets().ListSecrets( | ||
| envVars.getProjectId(), | ||
| "dev", | ||
| "/", | ||
| null, | ||
| null, | ||
| null); | ||
|
|
||
| assertNotNull(secrets, "Secrets list should not be null"); | ||
| assertFalse(secrets.isEmpty(), "Secrets list should not be empty"); | ||
|
Comment on lines
+53
to
+54
There was a problem hiding this comment. style: Test assumes secrets exist in the 'dev' environment. Consider adding a comment explaining this prerequisite or making the test more robust by checking if no secrets exist. Prompt To Fix With AIThis is a comment left during a code review.
Path: src/test/java/com/infisical/sdk/auth/GCPAuthIntegrationTest.java
Line: 53:54
Comment:
**style:** Test assumes secrets exist in the 'dev' environment. Consider adding a comment explaining this prerequisite or making the test more robust by checking if no secrets exist.
How can I resolve this? If you propose a fix, please make it concise. |
||
|
|
||
| logger.info("TestGCPAuth Successful"); | ||
| logger.info("Secrets length : {}", secrets.size()); | ||
|
|
||
| } catch (Exception e) { | ||
| throw new AssertionError(e); | ||
| } | ||
| } | ||
| } | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic: Unsafe cast to IdTokenProvider without type checking - could throw ClassCastException if GoogleCredentials doesn't implement IdTokenProvider
Prompt To Fix With AI