From 7372b077c7687243e3f5523bc8e2c6640ceddf40 Mon Sep 17 00:00:00 2001
From: Tanveer <116706588+Tanveer143s@users.noreply.github.com>
Date: Fri, 14 Jun 2024 21:42:13 +0530
Subject: [PATCH] Feat: Added GCP authentication more inputs (#139)

---
 .github/workflows/terraform_workflow.yml |  6 ++++
 .github/workflows/tf-checks.yml          | 38 +++++++++++++++++++++++-
 .github/workflows/tfdrift.yml            |  8 ++++-
 3 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml
index bc0631a3..1659fec2 100644
--- a/.github/workflows/terraform_workflow.yml
+++ b/.github/workflows/terraform_workflow.yml
@@ -61,6 +61,11 @@ on:
         required: false
         type: string
         description: 'ID of the default project to use for future API calls and invocations.'
+      create_credentials_file:
+        required: false
+        type: string
+        default: false
+        description: 'If true, the action will securely generate a credentials file which can be used for authentication via gcloud and Google Cloud SDKs.'
     secrets:
       AZURE_CREDENTIALS:
         required: false
@@ -134,6 +139,7 @@ jobs:
         uses: 'google-github-actions/auth@v2'
         with:
           credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
+          create_credentials_file: ${{ inputs.create_credentials_file }}
           token_format: ${{ inputs.token_format }}
           workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
           service_account: ${{ secrets.SERVICE_ACCOUNT }}
diff --git a/.github/workflows/tf-checks.yml b/.github/workflows/tf-checks.yml
index 9a867575..13d50d68 100644
--- a/.github/workflows/tf-checks.yml
+++ b/.github/workflows/tf-checks.yml
@@ -10,6 +10,11 @@ on:
         required: false
         type: string
         default: './examples/complete/'
+      provider:
+        required: true
+        type: string
+        default: gcp
+        description: 'Cloud provider to run the workflow. e.g. azurerm or aws or gcp'
       terraform_version:
         description: 'Terraform version to use. Leave empty for the latest version.'
         required: false
@@ -24,6 +29,25 @@ on:
         required: false
         default: false
         type: string
+      token_format:
+        required: false
+        type: string
+        default: access_token
+        description: 'Output format for the generated authentication token. For OAuth 2.0 access tokens, specify "access_token". For OIDC tokens, specify "id_token". To skip token generation, leave this value empty'
+      access_token_lifetime:
+        required: false
+        type: string
+        default: 300s
+        description: 'Desired lifetime duration of the access token, in seconds'
+      project_id:
+        required: false
+        type: string
+        description: 'ID of the default project to use for future API calls and invocations.'
+      create_credentials_file:
+        required: false
+        type: string
+        default: false
+        description: 'If true, the action will securely generate a credentials file which can be used for authentication via gcloud and Google Cloud SDKs.'
     secrets:
       AWS_ACCESS_KEY_ID:
         description: 'aws access keys'
@@ -34,6 +58,12 @@ on:
       GCP_CREDENTIALS:
         description: 'The Google Cloud JSON service account key to use for authentication'
         required: false
+      WORKLOAD_IDENTITY_PROVIDER:
+        required: false
+        description: 'The full identifier of the Workload Identity Provider'
+      SERVICE_ACCOUNT:
+        required: false
+        description: 'The service account to be used'
 
 
 jobs:
@@ -84,10 +114,16 @@ jobs:
           aws-region: us-east-1
 
       - name: 'Authenticate to Google Cloud'
-        if: ${{ inputs.gcp_credentials == 'true' }}
+        if: ${{ inputs.provider == 'gcp' }}
         uses: 'google-github-actions/auth@v2'
         with:
           credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
+          create_credentials_file: ${{ inputs.create_credentials_file }}
+          token_format: ${{ inputs.token_format }}
+          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.SERVICE_ACCOUNT }}
+          access_token_lifetime: ${{ inputs.access_token_lifetime }}
+          project_id: ${{ inputs.project_id }}
 
       # - Installing terraform version based on version extract.
       - name: Install Terraform v${{ inputs.terraform_version || needs.versionExtract.outputs.maxVersion }}
diff --git a/.github/workflows/tfdrift.yml b/.github/workflows/tfdrift.yml
index 1b0aedd0..7a2c8a17 100644
--- a/.github/workflows/tfdrift.yml
+++ b/.github/workflows/tfdrift.yml
@@ -12,7 +12,7 @@ on:
         required: true
         type: string
         default: azurerm
-        description: 'Cloud provider to run the workflow. e.g. azurerm or aws'
+        description: 'Cloud provider to run the workflow. e.g. azurerm or aws or gcp'
       aws_region:
         required: false
         type: string
@@ -41,6 +41,11 @@ on:
         required: false
         type: string
         description: 'ID of the default project to use for future API calls and invocations.'
+      create_credentials_file:
+        required: false
+        type: string
+        default: false
+        description: 'If true, the action will securely generate a credentials file which can be used for authentication via gcloud and Google Cloud SDKs.'
     secrets:
       AZURE_CREDENTIALS:
         required: false
@@ -117,6 +122,7 @@ jobs:
         uses: 'google-github-actions/auth@v2'
         with:
           credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
+          create_credentials_file: ${{ inputs.create_credentials_file }}
           token_format: ${{ inputs.token_format }}
           workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
           service_account: ${{ secrets.SERVICE_ACCOUNT }}