initial-version

Keyfactor · May 21, 2024 · dfb0dc8 · dfb0dc8
1 parent 35e7e46
commit dfb0dc8
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 12 deletions.
diff --git a/GcpCertManager/Client/GcpCertificateManagerClient.cs b/GcpCertManager/Client/GcpCertificateManagerClient.cs
@@ -3,23 +3,44 @@
 using Google.Apis.Auth.OAuth2;
 using Google.Apis.CertificateManager.v1;
 using Google.Apis.Services;
+using Google.Apis.Iam.v1;
+using Google.Apis.Iam.v1.Data;
+using System.Text;
+using System;
+
+using Keyfactor.Logging;
+using Microsoft.Extensions.Logging;
+
 
 namespace Keyfactor.Extensions.Orchestrator.GcpCertManager.Client
 {
     public class GcpCertificateManagerClient
     {
         public CertificateManagerService GetGoogleCredentials(string credentialFileName)
         {
+            ILogger _logger = LogHandler.GetClassLogger<CertificateManagerService>();
+
             //Credentials file needs to be in the same location of the executing assembly
-            var strExeFilePath = Assembly.GetExecutingAssembly().Location;
-            var strWorkPath = Path.GetDirectoryName(strExeFilePath);
-            var strSettingsJsonFilePath = Path.Combine(strWorkPath ?? string.Empty, credentialFileName);
+            GoogleCredential credentials;
 
-            var stream = new FileStream(strSettingsJsonFilePath,
-                FileMode.Open
-            );
+            if (!string.IsNullOrEmpty(credentialFileName))
+            {
+                _logger.LogDebug("Has credential file name");
+                var strExeFilePath = Assembly.GetExecutingAssembly().Location;
+                var strWorkPath = Path.GetDirectoryName(strExeFilePath);
+                var strSettingsJsonFilePath = Path.Combine(strWorkPath ?? string.Empty, credentialFileName);
 
-            var credentials = GoogleCredential.FromStream(stream);
+                var stream = new FileStream(strSettingsJsonFilePath,
+                    FileMode.Open
+                );
+
+                credentials = GoogleCredential.FromStream(stream);
+            }
+            else
+            {
+                _logger.LogDebug("No credential file name");
+                credentials = GoogleCredential.GetApplicationDefaultAsync().Result;
+            }
 
             var service = new CertificateManagerService(new BaseClientService.Initializer
             {
@@ -28,5 +49,21 @@ public CertificateManagerService GetGoogleCredentials(string credentialFileName)
 
             return service;
         }
+
+        public ServiceAccountKey CreateServiceAccountKey(string serviceAccountEmail)
+        {
+            GoogleCredential credential = GoogleCredential.GetApplicationDefault().CreateScoped(IamService.Scope.CloudPlatform);
+            IamService service = new IamService(new IamService.Initializer
+            {
+                HttpClientInitializer = credential
+            });
+
+            var key = service.Projects.ServiceAccounts.Keys.Create(new CreateServiceAccountKeyRequest(), "projects/-/serviceAccounts/" + serviceAccountEmail).Execute();
+
+            byte[] valueBytes = System.Convert.FromBase64String(key.PrivateKeyData);
+            string jsonKeyContent = Encoding.UTF8.GetString(valueBytes);
+
+            return key;
+        }
     }
 }
diff --git a/GcpCertManager/GcpCertManager.csproj b/GcpCertManager/GcpCertManager.csproj
@@ -19,12 +19,11 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Google.Apis.Auth" Version="1.57.0" />
     <PackageReference Include="Google.Apis.CertificateManager.v1" Version="1.57.0.2653" />
+    <PackageReference Include="Google.Apis.Iam.v1" Version="1.68.0.3395" />
     <PackageReference Include="Google.Protobuf" Version="3.20.1" />
     <PackageReference Include="Keyfactor.Logging" Version="1.1.1" />
     <PackageReference Include="Keyfactor.Orchestrators.IOrchestratorJobExtensions" Version="0.6.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="Portable.BouncyCastle" Version="1.9.0" />
     <PackageReference Include="RestSharp" Version="107.2.1" />
     <PackageReference Include="System.Management.Automation" Version="7.0.5" />

diff --git a/GcpCertManager/Jobs/Inventory.cs b/GcpCertManager/Jobs/Inventory.cs
@@ -55,7 +55,7 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
                 _logger.LogTrace($"  Service Account Key Path: {storeProperties.ServiceAccountKey}");
 
                 _logger.LogTrace("Getting Credentials from Google...");
-                var svc = string.IsNullOrEmpty(storeProperties.ServiceAccountKey) ? new CertificateManagerService() : new GcpCertificateManagerClient().GetGoogleCredentials(storeProperties.ServiceAccountKey);
+                var svc = new GcpCertificateManagerClient().GetGoogleCredentials(storeProperties.ServiceAccountKey);
                 _logger.LogTrace("Got Credentials from Google");
 
                 var warningFlag = false;
@@ -133,6 +133,8 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven
             catch (GoogleApiException e)
             {
                 var googleError = e.Error?.ErrorResponseContent + " " + LogHandler.FlattenException(e);
+
+                _logger.LogError($"PerformInventory Error: {LogHandler.FlattenException(e)}");
                 return new JobResult
                 {
                     Result = OrchestratorJobStatusJobResult.Failure,

diff --git a/GcpCertManager/Jobs/Management.cs b/GcpCertManager/Jobs/Management.cs
@@ -77,7 +77,7 @@ private JobResult PerformManagement(ManagementJobConfiguration config)
                 _logger.LogTrace($"  Service Account Key Path: {storeProperties.ServiceAccountKey}");
 
                 _logger.LogTrace("Getting Credentials from Google...");
-                var svc = string.IsNullOrEmpty(storeProperties.ServiceAccountKey) ? new CertificateManagerService() : new GcpCertificateManagerClient().GetGoogleCredentials(storeProperties.ServiceAccountKey);
+                var svc = new GcpCertificateManagerClient().GetGoogleCredentials(storeProperties.ServiceAccountKey);
                 _logger.LogTrace("Got Credentials from Google");
 
                 var storePath = $"projects/{storeProperties.ProjectId}/locations/{storeProperties.Location}";
@@ -284,6 +284,8 @@ private JobResult PerformAddition(CertificateManagerService svc, ManagementJobCo
             catch (GoogleApiException e)
             {
                 var googleError = e.Error?.ErrorResponseContent + " " + LogHandler.FlattenException(e);
+                _logger.LogError($"PerformManagement Error: {LogHandler.FlattenException(e)}");
+
                 return new JobResult
                 {
                     Result = OrchestratorJobStatusJobResult.Failure,
@@ -294,6 +296,8 @@ private JobResult PerformAddition(CertificateManagerService svc, ManagementJobCo
             }
             catch (Exception e)
             {
+                _logger.LogError($"PerformManagement Error: {LogHandler.FlattenException(e)}");
+
                 return new JobResult
                 {
                     Result = OrchestratorJobStatusJobResult.Failure,

diff --git a/integration-manifest.json b/integration-manifest.json
@@ -2,7 +2,7 @@
   "$schema": "https://keyfactor.github.io/integration-manifest-schema.json",
   "integration_type": "orchestrator",
   "name": "Google Cloud Provider Certificate Manager",
-  "status": "pilot",
+  "status": "production",
   "update_catalog": false,
   "release_dir": "GcpCertManager/bin/release",
   "description": "Google Certificate Manager Orchestrator for Add, Remove and Inventory.",