depot/rust/passgen/src/service_account.rs

43 lines
1.2 KiB
Rust
Raw Normal View History

use std::path::PathBuf;
use anyhow::Result;
use google_walletobjects1::oauth2::authenticator::{
Authenticator, DefaultHyperClient, HyperClientBuilder,
};
use google_walletobjects1::oauth2::{read_service_account_key, ServiceAccountAuthenticator};
use jwt_simple::algorithms::RS256KeyPair;
use serde::Deserialize;
pub struct ServiceAccount {
pub service_account_name: String,
pub authenticator: Authenticator<<DefaultHyperClient as HyperClientBuilder>::Connector>,
pub key_pair: RS256KeyPair,
}
#[derive(Deserialize)]
struct ServiceAccountJSON {
// We omit a lot of fields we don't care about.
/// Service Account email
client_email: String,
/// RSA private key
private_key: String,
}
pub async fn load_service_account(path: &PathBuf) -> Result<ServiceAccount> {
let creds = read_service_account_key(path).await?;
let sa = ServiceAccountAuthenticator::builder(creds).build().await?;
let sa_data = tokio::fs::read(path).await?;
let sa_parsed: ServiceAccountJSON = serde_json::from_slice(&sa_data[..])?;
let key_pair = RS256KeyPair::from_pem(&sa_parsed.private_key)?;
Ok(ServiceAccount {
service_account_name: sa_parsed.client_email,
authenticator: sa,
key_pair,
})
}