Merge pull request #3553 from lwander/f-gcp-oauth

provider/google: OAuth2 support
2015-10-22 00:44:16 -04:00 · 2015-10-22 00:44:16 -04:00 · 53b64909ec
parent 932f0ddbeb bba2c3221d
commit 53b64909ec
2 changed files with 17 additions and 17 deletions
--- a/builtin/providers/google/config.go
+++ b/builtin/providers/google/config.go
@ -36,6 +36,13 @@ type Config struct {

 func (c *Config) loadAndValidate() error {
 	var account accountFile
+	clientScopes := []string{
+		"https://www.googleapis.com/auth/compute",
+		"https://www.googleapis.com/auth/cloud-platform",
+		"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
+		"https://www.googleapis.com/auth/devstorage.full_control",
+	}
+

 	if c.AccountFile == "" {
 		c.AccountFile = os.Getenv("GOOGLE_ACCOUNT_FILE")
@ -79,13 +86,6 @@ func (c *Config) loadAndValidate() error {
 			}
 		}

-		clientScopes := []string{
-			"https://www.googleapis.com/auth/compute",
-			"https://www.googleapis.com/auth/cloud-platform",
-			"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
-			"https://www.googleapis.com/auth/devstorage.full_control",
-		}
-
 		// Get the token for use in our requests
 		log.Printf("[INFO] Requesting Google token...")
 		log.Printf("[INFO]   -- Email: %s", account.ClientEmail)
@ -105,16 +105,12 @@ func (c *Config) loadAndValidate() error {
 		client = conf.Client(oauth2.NoContext)

 	} else {
-		log.Printf("[INFO] Requesting Google token via GCE Service Role...")
-		client = &http.Client{
-			Transport: &oauth2.Transport{
-				// Fetch from Google Compute Engine's metadata server to retrieve
-				// an access token for the provided account.
-				// If no account is specified, "default" is used.
-				Source: google.ComputeTokenSource(""),
-			},
+		log.Printf("[INFO] Authenticating using DefaultClient");
+		err := error(nil)
+		client, err = google.DefaultClient(oauth2.NoContext, clientScopes...)
+		if err != nil {
+			return err
 		}
-
 	}

 	// Build UserAgent
--- a/builtin/providers/google/provider.go
+++ b/builtin/providers/google/provider.go
@ -15,7 +15,7 @@ func Provider() terraform.ResourceProvider {
 		Schema: map[string]*schema.Schema{
 			"account_file": &schema.Schema{
 				Type:         schema.TypeString,
-				Required:     true,
+				Optional:     true,
 				DefaultFunc:  schema.EnvDefaultFunc("GOOGLE_ACCOUNT_FILE", nil),
 				ValidateFunc: validateAccountFile,
 			},
@ -78,6 +78,10 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 }

 func validateAccountFile(v interface{}, k string) (warnings []string, errors []error) {
+	if v == nil {
+		return
+	}
+
 	value := v.(string)

 	if value == "" {