diff --git a/builder/googlecompute/account.go b/builder/googlecompute/account.go index 409ed85d4..97736fab5 100644 --- a/builder/googlecompute/account.go +++ b/builder/googlecompute/account.go @@ -14,31 +14,32 @@ type ServiceAccount struct { jwt *jwt.Config } +// ProcessAccountFile will return a ServiceAccount for the JSON account file stored in text. +// Otherwise it will return an error if text does not look or reference a valid account file. func ProcessAccountFile(text string) (*ServiceAccount, error) { // Assume text is a JSON string - // This func is used for validation now to avoid causing errors in NewClientGCE function - var err error - var data []byte - conf, err := google.JWTConfigFromJSON([]byte(text), DriverScopes...) - if err != nil { - // If text was not JSON, assume it is a file path instead - if _, err = os.Stat(text); os.IsNotExist(err) { - return nil, fmt.Errorf( - "account_file path does not exist: %s", - text) - } - data, err = ioutil.ReadFile(text) - if err != nil { - return nil, fmt.Errorf( - "Error reading account_file from path '%s': %s", - text, err) - } - conf, err = google.JWTConfigFromJSON(data, DriverScopes...) - if err != nil { - return nil, fmt.Errorf("Error parsing account_file: %s", err) - } + if conf, err := google.JWTConfigFromJSON([]byte(text), DriverScopes...); err == nil { + return &ServiceAccount{ + jsonKey: []byte(text), + jwt: conf, + }, nil } - data = []byte(text) + + // If text was not JSON, assume it is a file path instead + if _, err := os.Stat(text); os.IsNotExist(err) { + return nil, fmt.Errorf("account_file path does not exist: %s", text) + } + + data, err := ioutil.ReadFile(text) + if err != nil { + return nil, fmt.Errorf("Error reading account_file from path '%s': %s", text, err) + } + + conf, err := google.JWTConfigFromJSON(data, DriverScopes...) + if err != nil { + return nil, fmt.Errorf("Error parsing account_file: %s", err) + } + return &ServiceAccount{ jsonKey: data, jwt: conf, diff --git a/builder/googlecompute/builder.go b/builder/googlecompute/builder.go index 0e0593e82..55bf1fa4b 100644 --- a/builder/googlecompute/builder.go +++ b/builder/googlecompute/builder.go @@ -36,8 +36,15 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, []string, error) { // Run executes a googlecompute Packer build and returns a packer.Artifact // representing a GCE machine image. func (b *Builder) Run(ctx context.Context, ui packer.Ui, hook packer.Hook) (packer.Artifact, error) { - driver, err := NewDriverGCE( - ui, b.config.ProjectId, b.config.account, b.config.VaultGCPOauthEngine, b.config.ImpersonatedServiceAccount) + cfg := GCEDriverConfig{ + Ui: ui, + ProjectId: b.config.ProjectId, + Account: b.config.account, + ImpersonateServiceAccountName: b.config.ImpersonateServiceAccount, + VaultOauthEngineName: b.config.VaultGCPOauthEngine, + } + + driver, err := NewDriverGCE(cfg) if err != nil { return nil, err } diff --git a/builder/googlecompute/config.go b/builder/googlecompute/config.go index 6e43d1cf5..204fdccb4 100644 --- a/builder/googlecompute/config.go +++ b/builder/googlecompute/config.go @@ -34,8 +34,8 @@ type Config struct { // run Packer on a GCE instance with a service account. Instructions for // creating the file or using service accounts are above. AccountFile string `mapstructure:"account_file" required:"false"` - // This allows service account impersonation as per the docs. - ImpersonatedServiceAccount string `mapstructure:"impersonated_service_account" required:"false"` + // This allows service account impersonation as per the [docs](https://cloud.google.com/iam/docs/impersonating-service-accounts). + ImpersonateServiceAccount string `mapstructure:"impersonate_service_account" required:"false"` // The project ID that will be used to launch instances and store images. ProjectId string `mapstructure:"project_id" required:"true"` // Full or partial URL of the guest accelerator type. GPU accelerators can @@ -482,9 +482,9 @@ func (c *Config) Prepare(raws ...interface{}) ([]string, error) { // Authenticating via an account file if c.AccountFile != "" { - if c.VaultGCPOauthEngine != "" && c.ImpersonatedServiceAccount != "" { + if c.VaultGCPOauthEngine != "" && c.ImpersonateServiceAccount != "" { errs = packer.MultiErrorAppend(errs, fmt.Errorf("You cannot "+ - "specify impersonated_service_account, account_file and vault_gcp_oauth_engine at the same time")) + "specify impersonate_service_account, account_file and vault_gcp_oauth_engine at the same time")) } cfg, err := ProcessAccountFile(c.AccountFile) if err != nil { diff --git a/builder/googlecompute/config.hcl2spec.go b/builder/googlecompute/config.hcl2spec.go index 7df946296..3d98e6fca 100644 --- a/builder/googlecompute/config.hcl2spec.go +++ b/builder/googlecompute/config.hcl2spec.go @@ -64,7 +64,7 @@ type FlatConfig struct { WinRMInsecure *bool `mapstructure:"winrm_insecure" cty:"winrm_insecure" hcl:"winrm_insecure"` WinRMUseNTLM *bool `mapstructure:"winrm_use_ntlm" cty:"winrm_use_ntlm" hcl:"winrm_use_ntlm"` AccountFile *string `mapstructure:"account_file" required:"false" cty:"account_file" hcl:"account_file"` - ImpersonatedServiceAccount *string `mapstructure:"impersonated_service_account" required:"false" cty:"impersonated_service_account" hcl:"impersonated_service_account"` + ImpersonateServiceAccount *string `mapstructure:"impersonate_service_account" required:"false" cty:"impersonate_service_account" hcl:"impersonate_service_account"` ProjectId *string `mapstructure:"project_id" required:"true" cty:"project_id" hcl:"project_id"` AcceleratorType *string `mapstructure:"accelerator_type" required:"false" cty:"accelerator_type" hcl:"accelerator_type"` AcceleratorCount *int64 `mapstructure:"accelerator_count" required:"false" cty:"accelerator_count" hcl:"accelerator_count"` @@ -183,7 +183,7 @@ func (*FlatConfig) HCL2Spec() map[string]hcldec.Spec { "winrm_insecure": &hcldec.AttrSpec{Name: "winrm_insecure", Type: cty.Bool, Required: false}, "winrm_use_ntlm": &hcldec.AttrSpec{Name: "winrm_use_ntlm", Type: cty.Bool, Required: false}, "account_file": &hcldec.AttrSpec{Name: "account_file", Type: cty.String, Required: false}, - "impersonated_service_account": &hcldec.AttrSpec{Name: "impersonated_service_account", Type: cty.String, Required: false}, + "impersonate_service_account": &hcldec.AttrSpec{Name: "impersonate_service_account", Type: cty.String, Required: false}, "project_id": &hcldec.AttrSpec{Name: "project_id", Type: cty.String, Required: false}, "accelerator_type": &hcldec.AttrSpec{Name: "accelerator_type", Type: cty.String, Required: false}, "accelerator_count": &hcldec.AttrSpec{Name: "accelerator_count", Type: cty.Number, Required: false}, diff --git a/builder/googlecompute/driver_gce.go b/builder/googlecompute/driver_gce.go index 8c115f071..e1a558713 100644 --- a/builder/googlecompute/driver_gce.go +++ b/builder/googlecompute/driver_gce.go @@ -35,6 +35,14 @@ type driverGCE struct { ui packer.Ui } +type GCEDriverConfig struct { + Ui packer.Ui + ProjectId string + Account *ServiceAccount + ImpersonateServiceAccountName string + VaultOauthEngineName string +} + var DriverScopes = []string{"https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.full_control"} // Define a TokenSource that gets tokens from Vault @@ -70,7 +78,7 @@ func (ots OauthTokenSource) Token() (*oauth2.Token, error) { } -func NewClientGCE(account *ServiceAccount, vaultOauth string, impersonatedsa string) (option.ClientOption, error) { +func NewClientOptionGoogle(account *ServiceAccount, vaultOauth string, impersonatesa string) (option.ClientOption, error) { var err error var opts option.ClientOption @@ -81,9 +89,9 @@ func NewClientGCE(account *ServiceAccount, vaultOauth string, impersonatedsa str ts := OauthTokenSource{vaultOauth} opts = option.WithTokenSource(ts) - } else if impersonatedsa != "" { - opts = option.ImpersonateCredentials(impersonatedsa) - } else if account.jwt != nil && len(account.jwt.PrivateKey) > 0 { + } else if impersonatesa != "" { + opts = option.ImpersonateCredentials(impersonatesa) + } else if account != nil && account.jwt != nil && len(account.jwt.PrivateKey) > 0 { // Auth with AccountFile if provided log.Printf("[INFO] Requesting Google token via account_file...") log.Printf("[INFO] -- Email: %s", account.jwt.Email) @@ -119,8 +127,8 @@ func NewClientGCE(account *ServiceAccount, vaultOauth string, impersonatedsa str return opts, nil } -func NewDriverGCE(ui packer.Ui, p string, account *ServiceAccount, impersonatedsa string, vaultOauth string) (Driver, error) { - opts, err := NewClientGCE(account, vaultOauth, impersonatedsa) +func NewDriverGCE(config GCEDriverConfig) (Driver, error) { + opts, err := NewClientOptionGoogle(config.Account, config.VaultOauthEngineName, config.ImpersonateServiceAccountName) if err != nil { return nil, err } @@ -141,10 +149,10 @@ func NewDriverGCE(ui packer.Ui, p string, account *ServiceAccount, impersonateds service.UserAgent = useragent.String() return &driverGCE{ - projectId: p, + projectId: config.ProjectId, service: service, osLoginService: osLoginService, - ui: ui, + ui: config.Ui, }, nil } diff --git a/post-processor/googlecompute-export/post-processor.go b/post-processor/googlecompute-export/post-processor.go index 95bf4e30d..fa114c0b1 100644 --- a/post-processor/googlecompute-export/post-processor.go +++ b/post-processor/googlecompute-export/post-processor.go @@ -25,8 +25,8 @@ type Config struct { //The JSON file containing your account credentials. //If specified, the account file will take precedence over any `googlecompute` builder authentication method. AccountFile string `mapstructure:"account_file"` - // This allows service account impersonation as per the docs. - ImpersonatedServiceAccount string `mapstructure:"impersonated_service_account" required:"false"` + // This allows service account impersonation as per the [docs](https://cloud.google.com/iam/docs/impersonating-service-accounts). + ImpersonateServiceAccount string `mapstructure:"impersonate_service_account" required:"false"` //The size of the export instances disk. //The disk is unused for the export but a larger size will increase `pd-ssd` read speed. //This defaults to `200`, which is 200GB. @@ -185,9 +185,15 @@ func (p *PostProcessor) PostProcess(ctx context.Context, ui packer.Ui, artifact if p.config.ServiceAccountEmail != "" { exporterConfig.ServiceAccountEmail = p.config.ServiceAccountEmail } + cfg := googlecompute.GCEDriverConfig{ + Ui: ui, + ProjectId: builderProjectId, + Account: p.config.account, + ImpersonateServiceAccountName: p.config.ImpersonateServiceAccount, + VaultOauthEngineName: p.config.VaultGCPOauthEngine, + } - driver, err := googlecompute.NewDriverGCE(ui, builderProjectId, - p.config.account, p.config.VaultGCPOauthEngine, p.config.ImpersonatedServiceAccount) + driver, err := googlecompute.NewDriverGCE(cfg) if err != nil { return nil, false, false, err } diff --git a/post-processor/googlecompute-export/post-processor.hcl2spec.go b/post-processor/googlecompute-export/post-processor.hcl2spec.go index 1a69a948f..573083e0d 100644 --- a/post-processor/googlecompute-export/post-processor.hcl2spec.go +++ b/post-processor/googlecompute-export/post-processor.hcl2spec.go @@ -9,24 +9,24 @@ import ( // FlatConfig is an auto-generated flat version of Config. // Where the contents of a field with a `mapstructure:,squash` tag are bubbled up. type FlatConfig struct { - PackerBuildName *string `mapstructure:"packer_build_name" cty:"packer_build_name" hcl:"packer_build_name"` - PackerBuilderType *string `mapstructure:"packer_builder_type" cty:"packer_builder_type" hcl:"packer_builder_type"` - PackerDebug *bool `mapstructure:"packer_debug" cty:"packer_debug" hcl:"packer_debug"` - PackerForce *bool `mapstructure:"packer_force" cty:"packer_force" hcl:"packer_force"` - PackerOnError *string `mapstructure:"packer_on_error" cty:"packer_on_error" hcl:"packer_on_error"` - PackerUserVars map[string]string `mapstructure:"packer_user_variables" cty:"packer_user_variables" hcl:"packer_user_variables"` - PackerSensitiveVars []string `mapstructure:"packer_sensitive_variables" cty:"packer_sensitive_variables" hcl:"packer_sensitive_variables"` - AccountFile *string `mapstructure:"account_file" cty:"account_file" hcl:"account_file"` - ImpersonatedServiceAccount *string `mapstructure:"impersonated_service_account" required:"false" cty:"impersonated_service_account" hcl:"impersonated_service_account"` - DiskSizeGb *int64 `mapstructure:"disk_size" cty:"disk_size" hcl:"disk_size"` - DiskType *string `mapstructure:"disk_type" cty:"disk_type" hcl:"disk_type"` - MachineType *string `mapstructure:"machine_type" cty:"machine_type" hcl:"machine_type"` - Network *string `mapstructure:"network" cty:"network" hcl:"network"` - Paths []string `mapstructure:"paths" required:"true" cty:"paths" hcl:"paths"` - Subnetwork *string `mapstructure:"subnetwork" cty:"subnetwork" hcl:"subnetwork"` - Zone *string `mapstructure:"zone" cty:"zone" hcl:"zone"` - VaultGCPOauthEngine *string `mapstructure:"vault_gcp_oauth_engine" cty:"vault_gcp_oauth_engine" hcl:"vault_gcp_oauth_engine"` - ServiceAccountEmail *string `mapstructure:"service_account_email" cty:"service_account_email" hcl:"service_account_email"` + PackerBuildName *string `mapstructure:"packer_build_name" cty:"packer_build_name" hcl:"packer_build_name"` + PackerBuilderType *string `mapstructure:"packer_builder_type" cty:"packer_builder_type" hcl:"packer_builder_type"` + PackerDebug *bool `mapstructure:"packer_debug" cty:"packer_debug" hcl:"packer_debug"` + PackerForce *bool `mapstructure:"packer_force" cty:"packer_force" hcl:"packer_force"` + PackerOnError *string `mapstructure:"packer_on_error" cty:"packer_on_error" hcl:"packer_on_error"` + PackerUserVars map[string]string `mapstructure:"packer_user_variables" cty:"packer_user_variables" hcl:"packer_user_variables"` + PackerSensitiveVars []string `mapstructure:"packer_sensitive_variables" cty:"packer_sensitive_variables" hcl:"packer_sensitive_variables"` + AccountFile *string `mapstructure:"account_file" cty:"account_file" hcl:"account_file"` + ImpersonateServiceAccount *string `mapstructure:"impersonate_service_account" required:"false" cty:"impersonate_service_account" hcl:"impersonate_service_account"` + DiskSizeGb *int64 `mapstructure:"disk_size" cty:"disk_size" hcl:"disk_size"` + DiskType *string `mapstructure:"disk_type" cty:"disk_type" hcl:"disk_type"` + MachineType *string `mapstructure:"machine_type" cty:"machine_type" hcl:"machine_type"` + Network *string `mapstructure:"network" cty:"network" hcl:"network"` + Paths []string `mapstructure:"paths" required:"true" cty:"paths" hcl:"paths"` + Subnetwork *string `mapstructure:"subnetwork" cty:"subnetwork" hcl:"subnetwork"` + Zone *string `mapstructure:"zone" cty:"zone" hcl:"zone"` + VaultGCPOauthEngine *string `mapstructure:"vault_gcp_oauth_engine" cty:"vault_gcp_oauth_engine" hcl:"vault_gcp_oauth_engine"` + ServiceAccountEmail *string `mapstructure:"service_account_email" cty:"service_account_email" hcl:"service_account_email"` } // FlatMapstructure returns a new FlatConfig. @@ -41,24 +41,24 @@ func (*Config) FlatMapstructure() interface{ HCL2Spec() map[string]hcldec.Spec } // The decoded values from this spec will then be applied to a FlatConfig. func (*FlatConfig) HCL2Spec() map[string]hcldec.Spec { s := map[string]hcldec.Spec{ - "packer_build_name": &hcldec.AttrSpec{Name: "packer_build_name", Type: cty.String, Required: false}, - "packer_builder_type": &hcldec.AttrSpec{Name: "packer_builder_type", Type: cty.String, Required: false}, - "packer_debug": &hcldec.AttrSpec{Name: "packer_debug", Type: cty.Bool, Required: false}, - "packer_force": &hcldec.AttrSpec{Name: "packer_force", Type: cty.Bool, Required: false}, - "packer_on_error": &hcldec.AttrSpec{Name: "packer_on_error", Type: cty.String, Required: false}, - "packer_user_variables": &hcldec.AttrSpec{Name: "packer_user_variables", Type: cty.Map(cty.String), Required: false}, - "packer_sensitive_variables": &hcldec.AttrSpec{Name: "packer_sensitive_variables", Type: cty.List(cty.String), Required: false}, - "account_file": &hcldec.AttrSpec{Name: "account_file", Type: cty.String, Required: false}, - "impersonated_service_account": &hcldec.AttrSpec{Name: "impersonated_service_account", Type: cty.String, Required: false}, - "disk_size": &hcldec.AttrSpec{Name: "disk_size", Type: cty.Number, Required: false}, - "disk_type": &hcldec.AttrSpec{Name: "disk_type", Type: cty.String, Required: false}, - "machine_type": &hcldec.AttrSpec{Name: "machine_type", Type: cty.String, Required: false}, - "network": &hcldec.AttrSpec{Name: "network", Type: cty.String, Required: false}, - "paths": &hcldec.AttrSpec{Name: "paths", Type: cty.List(cty.String), Required: false}, - "subnetwork": &hcldec.AttrSpec{Name: "subnetwork", Type: cty.String, Required: false}, - "zone": &hcldec.AttrSpec{Name: "zone", Type: cty.String, Required: false}, - "vault_gcp_oauth_engine": &hcldec.AttrSpec{Name: "vault_gcp_oauth_engine", Type: cty.String, Required: false}, - "service_account_email": &hcldec.AttrSpec{Name: "service_account_email", Type: cty.String, Required: false}, + "packer_build_name": &hcldec.AttrSpec{Name: "packer_build_name", Type: cty.String, Required: false}, + "packer_builder_type": &hcldec.AttrSpec{Name: "packer_builder_type", Type: cty.String, Required: false}, + "packer_debug": &hcldec.AttrSpec{Name: "packer_debug", Type: cty.Bool, Required: false}, + "packer_force": &hcldec.AttrSpec{Name: "packer_force", Type: cty.Bool, Required: false}, + "packer_on_error": &hcldec.AttrSpec{Name: "packer_on_error", Type: cty.String, Required: false}, + "packer_user_variables": &hcldec.AttrSpec{Name: "packer_user_variables", Type: cty.Map(cty.String), Required: false}, + "packer_sensitive_variables": &hcldec.AttrSpec{Name: "packer_sensitive_variables", Type: cty.List(cty.String), Required: false}, + "account_file": &hcldec.AttrSpec{Name: "account_file", Type: cty.String, Required: false}, + "impersonate_service_account": &hcldec.AttrSpec{Name: "impersonate_service_account", Type: cty.String, Required: false}, + "disk_size": &hcldec.AttrSpec{Name: "disk_size", Type: cty.Number, Required: false}, + "disk_type": &hcldec.AttrSpec{Name: "disk_type", Type: cty.String, Required: false}, + "machine_type": &hcldec.AttrSpec{Name: "machine_type", Type: cty.String, Required: false}, + "network": &hcldec.AttrSpec{Name: "network", Type: cty.String, Required: false}, + "paths": &hcldec.AttrSpec{Name: "paths", Type: cty.List(cty.String), Required: false}, + "subnetwork": &hcldec.AttrSpec{Name: "subnetwork", Type: cty.String, Required: false}, + "zone": &hcldec.AttrSpec{Name: "zone", Type: cty.String, Required: false}, + "vault_gcp_oauth_engine": &hcldec.AttrSpec{Name: "vault_gcp_oauth_engine", Type: cty.String, Required: false}, + "service_account_email": &hcldec.AttrSpec{Name: "service_account_email", Type: cty.String, Required: false}, } return s } diff --git a/post-processor/googlecompute-import/post-processor.go b/post-processor/googlecompute-import/post-processor.go index 67cff07c5..737e64560 100644 --- a/post-processor/googlecompute-import/post-processor.go +++ b/post-processor/googlecompute-import/post-processor.go @@ -30,8 +30,8 @@ type Config struct { //The JSON file containing your account credentials. //If specified, the account file will take precedence over any `googlecompute` builder authentication method. AccountFile string `mapstructure:"account_file" required:"true"` - // This allows service account impersonation as per the docs. - ImpersonatedServiceAccount string `mapstructure:"impersonated_service_account" required:"false"` + // This allows service account impersonation as per the [docs](https://cloud.google.com/iam/docs/impersonating-service-accounts). + ImpersonateServiceAccount string `mapstructure:"impersonate_service_account" required:"false"` //The project ID where the GCS bucket exists and where the GCE image is stored. ProjectId string `mapstructure:"project_id" required:"true"` IAP bool `mapstructure-to-hcl:",skip"` @@ -100,9 +100,9 @@ func (p *PostProcessor) Configure(raws ...interface{}) error { } if p.config.AccountFile != "" { - if p.config.VaultGCPOauthEngine != "" && p.config.ImpersonatedServiceAccount != "" { + if p.config.VaultGCPOauthEngine != "" && p.config.ImpersonateServiceAccount != "" { errs = packer.MultiErrorAppend(errs, fmt.Errorf("You cannot "+ - "specify impersonated_service_account, account_file and vault_gcp_oauth_engine at the same time")) + "specify impersonate_service_account, account_file and vault_gcp_oauth_engine at the same time")) } cfg, err := googlecompute.ProcessAccountFile(p.config.AccountFile) if