Skip to content

Commit

Permalink
backend/remote-state/gcs: Simplify initialization of the GCS client.
Browse files Browse the repository at this point in the history 
This also implements the (already documented) behavior of checking the
GOOGLE_CREDENTIALS environment variable.
  • Loading branch information
@octo @jbardin
octo authored and jbardin committed Oct 27, 2017
1 parent 5205c63 commit 1426322
Showing 1 changed file with 12 additions and 26 deletions.
38 changes: 12 additions & 26 deletions backend/remote-state/gcs/backend.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 4,13 @@ package gcs
import (
"context"
"fmt"
"io/ioutil"
"os"
"strings"

"cloud.google.com/go/storage"
"github.com/hashicorp/terraform/backend"
"github.com/hashicorp/terraform/helper/schema"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
"github.com/hashicorp/terraform/terraform"
"google.golang.org/api/option"
)

Expand Down Expand Up @@ -83,32 82,19 @@ func (b *gcsBackend) configure(ctx context.Context) error {

b.defaultStateFile = strings.TrimLeft(data.Get("path").(string), "/")

var tokenSource oauth2.TokenSource

if credentials := data.Get("credentials").(string); credentials != "" {
path := data.Get("credentials").(string)
json, err := ioutil.ReadFile(path)
if err != nil {
return fmt.Errorf("reading %q: %v", path, err)
}

jwtConfig, err := google.JWTConfigFromJSON([]byte(json), storage.ScopeReadWrite)
if err != nil {
return fmt.Errorf("Failed to get Google OAuth2 token: %v", err)
}

tokenSource = jwtConfig.TokenSource(b.storageContext)
} else {
var err error
tokenSource, err = google.DefaultTokenSource(b.storageContext, storage.ScopeReadWrite)
if err != nil {
return fmt.Errorf("Failed to get Google Application Default Credentials: %v", err)
}
opts := []option.ClientOption{
option.WithScopes(storage.ScopeReadWrite),
option.WithUserAgent(terraform.UserAgentString()),
}
if credentialsFile := data.Get("credentials").(string); credentialsFile != "" {
opts = append(opts, option.WithCredentialsFile(credentialsFile))
} else if credentialsFile := os.Getenv("GOOGLE_CREDENTIALS"); credentialsFile != "" {

This comment has been minimized.

Sign in to view

Copy link
@michaelbannister

michaelbannister Nov 28, 2017

Hi @jbardin, this seems to conflict with the use of GOOGLE_CREDENTIALS in the google provider
https://github.com/terraform-providers/terraform-provider-google/blob/10f764aa9b68349684278b8a19496b8eb4e4a7c9/google/provider.go#L19 which expects this variable (or config property) to contain the content rather than a path to a file.
I've just had to downgrade back to 0.10.x as it seems that this initialization code runs even on apply or plan so I can't separate the use of the environment variable.

I haven't had time to come up with a simple test case to raise an issue but I intend to do so; if you have any thoughts meanwhile that'd be great.
opts = append(opts, option.WithCredentialsFile(credentialsFile))
}

client, err := storage.NewClient(b.storageContext, option.WithTokenSource(tokenSource))
client, err := storage.NewClient(b.storageContext, opts...)
if err != nil {
return fmt.Errorf("Failed to create Google Storage client: %v", err)
return fmt.Errorf("storage.NewClient() failed: %v", err)
}

b.storageClient = client
Expand Down

0 comments on commit 1426322

Please sign in to comment.