From 745a4c05a5eb27b5a1376931ce70e32b982fc52d Mon Sep 17 00:00:00 2001 From: Emily Ye Date: Fri, 27 Sep 2019 10:44:32 -0700 Subject: [PATCH 1/3] fix regional ig issue --- plugin/authorizer_client_gcp.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/plugin/authorizer_client_gcp.go b/plugin/authorizer_client_gcp.go index d4ea0acf..d8d4afe1 100644 --- a/plugin/authorizer_client_gcp.go +++ b/plugin/authorizer_client_gcp.go @@ -30,7 +30,9 @@ func (c *gcpClient) InstanceGroups(ctx context.Context, project string, boundIns for k, v := range l.Items { zone, err := zoneFromSelfLink(k) if err != nil { - return err + // some groups returned are regional + // TODO(emilymye, #73): Support regions? + continue } for _, g := range v.InstanceGroups { From e8951d3a8ce6576416bb65a5ba4a607a7bbab6be Mon Sep 17 00:00:00 2001 From: Emily Ye Date: Fri, 27 Sep 2019 13:47:57 -0700 Subject: [PATCH 2/3] return error, just continue early on region --- plugin/authorizer_client_gcp.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/plugin/authorizer_client_gcp.go b/plugin/authorizer_client_gcp.go index d8d4afe1..be655968 100644 --- a/plugin/authorizer_client_gcp.go +++ b/plugin/authorizer_client_gcp.go @@ -3,6 +3,8 @@ package gcpauth import ( "context" "fmt" + "log" + "strings" "github.com/hashicorp/vault/sdk/helper/strutil" "google.golang.org/api/compute/v1" @@ -28,11 +30,16 @@ func (c *gcpClient) InstanceGroups(ctx context.Context, project string, boundIns Fields("items/*/instanceGroups/name"). Pages(ctx, func(l *compute.InstanceGroupAggregatedList) error { for k, v := range l.Items { + // Some groups returned are regional + // TODO(emilymye, #73): Support regions? + if strings.Contains(k, "/regions/") { + log.Printf("[WARN] ignoring key %q with region in instance group aggregated list", k) + continue + } + zone, err := zoneFromSelfLink(k) if err != nil { - // some groups returned are regional - // TODO(emilymye, #73): Support regions? - continue + return err } for _, g := range v.InstanceGroups { From 69a17def564ecc7874f7017b5679876b6530e413 Mon Sep 17 00:00:00 2001 From: Emily Ye Date: Fri, 27 Sep 2019 16:40:49 -0700 Subject: [PATCH 3/3] use b.Logger() --- plugin/authorizer_client_gcp.go | 5 +++-- plugin/path_login.go | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/plugin/authorizer_client_gcp.go b/plugin/authorizer_client_gcp.go index be655968..482eb8fe 100644 --- a/plugin/authorizer_client_gcp.go +++ b/plugin/authorizer_client_gcp.go @@ -3,9 +3,9 @@ package gcpauth import ( "context" "fmt" - "log" "strings" + log "github.com/hashicorp/go-hclog" "github.com/hashicorp/vault/sdk/helper/strutil" "google.golang.org/api/compute/v1" "google.golang.org/api/iam/v1" @@ -17,6 +17,7 @@ var _ client = (*gcpClient)(nil) // abstracted as an interface for stubbing during testing. See stubbedClient for // more details. type gcpClient struct { + logger log.Logger computeSvc *compute.Service iamSvc *iam.Service } @@ -33,7 +34,7 @@ func (c *gcpClient) InstanceGroups(ctx context.Context, project string, boundIns // Some groups returned are regional // TODO(emilymye, #73): Support regions? if strings.Contains(k, "/regions/") { - log.Printf("[WARN] ignoring key %q with region in instance group aggregated list", k) + c.logger.Debug("ignoring instance groups under region in instance group aggregated list", "key", k) continue } diff --git a/plugin/path_login.go b/plugin/path_login.go index 7e7bf21d..6228758b 100644 --- a/plugin/path_login.go +++ b/plugin/path_login.go @@ -663,6 +663,7 @@ func (b *GcpAuthBackend) authorizeGCEInstance(ctx context.Context, project strin return AuthorizeGCE(ctx, &AuthorizeGCEInput{ client: &gcpClient{ + logger: b.Logger(), computeSvc: computeClient, iamSvc: iamClient, },