Fix OsLogin authentication when running Packer with GCE service account #105

nywilken · 2022-07-25T15:29:14Z

The userinfo.email auth scope is required for obtaining access to the
service account email associated with a token. Previously this scope was
not provided resulting in no email information for the returned token.
The email is needed for properly importing an OsLogin SSH key, thus
causing a regression when using use_os_login with the DefaultTokenSource
authentication method.

Closes #82

Test results before change

=== RUN   TestAccBuilder_DefaultTokenSource
    pluginacc.go:143: Error running plugin acceptance tests: Bad exit code. Logfile: packer_log_googlecompute-packer-default-ts.txt
        Logs can be found at /Users/wilkenrivera/Development/packer-plugin-googlecompute/builder/googlecompute/packer_log_googlecompute-packer-default-ts.txt
        and the acceptance test template can be found at /Users/wilkenrivera/Development/packer-plugin-googlecompute/builder/googlecompute/googlecompute-packer-default-ts.pkr.hcl
--- FAIL: TestAccBuilder_DefaultTokenSource (7.43s)

Test results after change

=== RUN   TestAccBuilder_DefaultTokenSource
--- PASS: TestAccBuilder_DefaultTokenSource (58.56s)

The userinfo.email auth scope is required for obtaining access to the service account email associated with a token. Previously this scope was not provided resulting in no email information for the returned token. The email is needed for properly importing an OsLogin SSH key, thus causing a regression when using `use_os_login` with the DefaultTokenSource authentication method. Closes #82

* Add a basic test case for using account_file * Add test case for oslogin regression Test results before change ``` === RUN TestAccBuilder_DefaultTokenSource pluginacc.go:143: Error running plugin acceptance tests: Bad exit code. Logfile: packer_log_googlecompute-packer-default-ts.txt Logs can be found at /Users/wilkenrivera/Development/packer-plugin-googlecompute/builder/googlecompute/packer_log_googlecompute-packer-default-ts.txt and the acceptance test template can be found at /Users/wilkenrivera/Development/packer-plugin-googlecompute/builder/googlecompute/googlecompute-packer-default-ts.pkr.hcl --- FAIL: TestAccBuilder_DefaultTokenSource (7.43s) ``` Test results after change ``` === RUN TestAccBuilder_DefaultTokenSource --- PASS: TestAccBuilder_DefaultTokenSource (58.56s) ```

sylviamoss

LGTM 👍🏼

Add email scope to driver

757a86c

nywilken requested a review from a team as a code owner July 25, 2022 15:29

nywilken marked this pull request as draft July 25, 2022 15:29

nywilken changed the title ~~Add email scope to driver~~ Fix OsLogin authentication when running Packer with GCE service account Jul 25, 2022

nywilken force-pushed the fix-oslogin-gce branch from 835252a to ba9c324 Compare July 25, 2022 18:44

nywilken added bug regression labels Jul 25, 2022

nywilken marked this pull request as ready for review July 25, 2022 19:46

nywilken mentioned this pull request Jul 25, 2022

Broken OSLogin service account authentication on Packer 1.0.10 #82

Closed

sylviamoss approved these changes Jul 27, 2022

View reviewed changes

nywilken merged commit 1dfa194 into main Jul 27, 2022

nywilken deleted the fix-oslogin-gce branch July 27, 2022 17:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix OsLogin authentication when running Packer with GCE service account #105

Fix OsLogin authentication when running Packer with GCE service account #105

nywilken commented Jul 25, 2022 •

edited

Loading

sylviamoss left a comment

Fix OsLogin authentication when running Packer with GCE service account #105

Fix OsLogin authentication when running Packer with GCE service account #105

Conversation

nywilken commented Jul 25, 2022 • edited Loading

sylviamoss left a comment

Choose a reason for hiding this comment

nywilken commented Jul 25, 2022 •

edited

Loading