Simplify Google Cloud credential detection

iterative/gcp/provider.go

@@ -289,6 +289,14 @@ func ResourceMachineDelete(ctx context.Context, d *schema.ResourceData, m interf
 	return nil
 }
 
+func LoadGCPCredentials() (*google.Credentials, error) {
+	if credentialsData := os.Getenv("GOOGLE_APPLICATION_CREDENTIALS_DATA"); credentialsData != "" {
+		return google.CredentialsFromJSON(oauth2.NoContext, []byte(credentialsData), gcp_compute.ComputeScope)
+	}
+
+	return google.FindDefaultCredentials(oauth2.NoContext, gcp_compute.ComputeScope)
+}
+
 func getServiceAccountData(saString string) (string, []string) {
 	// ["SA email", "scopes=s1", "s2", ...]
 	splitStr := strings.Split(saString, ",")
@@ -305,15 +313,7 @@ func getServiceAccountData(saString string) (string, []string) {
 }
 
 func getProjectService() (string, *gcp_compute.Service, error) {
-	var credentials *google.Credentials
-	var err error
-
-	if credentialsData := []byte(utils.LoadGCPCredentials()); len(credentialsData) > 0 {
-		credentials, err = google.CredentialsFromJSON(oauth2.NoContext, credentialsData, gcp_compute.ComputeScope)
-	} else {
-		credentials, err = google.FindDefaultCredentials(oauth2.NoContext, gcp_compute.ComputeScope)
-	}
-
+	credentials, err := LoadGCPCredentials()
 	if err != nil {
 		return "", nil, err
 	}

iterative/resource_runner.go

@@ -16,6 +16,7 @@ import (
 
 	"gopkg.in/alessio/shellescape.v1"
 
+	"terraform-provider-iterative/iterative/gcp"
 	"terraform-provider-iterative/iterative/utils"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -435,6 +436,11 @@ func provisionerCode(d *schema.ResourceData) (string, error) {
 		return code, err
 	}
 
+	var gcpCredentials string
+	if credentials, err := gcp.LoadGCPCredentials(); err == nil {
+		gcpCredentials = string(credentials.JSON)
+	}
+
 	data := make(map[string]interface{})
 	data["token"] = d.Get("token").(string)
 	data["repo"] = d.Get("repo").(string)
@@ -455,7 +461,7 @@ func provisionerCode(d *schema.ResourceData) (string, error) {
 	data["AZURE_CLIENT_SECRET"] = os.Getenv("AZURE_CLIENT_SECRET")
 	data["AZURE_SUBSCRIPTION_ID"] = os.Getenv("AZURE_SUBSCRIPTION_ID")
 	data["AZURE_TENANT_ID"] = os.Getenv("AZURE_TENANT_ID")
-	data["GOOGLE_APPLICATION_CREDENTIALS_DATA"] = utils.LoadGCPCredentials()
+	data["GOOGLE_APPLICATION_CREDENTIALS_DATA"] = gcpCredentials
 	data["KUBERNETES_CONFIGURATION"] = os.Getenv("KUBERNETES_CONFIGURATION")
 	data["container"] = isContainerAvailable(d.Get("cloud").(string))
 	data["setup"] = strings.Replace(string(setup[:]), "#/bin/sh", "", 1)

iterative/testdata/script_template_cloud_gcp.golden

@@ -40,7 +40,7 @@ fi
 sudo npm config set user 0 && sudo npm install --global 18 value with "quotes" and spaces
 sudo tee /usr/bin/cml.sh << 'EOF'
 #!/bin/sh
-export GOOGLE_APPLICATION_CREDENTIALS_DATA='7 value with "quotes" and spaces'
+export GOOGLE_APPLICATION_CREDENTIALS_DATA=''
 
 HOME="$(mktemp -d)" exec $(which cml-runner || echo $(which cml-internal || echo cml) runner) \
    --name '10 value with "quotes" and spaces' \

iterative/utils/helpers.go

@@ -123,18 +123,6 @@ func GCPCoerceOIDCCredentials(rawCreds []byte) (string, error) {
 	return projectID, nil
 }
 
-func LoadGCPCredentials() string {
-	credentialsData := os.Getenv("GOOGLE_APPLICATION_CREDENTIALS_DATA")
-	if len(credentialsData) == 0 {
-		credentialsPath := os.Getenv("GOOGLE_APPLICATION_CREDENTIALS")
-		if len(credentialsPath) > 0 {
-			jsonData, _ := os.ReadFile(credentialsPath)
-			credentialsData = string(jsonData)
-		}
-	}
-	return credentialsData
-}
-
 // Better way than copying?
 // https://github.com/hashicorp/terraform-provider-google/blob/8a362008bd4d36b6a882eb53455f87305e6dff52/google/service_scope.go#L5-L48
 func canonicalizeServiceScope(scope string) string {