feat(go): fetch idp creds from server settings;

models/settings.go

@@ -15,6 +15,8 @@ type ServerSettings struct {
 	OIDCIssuer                 string `json:"oidcissuer"`
 	ClientID                   string `json:"client_id"`
 	ClientSecret               string `json:"client_secret"`
+	GoogleAdminEmail           string `json:"google_admin_email"`
+	GoogleSACredsJson          string `json:"google_sa_creds_json"`
 	AzureTenant                string `json:"azure_tenant"`
 	Telemetry                  string `json:"telemetry"`
 	BasicAuth                  bool   `json:"basic_auth"`

pro/auth/sync.go

@@ -105,7 +105,7 @@ func SyncUsers(idpClient idp.Client) error {
 	for _, user := range dbUsersMap {
 		if _, ok := idpUsersMap[user.ExternalIdentityProviderID]; !ok {
 			// delete the user if it has been deleted on idp.
-			_, err = logic.DeleteUser(user.UserName)
+			err = logic.DeleteUser(user.UserName)
 			if err != nil {
 				return err
 			}

pro/idp/azure/azure.go

@@ -3,11 +3,11 @@ package azure
 import (
 	"context"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/pro/idp"
 	msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
 	msgraphgroups "github.com/microsoftgraph/msgraph-sdk-go/groups"
 	msgraphusers "github.com/microsoftgraph/msgraph-sdk-go/users"
-	"os"
 )
 
 type Client struct {
@@ -15,11 +15,14 @@ type Client struct {
 }
 
 func NewAzureEntraIDClient() (*Client, error) {
-	tenantID := os.Getenv("AZURE_TENANT")
-	clientID := os.Getenv("CLIENT_ID")
-	clientSecret := os.Getenv("CLIENT_SECRET")
-
-	cred, err := azidentity.NewClientSecretCredential(tenantID, clientID, clientSecret, nil)
+	settings := logic.GetServerSettings()
+
+	cred, err := azidentity.NewClientSecretCredential(
+		settings.AzureTenant,
+		settings.ClientID,
+		settings.ClientSecret,
+		nil,
+	)
 	if err != nil {
 	}
 

pro/idp/google/google.go

@@ -2,11 +2,13 @@ package google
 
 import (
 	"context"
+	"encoding/base64"
+	"encoding/json"
+	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/pro/idp"
 	admindir "google.golang.org/api/admin/directory/v1"
 	"google.golang.org/api/impersonate"
 	"google.golang.org/api/option"
-	"os"
 )
 
 type Client struct {
@@ -14,22 +16,31 @@ type Client struct {
 }
 
 func NewGoogleWorkspaceClient() (*Client, error) {
-	targetPrincipal := os.Getenv("GOOGLE_WORKSPACE_SERVICE_ACCOUNT_EMAIL")
-	subject := os.Getenv("GOOGLE_WORKSPACE_ADMIN_EMAIL")
+	settings := logic.GetServerSettings()
+
+	credsJson, err := base64.StdEncoding.DecodeString(settings.GoogleSACredsJson)
+	if err != nil {
+		return nil, err
+	}
+
+	credsJsonMap := make(map[string]interface{})
+	err = json.Unmarshal(credsJson, &credsJsonMap)
+	if err != nil {
+		return nil, err
+	}
 
 	source, err := impersonate.CredentialsTokenSource(
 		context.TODO(),
 		impersonate.CredentialsConfig{
-			TargetPrincipal: targetPrincipal,
+			TargetPrincipal: credsJsonMap["client_email"].(string),
 			Scopes: []string{
 				admindir.AdminDirectoryUserReadonlyScope,
 				admindir.AdminDirectoryGroupReadonlyScope,
 				admindir.AdminDirectoryGroupMemberReadonlyScope,
 			},
-			Subject: subject,
+			Subject: settings.GoogleAdminEmail,
 		},
-		//option.WithCredentialsJSON(nil),
-		option.WithCredentialsFile("credentials.json"),
+		option.WithCredentialsJSON(credsJson),
 	)
 	if err != nil {
 		return nil, err