revert unneeded changes to driver roles

2020-04-23 14:19:39 -07:00 · 2020-04-23 14:19:39 -07:00 · f67a8ab431
parent 80ecd2013d
commit f67a8ab431
6 changed files with 16 additions and 24 deletions
--- a/builder/googlecompute/account.go
+++ b/builder/googlecompute/account.go
@ -9,10 +9,9 @@ import (
 	"golang.org/x/oauth2/jwt"
 )

-func ProcessAccountFile(text string, iap bool) (*jwt.Config, error) {
-	driverScopes := getDriverScopes(iap)
+func ProcessAccountFile(text string) (*jwt.Config, error) {
 	// Assume text is a JSON string
-	conf, err := google.JWTConfigFromJSON([]byte(text), driverScopes...)
+	conf, err := google.JWTConfigFromJSON([]byte(text), DriverScopes...)
 	if err != nil {
 		// If text was not JSON, assume it is a file path instead
 		if _, err := os.Stat(text); os.IsNotExist(err) {
@ -26,7 +25,7 @@ func ProcessAccountFile(text string, iap bool) (*jwt.Config, error) {
 				"Error reading account_file from path '%s': %s",
 				text, err)
 		}
-		conf, err = google.JWTConfigFromJSON(data, driverScopes...)
+		conf, err = google.JWTConfigFromJSON(data, DriverScopes...)
 		if err != nil {
 			return nil, fmt.Errorf("Error parsing account_file: %s", err)
 		}
--- a/builder/googlecompute/builder.go
+++ b/builder/googlecompute/builder.go
@ -37,8 +37,7 @@ func (b *Builder) Prepare(raws ...interface{}) ([]string, []string, error) {
 // representing a GCE machine image.
 func (b *Builder) Run(ctx context.Context, ui packer.Ui, hook packer.Hook) (packer.Artifact, error) {
 	driver, err := NewDriverGCE(
-		ui, b.config.ProjectId, b.config.account, b.config.VaultGCPOauthEngine,
-		b.config.IAP)
+		ui, b.config.ProjectId, b.config.account, b.config.VaultGCPOauthEngine)
 	if err != nil {
 		return nil, err
 	}
--- a/builder/googlecompute/config.go
+++ b/builder/googlecompute/config.go
@ -379,7 +379,7 @@ func (c *Config) Prepare(raws ...interface{}) ([]string, error) {
 			errs = packer.MultiErrorAppend(errs, fmt.Errorf("You cannot "+
 				"specify both account_file and vault_gcp_oauth_engine."))
 		}
-		cfg, err := ProcessAccountFile(c.AccountFile, c.IAP)
+		cfg, err := ProcessAccountFile(c.AccountFile)
 		if err != nil {
 			errs = packer.MultiErrorAppend(errs, err)
 		}
--- a/builder/googlecompute/driver_gce.go
+++ b/builder/googlecompute/driver_gce.go
@ -34,13 +34,7 @@ type driverGCE struct {
 	ui        packer.Ui
 }

-func getDriverScopes(iap bool) []string {
-	ds := []string{"https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.full_control"}
-	// if iap {
-	// 	ds = append(ds, "https://www.googleapis.com/auth/iap.tunnelResourceAccessor")
-	// }
-	return ds
-}
+var DriverScopes = []string{"https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.full_control"}

 // Define a TokenSource that gets tokens from Vault
 type OauthTokenSource struct {
@ -75,7 +69,7 @@ func (ots OauthTokenSource) Token() (*oauth2.Token, error) {

 }

-func NewClientGCE(conf *jwt.Config, vaultOauth string, iap bool) (*http.Client, error) {
+func NewClientGCE(conf *jwt.Config, vaultOauth string) (*http.Client, error) {
 	var err error

 	var client *http.Client
@ -90,7 +84,7 @@ func NewClientGCE(conf *jwt.Config, vaultOauth string, iap bool) (*http.Client,
 		// Auth with AccountFile if provided
 		log.Printf("[INFO] Requesting Google token via account_file...")
 		log.Printf("[INFO]   -- Email: %s", conf.Email)
-		log.Printf("[INFO]   -- Scopes: %s", getDriverScopes(iap))
+		log.Printf("[INFO]   -- Scopes: %s", DriverScopes)
 		log.Printf("[INFO]   -- Private Key Length: %d", len(conf.PrivateKey))

