From 61c6085651562c6458bafb4e8aae5169b6cdb588 Mon Sep 17 00:00:00 2001 From: Megan Marsh Date: Tue, 6 Oct 2020 12:34:06 -0700 Subject: [PATCH] final fix to make service account impersonation work with iap tunnels (#10054) --- builder/googlecompute/builder.go | 9 +++++---- builder/googlecompute/step_start_tunnel.go | 13 +++++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/builder/googlecompute/builder.go b/builder/googlecompute/builder.go index 55bf1fa4b..802c8afae 100644 --- a/builder/googlecompute/builder.go +++ b/builder/googlecompute/builder.go @@ -77,10 +77,11 @@ func (b *Builder) Run(ctx context.Context, ui packer.Ui, hook packer.Hook) (pack Debug: b.config.PackerDebug, }, &StepStartTunnel{ - IAPConf: &b.config.IAPConfig, - CommConf: &b.config.Comm, - AccountFile: b.config.AccountFile, - ProjectId: b.config.ProjectId, + IAPConf: &b.config.IAPConfig, + CommConf: &b.config.Comm, + AccountFile: b.config.AccountFile, + ImpersonateAccount: b.config.ImpersonateServiceAccount, + ProjectId: b.config.ProjectId, }, &communicator.StepConnect{ Config: &b.config.Comm, diff --git a/builder/googlecompute/step_start_tunnel.go b/builder/googlecompute/step_start_tunnel.go index 023ba1988..4b74a2e4e 100644 --- a/builder/googlecompute/step_start_tunnel.go +++ b/builder/googlecompute/step_start_tunnel.go @@ -131,10 +131,11 @@ func (e RetryableTunnelError) Error() string { } type StepStartTunnel struct { - IAPConf *IAPConfig - CommConf *communicator.Config - AccountFile string - ProjectId string + IAPConf *IAPConfig + CommConf *communicator.Config + AccountFile string + ImpersonateAccount string + ProjectId string tunnelDriver TunnelDriver } @@ -276,6 +277,10 @@ func (s *StepStartTunnel) Run(ctx context.Context, state multistep.StateBag) mul "--zone", c.Zone, "--project", s.ProjectId, } + if s.ImpersonateAccount != "" { + args = append(args, fmt.Sprintf("--impersonate-service-account='%s'", s.ImpersonateAccount)) + } + // This is the port the IAP tunnel listens on, on localhost. // TODO make setting LocalHostPort optional err = ApplyIAPTunnel(s.CommConf, s.IAPConf.IAPLocalhostPort)