Retrieve current OAuth access token from google_client_config data source (#1277)

* Added access_token field to google_client_config data source * Refined documentation of google_client_config
2024-07-01 15:52:39 +00:00 · 2018-04-03 21:54:48 +02:00 · 2018-04-03 21:54:48 +02:00 · 3460ddcaa7
commit 3460ddcaa7
parent b3a1f43dbc
4 changed files with 38 additions and 0 deletions
--- a/google/config.go
+++ b/google/config.go
@ -52,6 +52,8 @@ type Config struct {
 	client    *http.Client
 	userAgent string

+	tokenSource oauth2.TokenSource
+
 	clientBilling                *cloudbilling.Service
 	clientCompute                *compute.Service
 	clientComputeBeta            *computeBeta.Service
@ -135,6 +137,8 @@ func (c *Config) loadAndValidate() error {
 		}
 	}

+	c.tokenSource = tokenSource
+
 	client.Transport = logging.NewTransport("Google", client.Transport)

 	versionString := terraform.VersionString()
--- a/google/data_source_google_client_config.go
+++ b/google/data_source_google_client_config.go
@ -19,6 +19,12 @@ func dataSourceGoogleClientConfig() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+
+			"access_token": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
 		},
 	}
 }
@ -30,5 +36,11 @@ func dataSourceClientConfigRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("project", config.Project)
 	d.Set("region", config.Region)

+	token, err := config.tokenSource.Token()
+	if err != nil {
+		return err
+	}
+	d.Set("access_token", token.AccessToken)
+
 	return nil
 }
--- a/google/data_source_google_client_config_test.go
+++ b/google/data_source_google_client_config_test.go
@ -20,6 +20,7 @@ func TestAccDataSourceGoogleClientConfig_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet(resourceName, "project"),
 					resource.TestCheckResourceAttrSet(resourceName, "region"),
+					resource.TestCheckResourceAttrSet(resourceName, "access_token"),
 				),
 			},
 		},
--- a/website/docs/d/datasource_client_config.html.markdown
+++ b/website/docs/d/datasource_client_config.html.markdown
@ -20,6 +20,25 @@ output "project" {
 }
 ```

+## Example Usage: Configure Kubernetes provider with OAuth2 access token
+
+```tf
+data "google_client_config" "default" {}
+
+data "google_container_cluster" "my_cluster" {
+  name   = "my-cluster"
+  zone   = "us-east1-a"
+}
+
+provider "kubernetes" {
+  load_config_file = false
+
+  host = "https://${google_container_cluster.my_cluster.endpoint}"
+  token = "${data.google_client_config.default.access_token}"
+  cluster_ca_certificate = "${base64decode(google_container_cluster.my_cluster.master_auth.0.cluster_ca_certificate)}"
+}
+```
+
 ## Argument Reference

 There are no arguments available for this data source.
@ -31,3 +50,5 @@ In addition to the arguments listed above, the following attributes are exported
 * `project` - The ID of the project to apply any resources to.

 * `region` - The region to operate under.
+
+* `access_token` - The OAuth2 access token used by the client to authenticate against the Google Cloud API.