Skip to content

Commit

Permalink
Comply with the Google Cloud impersonate library
Browse files Browse the repository at this point in the history
  • Loading branch information
fgateuil committed Mar 29, 2022
1 parent aa552aa commit b735be2
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions remote/remote_state_gcs.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"github.com/sirupsen/logrus"
"golang.org/x/oauth2"
"golang.org/x/oauth2/jwt"
impersonate "google.golang.org/api/impersonate"
"google.golang.org/api/option"
)

Expand Down Expand Up @@ -57,6 +58,7 @@ type RemoteStateConfigGCS struct {
EncryptionKey string `mapstructure:"encryption_key"`

ImpersonateServiceAccount string `mapstructure:"impersonate_service_account"`
ImpersonateServiceAccountScopes []string `mapstructure:"impersonate_service_account_scopes"`
ImpersonateServiceAccountDelegates []string `mapstructure:"impersonate_service_account_delegates"`
}

Expand Down Expand Up @@ -460,9 +462,14 @@ func CreateGCSClient(gcsConfigRemote RemoteStateConfigGCS) (*storage.Client, err
}

if gcsConfigRemote.ImpersonateServiceAccount != "" {
opts = append(opts, option.ImpersonateCredentials(
gcsConfigRemote.ImpersonateServiceAccount,
gcsConfigRemote.ImpersonateServiceAccountDelegates...))
ts, err := impersonate.CredentialsTokenSource(context.Background(), impersonate.CredentialsConfig{
TargetPrincipal: gcsConfigRemote.ImpersonateServiceAccount,
Scopes: gcsConfigRemote.ImpersonateServiceAccountScopes,
})
if err != nil {
return nil, err
}
opts = append(opts, option.WithTokenSource(ts))
}

client, err := storage.NewClient(ctx, opts...)
Expand Down

0 comments on commit b735be2

Please sign in to comment.