Added support for IAM credential in the token field and YC_TOKEN env

2020-10-23 11:47:28 +03:00 · 2020-10-23 11:47:28 +03:00 · ae7fc84557
commit ae7fc84557
parent 584fea678b
7 changed files with 26 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@ -27,3 +27,4 @@ Thumbs.db
 /packer.exe
 .project
 cache
+/.vscode/
--- a/builder/yandex/access_config.go
+++ b/builder/yandex/access_config.go
@ -22,7 +22,7 @@ type AccessConfig struct {
 	// is an alternative method to authenticate to Yandex.Cloud. Alternatively you may set environment variable
 	// `YC_SERVICE_ACCOUNT_KEY_FILE`.
 	ServiceAccountKeyFile string `mapstructure:"service_account_key_file" required:"false"`
-	// OAuth token to use to authenticate to Yandex.Cloud. Alternatively you may set
+	// OAuth token or IAM credentional to use to authenticate to Yandex.Cloud. Alternatively you may set
 	// value by environment variable `YC_TOKEN`.
 	Token string `mapstructure:"token" required:"true"`
 	// The maximum number of times an API request is being executed.
--- a/builder/yandex/driver_yc.go
+++ b/builder/yandex/driver_yc.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"strings"
 	"time"

 	grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
@ -48,9 +49,13 @@ func NewDriverYC(ui packer.Ui, ac *AccessConfig) (Driver, error) {
 		sdkConfig.Credentials = ycsdk.InstanceServiceAccount()

 	case ac.Token != "":
-		log.Printf("[INFO] Use OAuth token for authentication")
-		sdkConfig.Credentials = ycsdk.OAuthToken(ac.Token)
-
+		if strings.HasPrefix(ac.Token, "t1.") && strings.Count(ac.Token, ".") == 2 {
+			log.Printf("[INFO] Use IAM token for authentication")
+			sdkConfig.Credentials = ycsdk.NewIAMTokenCredentials(ac.Token)
+		} else {
+			log.Printf("[INFO] Use OAuth token for authentication")
+			sdkConfig.Credentials = ycsdk.OAuthToken(ac.Token)
+		}
 	case ac.ServiceAccountKeyFile != "":
 		log.Printf("[INFO] Use Service Account key file %q for authentication", ac.ServiceAccountKeyFile)
 		key, err := iamkey.ReadFromJSONFile(ac.ServiceAccountKeyFile)
@ -84,6 +89,7 @@ func NewDriverYC(ui packer.Ui, ac *AccessConfig) (Driver, error) {
 		grpc.WithDefaultCallOptions(grpc.Header(&userAgentMD)),
 		grpc.WithUnaryInterceptor(interceptorChain))

