final fix to make service account impersonation work with iap tunnels (#10054)
This commit is contained in:
parent
d05eb3401b
commit
61c6085651
|
@ -77,10 +77,11 @@ func (b *Builder) Run(ctx context.Context, ui packer.Ui, hook packer.Hook) (pack
|
|||
Debug: b.config.PackerDebug,
|
||||
},
|
||||
&StepStartTunnel{
|
||||
IAPConf: &b.config.IAPConfig,
|
||||
CommConf: &b.config.Comm,
|
||||
AccountFile: b.config.AccountFile,
|
||||
ProjectId: b.config.ProjectId,
|
||||
IAPConf: &b.config.IAPConfig,
|
||||
CommConf: &b.config.Comm,
|
||||
AccountFile: b.config.AccountFile,
|
||||
ImpersonateAccount: b.config.ImpersonateServiceAccount,
|
||||
ProjectId: b.config.ProjectId,
|
||||
},
|
||||
&communicator.StepConnect{
|
||||
Config: &b.config.Comm,
|
||||
|
|
|
@ -131,10 +131,11 @@ func (e RetryableTunnelError) Error() string {
|
|||
}
|
||||
|
||||
type StepStartTunnel struct {
|
||||
IAPConf *IAPConfig
|
||||
CommConf *communicator.Config
|
||||
AccountFile string
|
||||
ProjectId string
|
||||
IAPConf *IAPConfig
|
||||
CommConf *communicator.Config
|
||||
AccountFile string
|
||||
ImpersonateAccount string
|
||||
ProjectId string
|
||||
|
||||
tunnelDriver TunnelDriver
|
||||
}
|
||||
|
@ -276,6 +277,10 @@ func (s *StepStartTunnel) Run(ctx context.Context, state multistep.StateBag) mul
|
|||
"--zone", c.Zone, "--project", s.ProjectId,
|
||||
}
|
||||
|
||||
if s.ImpersonateAccount != "" {
|
||||
args = append(args, fmt.Sprintf("--impersonate-service-account='%s'", s.ImpersonateAccount))
|
||||
}
|
||||
|
||||
// This is the port the IAP tunnel listens on, on localhost.
|
||||
// TODO make setting LocalHostPort optional
|
||||
err = ApplyIAPTunnel(s.CommConf, s.IAPConf.IAPLocalhostPort)
|
||||
|
|
Loading…
Reference in New Issue