diff --git a/.gitignore b/.gitignore index 3d73b6ec6..7bb981aa6 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ Thumbs.db /packer.exe .project cache +/.vscode/ diff --git a/builder/yandex/access_config.go b/builder/yandex/access_config.go index 24dc53ee8..403e001a9 100644 --- a/builder/yandex/access_config.go +++ b/builder/yandex/access_config.go @@ -22,7 +22,7 @@ type AccessConfig struct { // is an alternative method to authenticate to Yandex.Cloud. Alternatively you may set environment variable // `YC_SERVICE_ACCOUNT_KEY_FILE`. ServiceAccountKeyFile string `mapstructure:"service_account_key_file" required:"false"` - // OAuth token to use to authenticate to Yandex.Cloud. Alternatively you may set + // OAuth token or IAM credentional to use to authenticate to Yandex.Cloud. Alternatively you may set // value by environment variable `YC_TOKEN`. Token string `mapstructure:"token" required:"true"` // The maximum number of times an API request is being executed. diff --git a/builder/yandex/driver_yc.go b/builder/yandex/driver_yc.go index 55065ae77..31b26d534 100644 --- a/builder/yandex/driver_yc.go +++ b/builder/yandex/driver_yc.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "log" + "strings" "time" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" @@ -48,9 +49,13 @@ func NewDriverYC(ui packer.Ui, ac *AccessConfig) (Driver, error) { sdkConfig.Credentials = ycsdk.InstanceServiceAccount() case ac.Token != "": - log.Printf("[INFO] Use OAuth token for authentication") - sdkConfig.Credentials = ycsdk.OAuthToken(ac.Token) - + if strings.HasPrefix(ac.Token, "t1.") && strings.Count(ac.Token, ".") == 2 { + log.Printf("[INFO] Use IAM token for authentication") + sdkConfig.Credentials = ycsdk.NewIAMTokenCredentials(ac.Token) + } else { + log.Printf("[INFO] Use OAuth token for authentication") + sdkConfig.Credentials = ycsdk.OAuthToken(ac.Token) + } case ac.ServiceAccountKeyFile != "": log.Printf("[INFO] Use Service Account key file %q for authentication", ac.ServiceAccountKeyFile) key, err := iamkey.ReadFromJSONFile(ac.ServiceAccountKeyFile) @@ -84,6 +89,7 @@ func NewDriverYC(ui packer.Ui, ac *AccessConfig) (Driver, error) { grpc.WithDefaultCallOptions(grpc.Header(&userAgentMD)), grpc.WithUnaryInterceptor(interceptorChain)) + log.Printf("%v", sdk.IAM()) if err != nil { return nil, err } diff --git a/go.mod b/go.mod index a7a5ce40e..1be895636 100644 --- a/go.mod +++ b/go.mod @@ -93,6 +93,7 @@ require ( github.com/mitchellh/go-homedir v1.1.0 github.com/mitchellh/go-testing-interface v1.0.3 // indirect github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed + github.com/mitchellh/gox v1.0.1 // indirect github.com/mitchellh/iochan v1.0.0 github.com/mitchellh/mapstructure v1.2.3 github.com/mitchellh/panicwrap v1.0.0 @@ -126,8 +127,8 @@ require ( github.com/ulikunitz/xz v0.5.5 github.com/vmware/govmomi v0.23.1 github.com/xanzy/go-cloudstack v0.0.0-20190526095453-42f262b63ed0 - github.com/yandex-cloud/go-genproto v0.0.0-20200608085315-d6e7ef5ceb97 - github.com/yandex-cloud/go-sdk v0.0.0-20200610100221-ae86895efb97 + github.com/yandex-cloud/go-genproto v0.0.0-20200915125933-33de72a328bd + github.com/yandex-cloud/go-sdk v0.0.0-20200921111412-ef15ded2014c github.com/zclconf/go-cty v1.4.0 github.com/zclconf/go-cty-yaml v1.0.1 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 diff --git a/go.sum b/go.sum index 1c0a21f59..b4afda482 100644 --- a/go.sum +++ b/go.sum @@ -377,6 +377,7 @@ github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.0.