err != nil { @@ -139,7 +139,7 @@ func (p *PostProcessor) PostProcess(ctx context.Context, ui packer.Ui, artifact p.config.ctx.Data = generatedData var err error var opts option.ClientOption - opts, err = googlecompute.NewClientGCE(p.config.account, p.config.VaultGCPOauthEngine, p.config.ImpersonatedServiceAccount) + opts, err = googlecompute.NewClientOptionGoogle(p.config.account, p.config.VaultGCPOauthEngine, p.config.ImpersonateServiceAccount) if err != nil { return nil, false, false, err } diff --git a/post-processor/googlecompute-import/post-processor.hcl2spec.go b/post-processor/googlecompute-import/post-processor.hcl2spec.go index dec2c74d8..2c1937d8d 100644 --- a/post-processor/googlecompute-import/post-processor.hcl2spec.go +++ b/post-processor/googlecompute-import/post-processor.hcl2spec.go @@ -9,26 +9,26 @@ import ( // FlatConfig is an auto-generated flat version of Config. // Where the contents of a field with a `mapstructure:,squash` tag are bubbled up. type FlatConfig struct { - PackerBuildName *string `mapstructure:"packer_build_name" cty:"packer_build_name" hcl:"packer_build_name"` - PackerBuilderType *string `mapstructure:"packer_builder_type" cty:"packer_builder_type" hcl:"packer_builder_type"` - PackerDebug *bool `mapstructure:"packer_debug" cty:"packer_debug" hcl:"packer_debug"` - PackerForce *bool `mapstructure:"packer_force" cty:"packer_force" hcl:"packer_force"` - PackerOnError *string `mapstructure:"packer_on_error" cty:"packer_on_error" hcl:"packer_on_error"` - PackerUserVars map[string]string `mapstructure:"packer_user_variables" cty:"packer_user_variables" hcl:"packer_user_variables"` - PackerSensitiveVars []string `mapstructure:"packer_sensitive_variables" cty:"packer_sensitive_variables" hcl:"packer_sensitive_variables"` - AccountFile *string `mapstructure:"account_file" required:"true" cty:"account_file" hcl:"account_file"` - ImpersonatedServiceAccount *string `mapstructure:"impersonated_service_account" required:"false" cty:"impersonated_service_account" hcl:"impersonated_service_account"` - ProjectId *string `mapstructure:"project_id" required:"true" cty:"project_id" hcl:"project_id"` - IAP *bool `mapstructure-to-hcl:",skip" cty:"iap" hcl:"iap"` - Bucket *string `mapstructure:"bucket" required:"true" cty:"bucket" hcl:"bucket"` - GCSObjectName *string `mapstructure:"gcs_object_name" cty:"gcs_object_name" hcl:"gcs_object_name"` - ImageDescription *string `mapstructure:"image_description" cty:"image_description" hcl:"image_description"` - ImageFamily *string `mapstructure:"image_family" cty:"image_family" hcl:"image_family"` - ImageGuestOsFeatures []string `mapstructure:"image_guest_os_features" cty:"image_guest_os_features" hcl:"image_guest_os_features"` - ImageLabels map[string]string `mapstructure:"image_labels" cty:"image_labels" hcl:"image_labels"` - ImageName *string `mapstructure:"image_name" required:"true" cty:"image_name" hcl:"image_name"` - SkipClean *bool `mapstructure:"skip_clean" cty:"skip_clean" hcl:"skip_clean"` - VaultGCPOauthEngine *string `mapstructure:"vault_gcp_oauth_engine" cty:"vault_gcp_oauth_engine" hcl:"vault_gcp_oauth_engine"` + PackerBuildName *string `mapstructure:"packer_build_name" cty:"packer_build_name" hcl:"packer_build_name"` + PackerBuilderType *string `mapstructure:"packer_builder_type" cty:"packer_builder_type" hcl:"packer_builder_type"` + PackerDebug *bool `mapstructure:"packer_debug" cty:"packer_debug" hcl:"packer_debug"` + PackerForce *bool `mapstructure:"packer_force" cty:"packer_force" hcl:"packer_force"` + PackerOnError *string `mapstructure:"packer_on_error" cty:"packer_on_error" hcl:"packer_on_error"` + PackerUserVars map[string]string `mapstructure:"packer_user_variables" cty:"packer_user_variables" hcl:"packer_user_variables"` + PackerSensitiveVars []string `mapstructure:"packer_sensitive_variables" cty:"packer_sensitive_variables" hcl:"packer_sensitive_variables"` + AccountFile *string `mapstructure:"account_file" required:"true" cty:"account_file" hcl:"account_file"` + ImpersonateServiceAccount *string `mapstructure:"impersonate_service_account" required:"false" cty:"impersonate_service_account" hcl:"impersonate_service_account"` + ProjectId *string `mapstructure:"project_id" required:"true" cty:"project_id" hcl:"project_id"` + IAP *bool `mapstructure-to-hcl:",skip" cty:"iap" hcl:"iap"` + Bucket *string `mapstructure:"bucket" required:"true" cty:"bucket" hcl:"bucket"` + GCSObjectName *string `mapstructure:"gcs_object_name" cty:"gcs_object_name" hcl:"gcs_object_name"` + ImageDescription *string `mapstructure:"image_description" cty:"image_description" hcl:"image_description"` + ImageFamily *string `mapstructure:"image_family" cty:"image_family" hcl:"image_family"` + ImageGuestOsFeatures []string `mapstructure:"image_guest_os_features" cty:"image_guest_os_features" hcl:"image_guest_os_features"` + ImageLabels map[string]string `mapstructure:"image_labels" cty:"image_labels" hcl:"image_labels"` + ImageName *string `mapstructure:"image_name" required:"true" cty:"image_name" hcl:"image_name"` + SkipClean *bool `mapstructure:"skip_clean" cty:"skip_clean" hcl:"skip_clean"` + VaultGCPOauthEngine *string `mapstructure:"vault_gcp_oauth_engine" cty:"vault_gcp_oauth_engine" hcl:"vault_gcp_oauth_engine"` } // FlatMapstructure returns a new FlatConfig. @@ -43,26 +43,26 @@ func (*Config) FlatMapstructure() interface{ HCL2Spec() map[string]hcldec.Spec } // The decoded values from this spec will then be applied to a FlatConfig. func (*FlatConfig) HCL2Spec() map[string]hcldec.Spec { s := map[string]hcldec.Spec{ - "packer_build_name": &hcldec.AttrSpec{Name: "packer_build_name", Type: cty.String, Required: false}, - "packer_builder_type": &hcldec.AttrSpec{Name: "packer_builder_type", Type: cty.String, Required: false}, - "packer_debug": &hcldec.AttrSpec{Name: "packer_debug", Type: cty.Bool, Required: false}, - "packer_force": &hcldec.AttrSpec{Name: "packer_force", Type: cty.Bool, Required: false}, - "packer_on_error": &hcldec.AttrSpec{Name: "packer_on_error", Type: cty.String, Required: false}, - "packer_user_variables": &hcldec.AttrSpec{Name: "packer_user_variables", Type: cty.Map(cty.String), Required: false}, - "packer_sensitive_variables": &hcldec.AttrSpec{Name: "packer_sensitive_variables", Type: cty.List(cty.String), Required: false}, - "account_file": &hcldec.AttrSpec{Name: "account_file", Type: cty.String, Required: false}, - "impersonated_service_account": &hcldec.AttrSpec{Name: "impersonated_service_account", Type: cty.String, Required: false}, - "project_id": &hcldec.AttrSpec{Name: "project_id", Type: cty.String, Required: false}, - "iap": &hcldec.AttrSpec{Name: "iap", Type: cty.Bool, Required: false}, - "bucket": &hcldec.AttrSpec{Name: "bucket", Type: cty.String, Required: false}, - "gcs_object_name": &hcldec.AttrSpec{Name: "gcs_object_name", Type: cty.String, Required: false}, - "image_description": &hcldec.AttrSpec{Name: "image_description", Type: cty.String, Required: false}, - "image_family": &hcldec.AttrSpec{Name: "image_family", Type: cty.String, Required: false}, - "image_guest_os_features": &hcldec.AttrSpec{Name: "image_guest_os_features", Type: cty.List(cty.String), Required: false}, - "image_labels": &hcldec.AttrSpec{Name: "image_labels", Type: cty.Map(cty.String), Required: false}, - "image_name": &hcldec.AttrSpec{Name: "image_name", Type: cty.String, Required: false}, - "skip_clean": &hcldec.AttrSpec{Name: "skip_clean", Type: cty.Bool, Required: false}, - "vault_gcp_oauth_engine": &hcldec.AttrSpec{Name: "vault_gcp_oauth_engine", Type: cty.String, Required: false}, + "packer_build_name": &hcldec.AttrSpec{Name: "packer_build_name", Type: cty.String, Required: false}, + "packer_builder_type": &hcldec.AttrSpec{Name: "packer_builder_type", Type: cty.String, Required: false}, + "packer_debug": &hcldec.AttrSpec{Name: "packer_debug", Type: cty.Bool, Required: false}, + "packer_force": &hcldec.AttrSpec{Name: "packer_force", Type: cty.Bool, Required: false}, + "packer_on_error": &hcldec.AttrSpec{Name: "packer_on_error", Type: cty.String, Required: false}, + "packer_user_variables": &hcldec.AttrSpec{Name: "packer_user_variables", Type: cty.Map(cty.String), Required: false}, + "packer_sensitive_variables": &hcldec.AttrSpec{Name: "packer_sensitive_variables", Type: cty.List(cty.String), Required: false}, + "account_file": &hcldec.AttrSpec{Name: "account_file", Type: cty.String, Required: false}, + "impersonate_service_account": &hcldec.AttrSpec{Name: "impersonate_service_account", Type: cty.String, Required: false}, + "project_id": &hcldec.AttrSpec{Name: "project_id", Type: cty.String, Required: false}, + "iap": &hcldec.AttrSpec{Name: "iap", Type: cty.Bool, Required: false}, + "bucket": &hcldec.AttrSpec{Name: "bucket", Type: cty.String, Required: false}, + "gcs_object_name": &hcldec.AttrSpec{Name: "gcs_object_name", Type: cty.String, Required: false}, + "image_description": &hcldec.AttrSpec{Name: "image_description", Type: cty.String, Required: false}, + "image_family": &hcldec.AttrSpec{Name: "image_family", Type: cty.String, Required: false}, + "image_guest_os_features": &hcldec.AttrSpec{Name: "image_guest_os_features", Type: cty.List(cty.String), Required: false}, + "image_labels": &hcldec.AttrSpec{Name: "image_labels", Type: cty.Map(cty.String), Required: false}, + "image_name": &hcldec.AttrSpec{Name: "image_name", Type: cty.String, Required: false}, + "skip_clean": &hcldec.AttrSpec{Name: "skip_clean", Type: cty.Bool, Required: false}, + "vault_gcp_oauth_engine": &hcldec.AttrSpec{Name: "vault_gcp_oauth_engine", Type: cty.String, Required: false}, } return s } diff --git a/website/pages/partials/builder/googlecompute/Config-not-required.mdx b/website/pages/partials/builder/googlecompute/Config-not-required.mdx index e78564608..bf61c0986 100644 --- a/website/pages/partials/builder/googlecompute/Config-not-required.mdx +++ b/website/pages/partials/builder/googlecompute/Config-not-required.mdx @@ -4,7 +4,7 @@ run Packer on a GCE instance with a service account. Instructions for creating the file or using service accounts are above. -- `impersonated_service_account` (string) - This allows service account impersonation as per the docs. +- `impersonate_service_account` (string) - This allows service account impersonation as per the [docs](https://cloud.google.com/iam/docs/impersonating-service-accounts). - `accelerator_type` (string) - Full or partial URL of the guest accelerator type. GPU accelerators can only be used with `"on_host_maintenance": "TERMINATE"` option set. diff --git a/website/pages/partials/post-processor/googlecompute-export/Config-not-required.mdx b/website/pages/partials/post-processor/googlecompute-export/Config-not-required.mdx index b1912212a..b7d12d3ba 100644 --- a/website/pages/partials/post-processor/googlecompute-export/Config-not-required.mdx +++ b/website/pages/partials/post-processor/googlecompute-export/Config-not-required.mdx @@ -3,7 +3,7 @@ - `account_file` (string) - The JSON file containing your account credentials. If specified, the account file will take precedence over any `googlecompute` builder authentication method. -- `impersonated_service_account` (string) - This allows service account impersonation as per the docs. +- `impersonate_service_account` (string) - This allows service account impersonation as per the [docs](https://cloud.google.com/iam/docs/impersonating-service-accounts). - `disk_size` (int64) - The size of the export instances disk. The disk is unused for the export but a larger size will increase `pd-ssd` read speed. diff --git a/website/pages/partials/post-processor/googlecompute-import/Config-not-required.mdx b/website/pages/partials/post-processor/googlecompute-import/Config-not-required.mdx index 00a111230..aa3a5243e 100644 --- a/website/pages/partials/post-processor/googlecompute-import/Config-not-required.mdx +++ b/website/pages/partials/post-processor/googlecompute-import/Config-not-required.mdx @@ -1,6 +1,6 @@ -- `impersonated_service_account` (string) - This allows service account impersonation as per the docs. +- `impersonate_service_account` (string) - This allows service account impersonation as per the [docs](https://cloud.google.com/iam/docs/impersonating-service-accounts). - `gcs_object_name` (string) - The name of the GCS object in `bucket` where the RAW disk image will be copied for import. This is treated as a