NetopsWIFAuth.psm1
<# .Synopsis Displays a message. .Description Displays a message. Supports a message parameter. Will use the default message if no parameter is given. .Parameter Message The message to display. .Outputs System.String .Example # Show the default message. Show-Message .Example # Display a specific message. Show-Message -Message "Hello World!" #> Function Show-Message { param( [string] $Message = "Default Message" ) $Message } # Export-ModuleMember -Function Show-Message <# .Synopsis Outputs workload identity credentials files. .Description Outputs workload identity credentials files. Wrapper around the gcloud iam workload-identity-pools create-cred-config command. Supports an OutputFolderPath parameter. Writes an access token file and a json credentials file to the filesystem: - "$OutputFolderPath/access-token-file" - "$OutputFolderPath/credentials.json" .Parameter Username The client_id of the workload, provided as part of the client_credentials by the API marketplace. For example: cbe6172c-af90-4735-868e-4a6e20c57396 .Parameter Password The client_secret of the workload, provided as part of the client_credentials by the API marketplace. For example: 64947168-d1f6-4a23-8a1b-f262c7a2dcfd6ba1c089-93ae-5a9e-8429-6b932a806ee8 .Parameter ServiceAccount The email address of the GCP service account being authenticated through Workload Identity Federation. For example: automation@tu-nfv-svc-test-project-01-np.iam.gserviceaccount.com .Parameter OutputFolderPath The filesystem path to the folder where the access token file and the json credentials file will be written. For example: /artifacts/credentials .Example Out-WorkloadCredentials -Username "cbe6172c-af90-4735-868e-4a6e20c57396" ` -Password "64947168-d1f6-4a23-8a1b-f262c7a2dcfd6ba1c089-93ae-5a9e-8429-6b932a806ee8" ` -ServiceAccount "automation@tu-nfv-svc-test-project-01-np.iam.gserviceaccount.com" ` -OutputFolderPath "/artifacts/credentials" #> Function Out-WorkloadCredentials { Param ( [Parameter(mandatory=$true)] [string] $Username, [Parameter(mandatory=$true)] [string] $Password, [Parameter(mandatory=$true)] [string] $ServiceAccount, [Parameter(mandatory=$true)] [string] $OutputFolderPath ) $SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force $Credential = New-Object "System.Management.Automation.PSCredential" -ArgumentList $Username, $SecurePassword $Body = @{ grant_type='client_credentials'; } $Response = Invoke-WebRequest ` -Uri https://apigw-st.telus.com/st/token ` -Authentication Basic ` -Credential $Credential ` -Method POST ` -Body $Body $AccessToken = $Response.Content | ConvertFrom-Json | Select-Object -ExpandProperty access_token $AccessToken | Out-File -FilePath "${OutputFolderPath}/access-token-file" $Audience="projects/1022893644241/locations/global/workloadIdentityPools/cdo-telus-idp-wif-its04/providers/cdo-telus-idp-its04" gcloud iam workload-identity-pools create-cred-config ${Audience} ` --service-account=${ServiceAccount} ` --service-account-token-lifetime-seconds=3600 ` --output-file="${OutputFolderPath}/credentials.json" ` --credential-source-file="${OutputFolderPath}/access-token-file" } <# .Synopsis Displays the email address of the GCP Service Account. .Description Displays the email address of the GCP Service Account. Supports a ServiceAccountJsonKeyFilePath parameter. The email address of the GCP Service Account is parsed from the contents of the Json Service Account key file. .Parameter ServiceAccountJsonKeyFilePath The filesystem path to the Json Service Account key file. .Outputs System.String .Example # Show the email address of the service account contained inside the Json Service Account key file Show-ServiceAccount -ServiceAccountJsonKeyFilePath "/var/tmp/service-account-key.json" #> Function Show-ServiceAccount { Param ( [Parameter(mandatory=$true)] [string] $ServiceAccountJsonKeyFilePath ) $line = $( get-content ${ServiceAccountJsonKeyFilePath} | select-string -Pattern "client_email" ) $removeCommas = [System.Text.RegularExpressions.Regex]::Replace(${line},",","") $removeLabel = [System.Text.RegularExpressions.Regex]::Replace(${removeCommas},"`"client_email`":","") $removeQuotes = [System.Text.RegularExpressions.Regex]::Replace(${removeLabel},"`"","") $removeSpaces = [System.Text.RegularExpressions.Regex]::Replace(${removeQuotes}," ","") $serviceAccount = ${removeSpaces} return ${serviceAccount} } |