Closed upodroid closed 2 years ago
Also, does Packer implement something like AtLeastOneOf from TF? ssh_username
should be optional if use_os_login
is set as the code already overrides ssh_username
.
Also, does Packer implement something like AtLeastOneOf from TF?
The internal communicator should be able to try on different types of auth methods, yes. Does that answer your question ?
Also, does Packer implement something like AtLeastOneOf from TF?
The internal communicator should be able to try on different types of auth methods, yes. Does that answer your question ?
This error should be suppressed if use_os_login
is set to true, given thst ssh_username
is overriden later.
Error: 1 error(s) occurred:
* An ssh_username must be specified
Note: some builders used to default ssh_username to "root".
on image.pkr.hcl line 53:
(source code not available)
==> Wait completed after 10 microseconds
==> Builds finished but no artifacts were created.
Are you able to change that error from validation ?
Are you able to change that error from validation ?
That parameter isn't adjustable in this package.
https://github.com/hashicorp/packer-plugin-sdk/blob/main/communicator/config.go
Anyway, i'll investigate that and open a PR for it separately. The PR works now.
Thank you
Fixes: #73
Can I get some help with the
driver_mock.go
?This change fixes a bug where the OS Login email lookup doesn't work if service account impersonation is being used.
The
tokeninfo
function at the bottom ofbuilder/googlecompute/step_import_os_login_ssh_key.go
is initialised with incorrect ClientOption and won't work if you are impersonating.Also,
getGCEUser
is broken with service account impersonation as it uses the metadata server of the instance/pod to get the email of the identity that is impersonating and not the impersonated identity.I have reworked it to acquire the correct Access Token from NewClientOptionGoogle and then use it to make a call to get email from https://oauth2.googleapis.com/tokeninfo
@azr @SwampDragons