From 0cb96b3614011d7eff8777d5dcce102cbbd470de Mon Sep 17 00:00:00 2001 From: Ryan Hitchman Date: Tue, 19 Jul 2016 17:41:39 -0700 Subject: [PATCH] Revert "Drop support for --gce-service-account, require activated creds" --- hack/ginkgo-e2e.sh | 1 + hack/jenkins/e2e-runner.sh | 1 + test/e2e/e2e.go | 11 ++++++++++- test/e2e/framework/test_context.go | 2 ++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/hack/ginkgo-e2e.sh b/hack/ginkgo-e2e.sh index daf1e4ad2c6..d253486f83d 100755 --- a/hack/ginkgo-e2e.sh +++ b/hack/ginkgo-e2e.sh @@ -121,6 +121,7 @@ export PATH=$(dirname "${e2e_test}"):"${PATH}" --provider="${KUBERNETES_PROVIDER}" \ --gce-project="${PROJECT:-}" \ --gce-zone="${ZONE:-}" \ + --gce-service-account="${GCE_SERVICE_ACCOUNT:-}" \ --gke-cluster="${CLUSTER_NAME:-}" \ --kube-master="${KUBE_MASTER:-}" \ --cluster-tag="${CLUSTER_ID:-}" \ diff --git a/hack/jenkins/e2e-runner.sh b/hack/jenkins/e2e-runner.sh index 2307b8cef03..3a53d1f4a23 100755 --- a/hack/jenkins/e2e-runner.sh +++ b/hack/jenkins/e2e-runner.sh @@ -226,6 +226,7 @@ fi if [[ -f "${KUBEKINS_SERVICE_ACCOUNT_FILE:-}" ]]; then echo 'Activating service account...' # No harm in doing this multiple times. gcloud auth activate-service-account --key-file="${KUBEKINS_SERVICE_ACCOUNT_FILE}" + unset GCE_SERVICE_ACCOUNT # Use checked in credentials, not the metadata server unset KUBEKINS_SERVICE_ACCOUNT_FILE elif [[ -n "${KUBEKINS_SERVICE_ACCOUNT_FILE:-}" ]]; then echo "ERROR: cannot access service account file at: ${KUBEKINS_SERVICE_ACCOUNT_FILE}" diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index 3be0417fe2c..67bf0c13d12 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -29,6 +29,8 @@ import ( "github.com/onsi/ginkgo/config" "github.com/onsi/ginkgo/reporters" "github.com/onsi/gomega" + "golang.org/x/oauth2" + "golang.org/x/oauth2/google" "k8s.io/kubernetes/pkg/api" gcecloud "k8s.io/kubernetes/pkg/cloudprovider/providers/gce" @@ -59,13 +61,20 @@ func setupProviderConfig() error { case "gce", "gke": var err error framework.Logf("Fetching cloud provider for %q\r\n", framework.TestContext.Provider) + var tokenSource oauth2.TokenSource + tokenSource = nil + if cloudConfig.ServiceAccount != "" { + // Use specified service account for auth + framework.Logf("Using service account %q as token source.", cloudConfig.ServiceAccount) + tokenSource = google.ComputeTokenSource(cloudConfig.ServiceAccount) + } zone := framework.TestContext.CloudConfig.Zone region, err := gcecloud.GetGCERegion(zone) if err != nil { return fmt.Errorf("error parsing GCE/GKE region from zone %q: %v", zone, err) } managedZones := []string{zone} // Only single-zone for now - cloudConfig.Provider, err = gcecloud.CreateGCECloud(framework.TestContext.CloudConfig.ProjectID, region, zone, managedZones, "" /* networkUrl */, nil /* nodeTags */, "" /* nodeInstancePerfix */, nil /* tokenSource */, false /* useMetadataServer */) + cloudConfig.Provider, err = gcecloud.CreateGCECloud(framework.TestContext.CloudConfig.ProjectID, region, zone, managedZones, "" /* networkUrl */, nil /* nodeTags */, "" /* nodeInstancePerfix */, tokenSource, false /* useMetadataServer */) if err != nil { return fmt.Errorf("Error building GCE/GKE provider: %v", err) } diff --git a/test/e2e/framework/test_context.go b/test/e2e/framework/test_context.go index 422d36382eb..0d41631671d 100644 --- a/test/e2e/framework/test_context.go +++ b/test/e2e/framework/test_context.go @@ -80,6 +80,7 @@ type CloudConfig struct { NodeInstanceGroup string NumNodes int ClusterTag string + ServiceAccount string Provider cloudprovider.Interface } @@ -135,6 +136,7 @@ func RegisterClusterFlags() { flag.StringVar(&cloudConfig.MasterName, "kube-master", "", "Name of the kubernetes master. Only required if provider is gce or gke") flag.StringVar(&cloudConfig.ProjectID, "gce-project", "", "The GCE project being used, if applicable") flag.StringVar(&cloudConfig.Zone, "gce-zone", "", "GCE zone being used, if applicable") + flag.StringVar(&cloudConfig.ServiceAccount, "gce-service-account", "", "GCE service account to use for GCE API calls, if applicable") flag.StringVar(&cloudConfig.Cluster, "gke-cluster", "", "GKE name of cluster being used, if applicable") flag.StringVar(&cloudConfig.NodeInstanceGroup, "node-instance-group", "", "Name of the managed instance group for nodes. Valid only for gce, gke or aws. If there is more than one group: comma separated list of groups.") flag.IntVar(&cloudConfig.NumNodes, "num-nodes", -1, "Number of nodes in the cluster")