Add Credential File support

[dadgar]

🛠️ Description

SDK can authenticate using a credential file. The credential file can specify service principal credentials or workload identity provided credentials.

🔗 External Links

HCP-378 RFC

👍 Definition of Done

• SDK added
• SDK updated
• Tests added?
• Docs updated?

Ran the following test program:

package main

import (
	"crypto/tls"
	"log"

	"github.com/hashicorp/hcp-sdk-go/config"
)

func main() {
	cfg, err := config.NewHCPConfig(config.WithAPI("alex01-XXX.hashicorp.services", &tls.Config{}))
	if err != nil {
		log.Fatal(err)
	}

	t, err := cfg.Token()
	if err != nil {
		log.Fatal(err)
	}

	log.Printf("token: %#v", t)
}

I wrote a valid config file to ~/.config/hcp/cred_file.json:

{
  "scheme": "workload",
  "workload": {
    "provider_resource_name": "iam/project/58967b2f-bc68-464e-8fb7-8e7d65b377f8/service-principal/test/workload-identity-provider/aws",
    "aws": {
      "imds_v2": true
    }
  }
}

Running the program printed a valid token.

I then moved the cred_file.json to cred_file2.json and ran the program again. It tried to retrieve the token via the browser as expected.

I then ran HCP_CRED_FILE=~/.config/hcp/cred_file2.json ./aws and it again printed a valid token from workload identity federation.