final fix to make service account impersonation work with iap tunnels (#10054)

This commit is contained in:
Megan Marsh 2020-10-06 12:34:06 -07:00 committed by GitHub
parent d05eb3401b
commit 61c6085651
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 8 deletions

View File

@ -77,10 +77,11 @@ func (b *Builder) Run(ctx context.Context, ui packer.Ui, hook packer.Hook) (pack
Debug: b.config.PackerDebug,
},
&StepStartTunnel{
IAPConf: &b.config.IAPConfig,
CommConf: &b.config.Comm,
AccountFile: b.config.AccountFile,
ProjectId: b.config.ProjectId,
IAPConf: &b.config.IAPConfig,
CommConf: &b.config.Comm,
AccountFile: b.config.AccountFile,
ImpersonateAccount: b.config.ImpersonateServiceAccount,
ProjectId: b.config.ProjectId,
},
&communicator.StepConnect{
Config: &b.config.Comm,

View File

@ -131,10 +131,11 @@ func (e RetryableTunnelError) Error() string {
}
type StepStartTunnel struct {
IAPConf *IAPConfig
CommConf *communicator.Config
AccountFile string
ProjectId string
IAPConf *IAPConfig
CommConf *communicator.Config
AccountFile string
ImpersonateAccount string
ProjectId string
tunnelDriver TunnelDriver
}
@ -276,6 +277,10 @@ func (s *StepStartTunnel) Run(ctx context.Context, state multistep.StateBag) mul
"--zone", c.Zone, "--project", s.ProjectId,
}
if s.ImpersonateAccount != "" {
args = append(args, fmt.Sprintf("--impersonate-service-account='%s'", s.ImpersonateAccount))
}
// This is the port the IAP tunnel listens on, on localhost.
// TODO make setting LocalHostPort optional
err = ApplyIAPTunnel(s.CommConf, s.IAPConf.IAPLocalhostPort)