 		// Initiate an http.Client. The following GET request will be
@ -99,7 +93,7 @@ func NewClientGCE(conf *jwt.Config, vaultOauth string, iap bool) (*http.Client,
 		client = conf.Client(context.TODO())
 	} else {
 		log.Printf("[INFO] Requesting Google token via GCE API Default Client Token Source...")
-		client, err = google.DefaultClient(context.TODO(), getDriverScopes(iap)...)
+		client, err = google.DefaultClient(context.TODO(), DriverScopes...)
 		// The DefaultClient uses the DefaultTokenSource of the google lib.
 		// The DefaultTokenSource uses the "Application Default Credentials"
 		// It looks for credentials in the following places, preferring the first location found:
@ -121,8 +115,8 @@ func NewClientGCE(conf *jwt.Config, vaultOauth string, iap bool) (*http.Client,
 	return client, nil
 }

-func NewDriverGCE(ui packer.Ui, p string, conf *jwt.Config, vaultOauth string, iap bool) (Driver, error) {
-	client, err := NewClientGCE(conf, vaultOauth, iap)
+func NewDriverGCE(ui packer.Ui, p string, conf *jwt.Config, vaultOauth string) (Driver, error) {
+	client, err := NewClientGCE(conf, vaultOauth)
 	if err != nil {
 		return nil, err
 	}
--- a/post-processor/googlecompute-export/post-processor.go
+++ b/post-processor/googlecompute-export/post-processor.go
@ -112,14 +112,14 @@ func (p *PostProcessor) PostProcess(ctx context.Context, ui packer.Ui, artifact

 	// Set up credentials for GCE driver.
 	if builderAccountFile != "" {
-		cfg, err := googlecompute.ProcessAccountFile(builderAccountFile, p.config.IAP)
+		cfg, err := googlecompute.ProcessAccountFile(builderAccountFile)
 		if err != nil {
 			return nil, false, false, err
 		}
 		p.config.account = cfg
 	}
 	if p.config.AccountFile != "" {
-		cfg, err := googlecompute.ProcessAccountFile(p.config.AccountFile, p.config.IAP)
+		cfg, err := googlecompute.ProcessAccountFile(p.config.AccountFile)
 		if err != nil {
 			return nil, false, false, err
 		}
@ -160,7 +160,7 @@ func (p *PostProcessor) PostProcess(ctx context.Context, ui packer.Ui, artifact
 	}

 	driver, err := googlecompute.NewDriverGCE(ui, builderProjectId,
-		p.config.account, p.config.VaultGCPOauthEngine, p.config.IAP)
+		p.config.account, p.config.VaultGCPOauthEngine)
 	if err != nil {
 		return nil, false, false, err
 	}
--- a/post-processor/googlecompute-import/post-processor.go
+++ b/post-processor/googlecompute-import/post-processor.go
@ -78,7 +78,7 @@ func (p *PostProcessor) Configure(raws ...interface{}) error {
 	}

 	if p.config.AccountFile != "" {
-		cfg, err := googlecompute.ProcessAccountFile(p.config.AccountFile, p.config.IAP)
+		cfg, err := googlecompute.ProcessAccountFile(p.config.AccountFile)
 		if err != nil {
 			errs = packer.MultiErrorAppend(errs, err)
 		}
@ -118,7 +118,7 @@ func (p *PostProcessor) PostProcess(ctx context.Context, ui packer.Ui, artifact
 	}
 	p.config.ctx.Data = generatedData

-	client, err := googlecompute.NewClientGCE(p.config.account, p.config.VaultGCPOauthEngine, p.config.IAP)
+	client, err := googlecompute.NewClientGCE(p.config.account, p.config.VaultGCPOauthEngine)
 	if err != nil {
 		return nil, false, false, err
 	}