Added oauth2 support for GCP

hashicorp · Oct 20, 2015 · b803ce2 · b803ce2
1 parent 68e0133
commit b803ce2
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 17 deletions.
diff --git a/builtin/providers/google/config.go b/builtin/providers/google/config.go
@@ -36,6 +36,13 @@ type Config struct {
 
 func (c *Config) loadAndValidate() error {
 	var account accountFile
+	clientScopes := []string{
+		"https://www.googleapis.com/auth/compute",
+		"https://www.googleapis.com/auth/cloud-platform",
+		"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
+		"https://www.googleapis.com/auth/devstorage.full_control",
+	}
+
 
 	if c.AccountFile == "" {
 		c.AccountFile = os.Getenv("GOOGLE_ACCOUNT_FILE")
@@ -79,13 +86,6 @@ func (c *Config) loadAndValidate() error {
 			}
 		}
 
-		clientScopes := []string{
-			"https://www.googleapis.com/auth/compute",
-			"https://www.googleapis.com/auth/cloud-platform",
-			"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
-			"https://www.googleapis.com/auth/devstorage.full_control",
-		}
-
 		// Get the token for use in our requests
 		log.Printf("[INFO] Requesting Google token...")
 		log.Printf("[INFO]   -- Email: %s", account.ClientEmail)
@@ -105,16 +105,12 @@ func (c *Config) loadAndValidate() error {
 		client = conf.Client(oauth2.NoContext)
 
 	} else {
-		log.Printf("[INFO] Requesting Google token via GCE Service Role...")
-		client = &http.Client{
-			Transport: &oauth2.Transport{
-				// Fetch from Google Compute Engine's metadata server to retrieve
-				// an access token for the provided account.
-				// If no account is specified, "default" is used.
-				Source: google.ComputeTokenSource(""),
-			},
+		fmt.Log("[INFO] Authenticating using DefaultClient");
+		err := error(nil)
+		client, err = google.DefaultClient(oauth2.NoContext, clientScopes...)
+		if err != nil {
+			return err
 		}
-
 	}
 
 	// Build UserAgent

diff --git a/builtin/providers/google/provider.go b/builtin/providers/google/provider.go
@@ -15,7 +15,7 @@ func Provider() terraform.ResourceProvider {
 		Schema: map[string]*schema.Schema{
 			"account_file": &schema.Schema{
 				Type:         schema.TypeString,
-				Required:     true,
+				Optional:     true,
 				DefaultFunc:  schema.EnvDefaultFunc("GOOGLE_ACCOUNT_FILE", nil),
 				ValidateFunc: validateAccountFile,
 			},
@@ -78,6 +78,10 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 }
 
 func validateAccountFile(v interface{}, k string) (warnings []string, errors []error) {
+	if v == nil {
+		return
+	}
+
 	value := v.(string)
 
 	if value == "" {