diff --git a/Classes/StorageFactory.php b/Classes/StorageFactory.php index f6dd2ff..77bee4c 100644 --- a/Classes/StorageFactory.php +++ b/Classes/StorageFactory.php @@ -46,17 +46,21 @@ public function create($credentialsProfileName = 'default') throw new Exception(sprintf('The specified Google Cloud Storage credentials profile "%s" does not exist, please check your settings.', $credentialsProfileName), 1446553024); } - if (substr($this->credentialProfiles[$credentialsProfileName]['credentials']['privateKeyP12PathAndFilename'], 0, 1) !== '/') { - $privateKeyPathAndFilename = FLOW_PATH_ROOT . $this->credentialProfiles[$credentialsProfileName]['credentials']['privateKeyP12PathAndFilename']; + if (!empty($this->credentialProfiles[$credentialsProfileName]['credentials']['privateKeyP12Base64Encoded'])) { + $privateKey = base64_decode($this->credentialProfiles[$credentialsProfileName]['credentials']['privateKeyP12Base64Encoded']); } else { - $privateKeyPathAndFilename = $this->credentialProfiles[$credentialsProfileName]['credentials']['privateKeyP12PathAndFilename']; - } + if (substr($this->credentialProfiles[$credentialsProfileName]['credentials']['privateKeyP12PathAndFilename'], 0, 1) !== '/') { + $privateKeyPathAndFilename = FLOW_PATH_ROOT . $this->credentialProfiles[$credentialsProfileName]['credentials']['privateKeyP12PathAndFilename']; + } else { + $privateKeyPathAndFilename = $this->credentialProfiles[$credentialsProfileName]['credentials']['privateKeyP12PathAndFilename']; + } - if (!file_exists($privateKeyPathAndFilename)) { - throw new Exception(sprintf('The Google Cloud Storage private key file "%s" does not exist. Either the file is missing or you need to adjust your settings.', $privateKeyPathAndFilename), 1446553054); + if (!file_exists($privateKeyPathAndFilename)) { + throw new Exception(sprintf('The Google Cloud Storage private key file "%s" does not exist. Either the file is missing or you need to adjust your settings.', $privateKeyPathAndFilename), 1446553054); + } + $privateKey = file_get_contents($privateKeyPathAndFilename); } - $privateKey = file_get_contents($privateKeyPathAndFilename); $credentials = new \Google_Auth_AssertionCredentials( $this->credentialProfiles[$credentialsProfileName]['credentials']['clientEmail'], [ \Google_Service_Storage::DEVSTORAGE_READ_WRITE ], @@ -64,7 +68,7 @@ public function create($credentialsProfileName = 'default') ); $temporaryTargetPathAndFilename = $this->environment->getPathToTemporaryDirectory() . 'Flownative_Google_CloudStorage_Temp'; - + $googleClient = new \Google_Client(); $googleClient->setClassConfig('Google_Cache_File', 'directory',$temporaryTargetPathAndFilename); $googleClient->setAssertionCredentials($credentials); diff --git a/Configuration/Settings.yaml b/Configuration/Settings.yaml index 1f6e29e..b57ca40 100644 --- a/Configuration/Settings.yaml +++ b/Configuration/Settings.yaml @@ -6,4 +6,9 @@ Flownative: default: credentials: clientEmail: '123456789012-abc123defg456hijklmnopqrstuvwxyz@developer.gserviceaccount.com' + + # The private key (P12) can be specified in two ways: either by specifying the path and filename leading to + # the file containing the key, or as a string with the P12 key (base64 encoded). If both options are set, + # the "privateKeyP12" option wins. privateKeyP12PathAndFilename: 'Data/Secrets/MyGoogleProject-abc123457def.p12' + privateKeyP12Base64Encoded: '' diff --git a/README.md b/README.md index 3b5d77b..9fa97fb 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,20 @@ Flownative: privateKeyP12PathAndFilename: 'Data/Secrets/MyGoogleProject-abc123457def.p12' ``` +Instead of using a file, the private key can also be specified directly, as a base64-encoded string. This allows for +providing the private key via an environment variable: + +```yaml +Flownative: + Google: + CloudStorage: + profiles: + default: + credentials: + clientEmail: '123456789012-abc123defg456hijklmnopqrstuvwxyz@developer.gserviceaccount.com' + privateKeyP12Base64Encoded: '%env:SOME_ENVIRONMENT_VARIABLE_WITH_PRIVATE_KEY%' +``` + You can test your settings by executing the `connect` command with a bucket of your choice. ```bash