--impersonate-service-account compatibility

gartnera · Jun 21, 2022 · db640d2 · db640d2
1 parent e038774
commit db640d2
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/auth/token.go b/auth/token.go
@@ -34,12 +34,18 @@ func Token() (*oauth2.Token, error) {
 	return ts.Token()
 }
 
+// easily impersonate a service account and maintain the TokenSource interface
+var ImpersonateServiceAccount = ""
+
 func maybeGetImpersonatedTokenSource(ctx context.Context) (oauth2.TokenSource, error) {
 	mainTs, err := getMainTokenSource(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("unable to get main tokensource: %w", err)
 	}
 	email := os.Getenv("GOOGLE_IMPERSONATE_SERVICE_ACCOUNT")
+	if email == "" {
+		email = ImpersonateServiceAccount
+	}
 	if email != "" {
 		impersonateTs, err := NewGoogleImpersonateTokenSourceWrapper(ctx, email, mainTs)
 		if err != nil {

diff --git a/main.go b/main.go
@@ -15,6 +15,9 @@ import (
 
 var rootCmd = &cobra.Command{
 	Use: "gcloud <command> [command-flags] [command-args]",
+	PersistentPreRun: func(cmd *cobra.Command, args []string) {
+		auth.ImpersonateServiceAccount, _ = cmd.Flags().GetString("impersonate-service-account")
+	},
 }
 
 func gcloudFallback() error {
@@ -78,6 +81,7 @@ func maybeFallback() {
 }
 
 func main() {
+	rootCmd.PersistentFlags().String("impersonate-service-account", "", "service account email to impersonate")
 	rootCmd.AddCommand(auth.GetRootCmd())
 	rootCmd.AddCommand(config.GetRootCmd())
 	rootCmd.AddCommand(container.GetRootCmd())