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.1.0 h1:bPIoEKD27tNdebFGGxxYwcL4nepeY4j1QP23PFRGzg0= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+dIzX/E= @@ -511,6 +512,8 @@ github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZX github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= +github.com/mitchellh/gox v1.0.1 h1:x0jD3dcHk9a9xPSDN6YEL4xL6Qz0dvNYm8yZqui5chI= +github.com/mitchellh/gox v1.0.1/go.mod h1:ED6BioOGXMswlXa2zxfh/xdd5QhwYliBFn9V18Ap4z4= github.com/mitchellh/iochan v1.0.0 h1:C+X3KsSTLFVBr/tK1eYN/vs4rJcvsiLU338UhYPJWeY= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -635,8 +638,12 @@ github.com/xanzy/go-cloudstack v0.0.0-20190526095453-42f262b63ed0 h1:NJrcIkdzq0C github.com/xanzy/go-cloudstack v0.0.0-20190526095453-42f262b63ed0/go.mod h1:sBh287mCRwCz6zyXHMmw7sSZGPohVpnx+o+OY4M+i3A= github.com/yandex-cloud/go-genproto v0.0.0-20200608085315-d6e7ef5ceb97 h1:DoqSUxQkBLislVgA1qkM0u7g04It4VRMidyLBH/O/as= github.com/yandex-cloud/go-genproto v0.0.0-20200608085315-d6e7ef5ceb97/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-genproto v0.0.0-20200915125933-33de72a328bd h1:o4pvS7D4OErKOM6y+/q6IfOa65OaentKbEDh1ABirE8= +github.com/yandex-cloud/go-genproto v0.0.0-20200915125933-33de72a328bd/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= github.com/yandex-cloud/go-sdk v0.0.0-20200610100221-ae86895efb97 h1:8KwSw9xtQBeyeX1EpOlOjRc0JaHlh8B8GglKA6iXt08= github.com/yandex-cloud/go-sdk v0.0.0-20200610100221-ae86895efb97/go.mod h1:3p2xVpQrHyPxV4UCKnKozt9n+g1LRENOQ33CH8rqLnY= +github.com/yandex-cloud/go-sdk v0.0.0-20200921111412-ef15ded2014c h1:LJrgyICodRAgtBvOO2eCbhDDIoaJgeLa1tGQecqW9ac= +github.com/yandex-cloud/go-sdk v0.0.0-20200921111412-ef15ded2014c/go.mod h1:Zn/U9YKH0w8n83ezLps5eB6Jftc4gSoZWxVR8hgXgoY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/website/pages/docs/builders/yandex.mdx b/website/pages/docs/builders/yandex.mdx index 7f8f51df3..3d40a3ecb 100644 --- a/website/pages/docs/builders/yandex.mdx +++ b/website/pages/docs/builders/yandex.mdx @@ -21,13 +21,16 @@ based on existing images. Builder can authenticate with Yandex.Cloud using one of the following methods: - OAuth token +- IAM credential - File with Service Account Key - Service Account assigned to Compute Instance ### Authentication Using Token To authenticate with an OAuth token only `token` config key is needed. -Or use the `YC_TOKEN` environment variable with proper value. Token you could get [here](https://oauth.yandex.ru/authorize?response_type=token&client_id=1a6990aa636648e9b2ef855fa7bec2fb). +Or use the `YC_TOKEN` environment variable with proper value. +Token you could get [here](https://oauth.yandex.ru/authorize?response_type=token&client_id=1a6990aa636648e9b2ef855fa7bec2fb). +Check [documentation](https://cloud.yandex.ru/docs/iam/operations/iam-token/create) about how to get IAM credential. ### Authentication Using Service Account Key File diff --git a/website/pages/partials/builder/yandex/AccessConfig-required.mdx b/website/pages/partials/builder/yandex/AccessConfig-required.mdx index 0dd597dd6..2bdaa12a8 100644 --- a/website/pages/partials/builder/yandex/AccessConfig-required.mdx +++ b/website/pages/partials/builder/yandex/AccessConfig-required.mdx @@ -1,4 +1,4 @@ -- `token` (string) - OAuth token to use to authenticate to Yandex.Cloud. Alternatively you may set +- `token` (string) - OAuth token or IAM credentional to use to authenticate to Yandex.Cloud. Alternatively you may set value by environment variable `YC_TOKEN`.