revert unneeded changes to driver roles

This commit is contained in:
Megan Marsh 2020-04-23 14:19:39 -07:00
parent 80ecd2013d
commit f67a8ab431
6 changed files with 16 additions and 24 deletions

View File

@ -9,10 +9,9 @@ import (
"golang.org/x/oauth2/jwt" "golang.org/x/oauth2/jwt"
) )
func ProcessAccountFile(text string, iap bool) (*jwt.Config, error) { func ProcessAccountFile(text string) (*jwt.Config, error) {
driverScopes := getDriverScopes(iap)
// Assume text is a JSON string // Assume text is a JSON string
conf, err := google.JWTConfigFromJSON([]byte(text), driverScopes...) conf, err := google.JWTConfigFromJSON([]byte(text), DriverScopes...)
if err != nil { if err != nil {
// If text was not JSON, assume it is a file path instead // If text was not JSON, assume it is a file path instead
if _, err := os.Stat(text); os.IsNotExist(err) { if _, err := os.Stat(text); os.IsNotExist(err) {
@ -26,7 +25,7 @@ func ProcessAccountFile(text string, iap bool) (*jwt.Config, error) {
"Error reading account_file from path '%s': %s", "Error reading account_file from path '%s': %s",
text, err) text, err)
} }
conf, err = google.JWTConfigFromJSON(data, driverScopes...) conf, err = google.JWTConfigFromJSON(data, DriverScopes...)
if err != nil { if err != nil {
return nil, fmt.Errorf("Error parsing account_file: %s", err) return nil, fmt.Errorf("Error parsing account_file: %s", err)
} }

View File

@ -37,8 +37,7 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, []string, error) {
// representing a GCE machine image. // representing a GCE machine image.
func (b *Builder) Run(ctx context.Context, ui packer.Ui, hook packer.Hook) (packer.Artifact, error) { func (b *Builder) Run(ctx context.Context, ui packer.Ui, hook packer.Hook) (packer.Artifact, error) {
driver, err := NewDriverGCE( driver, err := NewDriverGCE(
ui, b.config.ProjectId, b.config.account, b.config.VaultGCPOauthEngine, ui, b.config.ProjectId, b.config.account, b.config.VaultGCPOauthEngine)
b.config.IAP)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View File

@ -379,7 +379,7 @@ func (c *Config) Prepare(raws ...interface{}) ([]string, error) {
errs = packer.MultiErrorAppend(errs, fmt.Errorf("You cannot "+ errs = packer.MultiErrorAppend(errs, fmt.Errorf("You cannot "+
"specify both account_file and vault_gcp_oauth_engine.")) "specify both account_file and vault_gcp_oauth_engine."))
} }
cfg, err := ProcessAccountFile(c.AccountFile, c.IAP) cfg, err := ProcessAccountFile(c.AccountFile)
if err != nil { if err != nil {
errs = packer.MultiErrorAppend(errs, err) errs = packer.MultiErrorAppend(errs, err)
} }

