Skip to content
This repository has been archived by the owner on Dec 15, 2022. It is now read-only.

Commit

Permalink
Implement WorkloadIdentity/InjectedIdentity Support
Browse files Browse the repository at this point in the history
Signed-off-by: David Collom <david.collom@jetstack.io>
  • Loading branch information
davidcollom committed Mar 16, 2022
1 parent 48f0deb commit dc21fd6
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 9 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -125,4 +125,4 @@ crossplane.help:

help-special: crossplane.help

.PHONY: crossplane.help help-special
.PHONY: crossplane.help help-special
2 changes: 2 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ require (
github.com/hashicorp/terraform-provider-google v1.20.1-0.20211102210101-f004d2d203fa
github.com/pkg/errors v0.9.1
go.uber.org/multierr v1.7.0 // indirect
golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1
google.golang.org/api v0.59.0
gopkg.in/alecthomas/kingpin.v2 v2.2.6
k8s.io/apimachinery v0.22.0
k8s.io/client-go v0.22.0
Expand Down
23 changes: 15 additions & 8 deletions internal/clients/gcp.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"fmt"

xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
"github.com/crossplane/crossplane-runtime/pkg/resource"
"github.com/crossplane/terrajet/pkg/terraform"
"github.com/pkg/errors"
Expand Down Expand Up @@ -55,18 +56,24 @@ func TerraformSetupBuilder(version, providerSource, providerVersion string) terr
return ps, errors.Wrap(err, errTrackUsage)
}

data, err := resource.CommonCredentialExtractor(ctx, pc.Spec.Credentials.Source, client, pc.Spec.Credentials.CommonCredentialSelectors)
if err != nil {
return ps, errors.Wrap(err, errExtractCredentials)
}

// set provider configuration
ps.Configuration = map[string]interface{}{
keyProject: pc.Spec.ProjectID,
}
// set environment variables for sensitive provider configuration
ps.Env = []string{
fmt.Sprintf(fmtEnvVar, envCredentials, string(data)),

switch s := pc.Spec.Credentials.Source; s { //nolint:exhaustive
case xpv1.CredentialsSourceInjectedIdentity:
// We don't need to do anything here, as the TF Provider will take care of workloadIdentity etc.
default:
data, err := resource.CommonCredentialExtractor(ctx, pc.Spec.Credentials.Source, client, pc.Spec.Credentials.CommonCredentialSelectors)
if err != nil {
return ps, errors.Wrap(err, errExtractCredentials)
}

// set environment variables for sensitive provider configuration
ps.Env = []string{
fmt.Sprintf(fmtEnvVar, envCredentials, string(data)),
}
}
return ps, nil
}
Expand Down

0 comments on commit dc21fd6

Please sign in to comment.