Migrate to new Google Cloud impersonation API

fgateuil · Feb 4, 2022 · b151ebc · b151ebc
1 parent 2ef1d68
commit b151ebc
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/builder/googlecompute/driver_gce.go b/builder/googlecompute/driver_gce.go
@@ -14,6 +14,7 @@ import (
 	"time"
 
 	compute "google.golang.org/api/compute/v1"
+	impersonate "google.golang.org/api/impersonate"
 	"google.golang.org/api/option"
 	oslogin "google.golang.org/api/oslogin/v1"
 
@@ -92,7 +93,18 @@ func NewClientOptionGoogle(account *ServiceAccount, vaultOauth string, impersona
 		opts = append(opts, option.WithTokenSource(ts))
 
 	} else if impersonatesa != "" {
-		opts = append(opts, option.ImpersonateCredentials(impersonatesa))
+		log.Printf("[INFO] Using Google Cloud impersonation mechanism")
+		ts, err := impersonate.CredentialsTokenSource(context.Background(), impersonate.CredentialsConfig{
+			TargetPrincipal: impersonatesa,
+			Scopes: []string{
+				"https://www.googleapis.com/auth/cloud-platform",
+				"https://www.googleapis.com/auth/userinfo.email",
+			},
+		})
+		if err != nil {
+			return nil, err
+		}
+		opts = append(opts, option.WithTokenSource(ts))
 	} else if accessToken != "" {
 		// Auth with static access token
 		log.Printf("[INFO] Using static Google Access Token")