Merge pull request #3553 from lwander/f-gcp-oauth
provider/google: OAuth2 support
This commit is contained in:
commit
53b64909ec
|
@ -36,6 +36,13 @@ type Config struct {
|
|||
|
||||
func (c *Config) loadAndValidate() error {
|
||||
var account accountFile
|
||||
clientScopes := []string{
|
||||
"https://www.googleapis.com/auth/compute",
|
||||
"https://www.googleapis.com/auth/cloud-platform",
|
||||
"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
|
||||
"https://www.googleapis.com/auth/devstorage.full_control",
|
||||
}
|
||||
|
||||
|
||||
if c.AccountFile == "" {
|
||||
c.AccountFile = os.Getenv("GOOGLE_ACCOUNT_FILE")
|
||||
|
@ -79,13 +86,6 @@ func (c *Config) loadAndValidate() error {
|
|||
}
|
||||
}
|
||||
|
||||
clientScopes := []string{
|
||||
"https://www.googleapis.com/auth/compute",
|
||||
"https://www.googleapis.com/auth/cloud-platform",
|
||||
"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
|
||||
"https://www.googleapis.com/auth/devstorage.full_control",
|
||||
}
|
||||
|
||||
// Get the token for use in our requests
|
||||
log.Printf("[INFO] Requesting Google token...")
|
||||
log.Printf("[INFO] -- Email: %s", account.ClientEmail)
|
||||
|
@ -105,16 +105,12 @@ func (c *Config) loadAndValidate() error {
|
|||
client = conf.Client(oauth2.NoContext)
|
||||
|
||||
} else {
|
||||
log.Printf("[INFO] Requesting Google token via GCE Service Role...")
|
||||
client = &http.Client{
|
||||
Transport: &oauth2.Transport{
|
||||
// Fetch from Google Compute Engine's metadata server to retrieve
|
||||
// an access token for the provided account.
|
||||
// If no account is specified, "default" is used.
|
||||
Source: google.ComputeTokenSource(""),
|
||||
},
|
||||
log.Printf("[INFO] Authenticating using DefaultClient");
|
||||
err := error(nil)
|
||||
client, err = google.DefaultClient(oauth2.NoContext, clientScopes...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Build UserAgent
|
||||
|
|
|
@ -15,7 +15,7 @@ func Provider() terraform.ResourceProvider {
|
|||
Schema: map[string]*schema.Schema{
|
||||
"account_file": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("GOOGLE_ACCOUNT_FILE", nil),
|
||||
ValidateFunc: validateAccountFile,
|
||||
},
|
||||
|
@ -78,6 +78,10 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
|||
}
|
||||
|
||||
func validateAccountFile(v interface{}, k string) (warnings []string, errors []error) {
|
||||
if v == nil {
|
||||
return
|
||||
}
|
||||
|
||||
value := v.(string)
|
||||
|
||||
if value == "" {
|
||||
|
|
Loading…
Reference in New Issue