+	log.Printf("%v", sdk.IAM())
 	if err != nil {
 		return nil, err
 	}
--- a/go.mod
+++ b/go.mod
@ -93,6 +93,7 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/go-testing-interface v1.0.3 // indirect
 	github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed
+	github.com/mitchellh/gox v1.0.1 // indirect
 	github.com/mitchellh/iochan v1.0.0
 	github.com/mitchellh/mapstructure v1.2.3
 	github.com/mitchellh/panicwrap v1.0.0
@ -126,8 +127,8 @@ require (
 	github.com/ulikunitz/xz v0.5.5
 	github.com/vmware/govmomi v0.23.1
 	github.com/xanzy/go-cloudstack v0.0.0-20190526095453-42f262b63ed0
-	github.com/yandex-cloud/go-genproto v0.0.0-20200608085315-d6e7ef5ceb97
-	github.com/yandex-cloud/go-sdk v0.0.0-20200610100221-ae86895efb97
+	github.com/yandex-cloud/go-genproto v0.0.0-20200915125933-33de72a328bd
+	github.com/yandex-cloud/go-sdk v0.0.0-20200921111412-ef15ded2014c
 	github.com/zclconf/go-cty v1.4.0
 	github.com/zclconf/go-cty-yaml v1.0.1
 	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
--- a/go.sum
+++ b/go.sum
@ -377,6 +377,7 @@ github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
 github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.0.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.1.0 h1:bPIoEKD27tNdebFGGxxYwcL4nepeY4j1QP23PFRGzg0=
 github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+dIzX/E=
@ -511,6 +512,8 @@ github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZX
 github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
 github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
+github.com/mitchellh/gox v1.0.1 h1:x0jD3dcHk9a9xPSDN6YEL4xL6Qz0dvNYm8yZqui5chI=
+github.com/mitchellh/gox v1.0.1/go.mod h1:ED6BioOGXMswlXa2zxfh/xdd5QhwYliBFn9V18Ap4z4=
 github.com/mitchellh/iochan v1.0.0 h1:C+X3KsSTLFVBr/tK1eYN/vs4rJcvsiLU338UhYPJWeY=
 github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
@ -635,8 +638,12 @@ github.com/xanzy/go-cloudstack v0.0.0-20190526095453-42f262b63ed0 h1:NJrcIkdzq0C
 github.com/xanzy/go-cloudstack v0.0.0-20190526095453-42f262b63ed0/go.mod h1:sBh287mCRwCz6zyXHMmw7sSZGPohVpnx+o+OY4M+i3A=
 github.com/yandex-cloud/go-genproto v0.0.0-20200608085315-d6e7ef5ceb97 h1:DoqSUxQkBLislVgA1qkM0u7g04It4VRMidyLBH/O/as=
 github.com/yandex-cloud/go-genproto v0.0.0-20200608085315-d6e7ef5ceb97/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE=
+github.com/yandex-cloud/go-genproto v0.0.0-20200915125933-33de72a328bd h1:o4pvS7D4OErKOM6y+/q6IfOa65OaentKbEDh1ABirE8=
+github.com/yandex-cloud/go-genproto v0.0.0-20200915125933-33de72a328bd/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE=
 github.com/yandex-cloud/go-sdk v0.0.0-20200610100221-ae86895efb97 h1:8KwSw9xtQBeyeX1EpOlOjRc0JaHlh8B8GglKA6iXt08=
 github.com/yandex-cloud/go-sdk v0.0.0-20200610100221-ae86895efb97/go.mod h1:3p2xVpQrHyPxV4UCKnKozt9n+g1LRENOQ33CH8rqLnY=
+github.com/yandex-cloud/go-sdk v0.0.0-20200921111412-ef15ded2014c h1:LJrgyICodRAgtBvOO2eCbhDDIoaJgeLa1tGQecqW9ac=
+github.com/yandex-cloud/go-sdk v0.0.0-20200921111412-ef15ded2014c/go.mod h1:Zn/U9YKH0w8n83ezLps5eB6Jftc4gSoZWxVR8hgXgoY=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
--- a/website/pages/docs/builders/yandex.mdx
+++ b/website/pages/docs/builders/yandex.mdx
@ -21,13 +21,16 @@ based on existing images.
 Builder can authenticate with Yandex.Cloud using one of the following methods:

 - OAuth token
+- IAM credential
 - File with Service Account Key
 - Service Account assigned to Compute Instance

 ### Authentication Using Token

 To authenticate with an OAuth token only `token` config key is needed.
-Or use the `YC_TOKEN` environment variable with proper value. Token you could get [here](https://oauth.yandex.ru/authorize?response_type=token&client_id=1a6990aa636648e9b2ef855fa7bec2fb).
+Or use the `YC_TOKEN` environment variable with proper value.
+Token you could get [here](https://oauth.yandex.ru/authorize?response_type=token&client_id=1a6990aa636648e9b2ef855fa7bec2fb).
+Check [documentation](https://cloud.yandex.ru/docs/iam/operations/iam-token/create) about how to get IAM credential.

 ### Authentication Using Service Account Key File

--- a/website/pages/partials/builder/yandex/AccessConfig-required.mdx
+++ b/website/pages/partials/builder/yandex/AccessConfig-required.mdx
@ -1,4 +1,4 @@
 <!-- Code generated from the comments of the AccessConfig struct in builder/yandex/access_config.go; DO NOT EDIT MANUALLY -->

- `token` (string) - OAuth token to use to authenticate to Yandex.Cloud. Alternatively you may set
+- `token` (string) - OAuth token or IAM credentional to use to authenticate to Yandex.Cloud. Alternatively you may set
  value by environment variable `YC_TOKEN`.