NetopsWIFAuth.psm1
|
<# .Synopsis Displays a message. .Description Displays a message. Supports a message parameter. Will use the default message if no parameter is given. .Parameter Message The message to display. .Outputs System.String .Example # Show the default message. Show-Message .Example # Display a specific message. Show-Message -Message "Hello World!" #> Function Show-Message { param( [string] $Message = "Default Message" ) $Message } # Export-ModuleMember -Function Show-Message <# .Synopsis Outputs workload identity credentials files. .Description Outputs workload identity credentials files. Wrapper around the gcloud iam workload-identity-pools create-cred-config command. Supports an OutputFolderPath parameter. Writes an access token file and a json credentials file to the filesystem: - "$OutputFolderPath/access-token-file" - "$OutputFolderPath/credentials.json" .Parameter Username The client_id of the workload, provided as part of the client_credentials by the API marketplace. For example: cbe6172c-af90-4735-868e-4a6e20c57396 .Parameter Password The client_secret of the workload, provided as part of the client_credentials by the API marketplace. For example: 64947168-d1f6-4a23-8a1b-f262c7a2dcfd6ba1c089-93ae-5a9e-8429-6b932a806ee8 .Parameter ServiceAccount The email address of the GCP service account being authenticated through Workload Identity Federation. For example: automation@tu-nfv-svc-test-project-01-np.iam.gserviceaccount.com .Parameter OutputFolderPath The filesystem path to the folder where the access token file and the json credentials file will be written. For example: /artifacts/credentials .Example Out-WorkloadCredentials -Username "cbe6172c-af90-4735-868e-4a6e20c57396" ` -Password "64947168-d1f6-4a23-8a1b-f262c7a2dcfd6ba1c089-93ae-5a9e-8429-6b932a806ee8" ` -ServiceAccount "automation@tu-nfv-svc-test-project-01-np.iam.gserviceaccount.com" ` -OutputFolderPath "/artifacts/credentials" #> Function Out-WorkloadCredentials { Param ( [string] $Username, [string] $Password, [string] $ServiceAccount, [string] $OutputFolderPath ) $SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force $Credential = New-Object "System.Management.Automation.PSCredential" -ArgumentList $Username, $SecurePassword $Body = @{ grant_type='client_credentials'; } $Response = Invoke-WebRequest ` -Uri https://apigw-st.telus.com/st/token ` -Authentication Basic ` -Credential $Credential ` -Method POST ` -Body $Body $AccessToken = $Response.Content | ConvertFrom-Json | Select-Object -ExpandProperty access_token $AccessToken | Out-File -FilePath "${OutputFolderPath}/access-token-file" $Audience="projects/1022893644241/locations/global/workloadIdentityPools/cdo-telus-idp-wif-its04/providers/cdo-telus-idp-its04" gcloud iam workload-identity-pools create-cred-config ${Audience} ` --service-account=${ServiceAccount} ` --service-account-token-lifetime-seconds=3600 ` --output-file="${OutputFolderPath}/credentials.json" ` --credential-source-file="${OutputFolderPath}/access-token-file" } |