diff --git a/cmd/root.go b/cmd/root.go index f53a52bc9..3069720fa 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -63,6 +63,12 @@ var RootCmd = &cobra.Command{ Short: "Utility to work with Apigee APIs.", Long: "This command lets you interact with Apigee APIs.", PersistentPreRunE: func(cmd *cobra.Command, args []string) error { + if metadataToken && defaultToken { + return fmt.Errorf("metadata-token and default-token cannot be used together") + } + if defaultToken && (serviceAccount != "" || accessToken != "") { + return fmt.Errorf("default-token cannot be used with token or account flags") + } if metadataToken && (serviceAccount != "" || accessToken != "") { return fmt.Errorf("metadata-token cannot be used with token or account flags") } @@ -71,11 +77,6 @@ var RootCmd = &cobra.Command{ return fmt.Errorf("token and account flags cannot be used together") } - if !metadataToken { - apiclient.SetServiceAccount(serviceAccount) - apiclient.SetApigeeToken(accessToken) - } - if !disableCheck { if ok, _ := apiclient.TestAndUpdateLastCheck(); !ok { latestVersion, _ := getLatestVersion() @@ -88,7 +89,16 @@ var RootCmd = &cobra.Command{ } } + if !metadataToken && !defaultToken { + apiclient.SetServiceAccount(serviceAccount) + apiclient.SetApigeeToken(accessToken) + } + if metadataToken { + return apiclient.GetMetadataAccessToken() + } + + if defaultToken { return apiclient.GetDefaultAccessToken() } @@ -107,8 +117,8 @@ func Execute() { } var ( - accessToken, serviceAccount string - disableCheck, printOutput, noOutput, metadataToken bool + accessToken, serviceAccount string + disableCheck, printOutput, noOutput, metadataToken, defaultToken bool ) const ENABLED = "true" @@ -134,6 +144,9 @@ func init() { RootCmd.PersistentFlags().BoolVarP(&metadataToken, "metadata-token", "", false, "Metadata OAuth2 access token") + RootCmd.PersistentFlags().BoolVarP(&defaultToken, "default-token", "", + false, "Use Google defalt application credentials access token") + RootCmd.AddCommand(apis.Cmd) RootCmd.AddCommand(org.Cmd) RootCmd.AddCommand(sync.Cmd) diff --git a/go.mod b/go.mod index 9f2348ae7..fd41a131a 100644 --- a/go.mod +++ b/go.mod @@ -24,6 +24,7 @@ require ( ) require ( + cloud.google.com/go/compute/metadata v0.2.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/getkin/kin-openapi v0.115.0 // indirect diff --git a/go.sum b/go.sum index 6add6501c..4c3fe8616 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +cloud.google.com/go/compute/metadata v0.2.0 h1:nBbNSZyDpkNlo3DepaaLKVuO7ClyifSAmNloSCZrHnQ= +cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= diff --git a/internal/apiclient/token.go b/internal/apiclient/token.go index 7f9deecf4..c708b9b47 100644 --- a/internal/apiclient/token.go +++ b/internal/apiclient/token.go @@ -15,6 +15,7 @@ package apiclient import ( + "context" "crypto/x509" "encoding/json" "encoding/pem" @@ -33,6 +34,7 @@ import ( "github.com/lestrrat-go/jwx/v2/jwa" "github.com/lestrrat-go/jwx/v2/jwt" + "golang.org/x/oauth2/google" ) type serviceAccount struct { @@ -313,6 +315,21 @@ func getMetadata(metadata string) (respBpdy []byte, err error) { // GetDefaultAccessToken func GetDefaultAccessToken() (err error) { + ctx := context.Background() + tokenSource, err := google.DefaultTokenSource(ctx, "https://www.googleapis.com/auth/cloud-platform") + if err != nil { + return err + } + token, err := tokenSource.Token() + if err != nil { + return err + } + SetApigeeToken(token.AccessToken) + return nil +} + +// GetMetadataAccessToken +func GetMetadataAccessToken() (err error) { var tokenResponse map[string]interface{} respBody, err := getMetadata("token")