iSharkFly-Docs
/
packer-cn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

final fix to make service account impersonation work with iap tunnels (#10054)

This commit is contained in:
Megan Marsh 2020-10-06 12:34:06 -07:00 committed by GitHub
parent d05eb3401b
commit 61c6085651
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
builder/googlecompute/builder.go
View File

@ -80,6 +80,7 @@ func (b *Builder) Run(ctx context.Context, ui packer.Ui, hook packer.Hook) (pack
IAPConf: &b.config.IAPConfig, IAPConf: &b.config.IAPConfig,
CommConf: &b.config.Comm, CommConf: &b.config.Comm,
AccountFile: b.config.AccountFile, AccountFile: b.config.AccountFile,
ImpersonateAccount: b.config.ImpersonateServiceAccount,
ProjectId: b.config.ProjectId, ProjectId: b.config.ProjectId,
}, },
&communicator.StepConnect{ &communicator.StepConnect{

5
builder/googlecompute/step_start_tunnel.go
View File

@ -134,6 +134,7 @@ type StepStartTunnel struct {
IAPConf *IAPConfig IAPConf *IAPConfig
CommConf *communicator.Config CommConf *communicator.Config
AccountFile string AccountFile string
ImpersonateAccount string
ProjectId string ProjectId string
tunnelDriver TunnelDriver tunnelDriver TunnelDriver
@ -276,6 +277,10 @@ func (s *StepStartTunnel) Run(ctx context.Context, state multistep.StateBag) mul
"--zone", c.Zone, "--project", s.ProjectId, "--zone", c.Zone, "--project", s.ProjectId,
} }
if s.ImpersonateAccount != "" {
args = append(args, fmt.Sprintf("--impersonate-service-account='%s'", s.ImpersonateAccount))
}
// This is the port the IAP tunnel listens on, on localhost. // This is the port the IAP tunnel listens on, on localhost.
// TODO make setting LocalHostPort optional // TODO make setting LocalHostPort optional
err = ApplyIAPTunnel(s.CommConf, s.IAPConf.IAPLocalhostPort) err = ApplyIAPTunnel(s.CommConf, s.IAPConf.IAPLocalhostPort)