View File

@ -34,13 +34,7 @@ type driverGCE struct {
ui packer.Ui ui packer.Ui
} }
func getDriverScopes(iap bool) []string { var DriverScopes = []string{"https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.full_control"}
ds := []string{"https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.full_control"}
// if iap {
// ds = append(ds, "https://www.googleapis.com/auth/iap.tunnelResourceAccessor")
// }
return ds
}
// Define a TokenSource that gets tokens from Vault // Define a TokenSource that gets tokens from Vault
type OauthTokenSource struct { type OauthTokenSource struct {
@ -75,7 +69,7 @@ func (ots OauthTokenSource) Token() (*oauth2.Token, error) {
} }
func NewClientGCE(conf *jwt.Config, vaultOauth string, iap bool) (*http.Client, error) { func NewClientGCE(conf *jwt.Config, vaultOauth string) (*http.Client, error) {
var err error var err error
var client *http.Client var client *http.Client
@ -90,7 +84,7 @@ func NewClientGCE(conf *jwt.Config, vaultOauth string, iap bool) (*http.Client,
// Auth with AccountFile if provided // Auth with AccountFile if provided
log.Printf("[INFO] Requesting Google token via account_file...") log.Printf("[INFO] Requesting Google token via account_file...")
log.Printf("[INFO] -- Email: %s", conf.Email) log.Printf("[INFO] -- Email: %s", conf.Email)
log.Printf("[INFO] -- Scopes: %s", getDriverScopes(iap)) log.Printf("[INFO] -- Scopes: %s", DriverScopes)
log.Printf("[INFO] -- Private Key Length: %d", len(conf.PrivateKey)) log.Printf("[INFO] -- Private Key Length: %d", len(conf.PrivateKey))
// Initiate an http.Client. The following GET request will be // Initiate an http.Client. The following GET request will be
@ -99,7 +93,7 @@ func NewClientGCE(conf *jwt.Config, vaultOauth string, iap bool) (*http.Client,
client = conf.Client(context.TODO()) client = conf.Client(context.TODO())
} else { } else {
log.Printf("[INFO] Requesting Google token via GCE API Default Client Token Source...") log.Printf("[INFO] Requesting Google token via GCE API Default Client Token Source...")
client, err = google.DefaultClient(context.TODO(), getDriverScopes(iap)...) client, err = google.DefaultClient(context.TODO(), DriverScopes...)
// The DefaultClient uses the DefaultTokenSource of the google lib. // The DefaultClient uses the DefaultTokenSource of the google lib.
// The DefaultTokenSource uses the "Application Default Credentials" // The DefaultTokenSource uses the "Application Default Credentials"
// It looks for credentials in the following places, preferring the first location found: // It looks for credentials in the following places, preferring the first location found:
@ -121,8 +115,8 @@ func NewClientGCE(conf *jwt.Config, vaultOauth string, iap bool) (*http.Client,
return client, nil return client, nil
} }
func NewDriverGCE(ui packer.Ui, p string, conf *jwt.Config, vaultOauth string, iap bool) (Driver, error) { func NewDriverGCE(ui packer.Ui, p string, conf *jwt.Config, vaultOauth string) (Driver, error) {
client, err := NewClientGCE(conf, vaultOauth, iap) client, err := NewClientGCE(conf, vaultOauth)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View File

@ -112,14 +112,14 @@ func (p *PostProcessor) PostProcess(ctx context.Context, ui packer.Ui, artifact
// Set up credentials for GCE driver. // Set up credentials for GCE driver.
if builderAccountFile != "" { if builderAccountFile != "" {
cfg, err := googlecompute.ProcessAccountFile(builderAccountFile, p.config.IAP) cfg, err := googlecompute.ProcessAccountFile(builderAccountFile)
if err != nil { if err != nil {
return nil, false, false, err return nil, false, false, err
} }
p.config.account = cfg p.config.account = cfg
} }
if p.config.AccountFile != "" { if p.config.AccountFile != "" {
cfg, err := googlecompute.ProcessAccountFile(p.config.AccountFile, p.config.IAP) cfg, err := googlecompute.ProcessAccountFile(p.config.AccountFile)
if err != nil { if err != nil {
return nil, false, false, err return nil, false, false, err
} }
@ -160,7 +160,7 @@ func (p *PostProcessor) PostProcess(ctx context.Context, ui packer.Ui, artifact
} }
driver, err := googlecompute.NewDriverGCE(ui, builderProjectId, driver, err := googlecompute.NewDriverGCE(ui, builderProjectId,
p.config.account, p.config.VaultGCPOauthEngine, p.config.IAP) p.config.account, p.config.VaultGCPOauthEngine)
if err != nil { if err != nil {
return nil, false, false, err return nil, false, false, err
} }

View File

@ -78,7 +78,7 @@ func (p *PostProcessor) Configure(raws ...interface{}) error {
} }
if p.config.AccountFile != "" { if p.config.AccountFile != "" {
cfg, err := googlecompute.ProcessAccountFile(p.config.AccountFile, p.config.IAP) cfg, err := googlecompute.ProcessAccountFile(p.config.AccountFile)
if err != nil { if err != nil {
errs = packer.MultiErrorAppend(errs, err) errs = packer.MultiErrorAppend(errs, err)
} }
@ -118,7 +118,7 @@ func (p *PostProcessor) PostProcess(ctx context.Context, ui packer.Ui, artifact
} }
p.config.ctx.Data = generatedData p.config.ctx.Data = generatedData
client, err := googlecompute.NewClientGCE(p.config.account, p.config.VaultGCPOauthEngine, p.config.IAP) client, err := googlecompute.NewClientGCE(p.config.account, p.config.VaultGCPOauthEngine)
if err != nil { if err != nil {
return nil, false, false, err return nil, false, false, err
} }