GCP: not all authentication ways supported

gruntwork-io / terragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.

https://terragrunt.gruntwork.io/

MIT License

8.01k stars 971 forks source link

GCP: not all authentication ways supported #1634

Open awasilyev opened 3 years ago

awasilyev commented 3 years ago

Currently terragrunt support only direct setting path to the json with gcp credentials or using GOOGLE_APPLICATION_CREDENTIALS.

It will be really useful to support other methods, like authentication as end user (via gcloud auth login) or specifying key file system wide (via gcloud auth activate-service-account )

brikis98 commented 3 years ago

How do those other methods work?

Note: we probably won't be able to get to this ourselves any time soon, so if someone has time to think through how this would work and submit a PR, that would be the best bet here.

paoloventriglia commented 3 years ago

terragrunt (like terraform) seems to support GOOGLE_APPLICATION_CREDENTIALS and gcloud auth application-default login, the latter follow the same process as gcloud auth login but it actually creates a .json file called application_default_credentials.json. Doing this gcloud auth activate-service-account in my books is the same as export GOOGLE_APPLICATION_CREDENTIALS as in both cases you have to provide a key-file for the service account.