github.com/argoproj/argo-cd/v3@v3.2.1/cmd/argocd-k8s-auth/commands/gcp.go

github.com/argoproj/argo-cd/v3@v3.2.1/cmd/argocd-k8s-auth/commands/gcp.go (about)

     1  package commands
     2  
     3  import (
     4  	"fmt"
     5  	"os"
     6  
     7  	"github.com/spf13/cobra"
     8  	"golang.org/x/oauth2/google"
     9  
    10  	"github.com/argoproj/argo-cd/v3/util/errors"
    11  )
    12  
    13  // defaultGCPScopes:
    14  //   - cloud-platform is the base scope to authenticate to GCP.
    15  //   - userinfo.email is used to authenticate to GKE APIs with gserviceaccount
    16  //     email instead of numeric uniqueID.
    17  //
    18  // https://github.com/kubernetes/client-go/blob/be758edd136e61a1bffadf1c0235fceb8aee8e9e/plugin/pkg/client/auth/gcp/gcp.go#L59
    19  var defaultGCPScopes = []string{
    20  	"https://www.googleapis.com/auth/cloud-platform",
    21  	"https://www.googleapis.com/auth/userinfo.email",
    22  }
    23  
    24  func newGCPCommand() *cobra.Command {
    25  	command := &cobra.Command{
    26  		Use: "gcp",
    27  		Run: func(c *cobra.Command, _ []string) {
    28  			ctx := c.Context()
    29  
    30  			// Preferred way to retrieve GCP credentials
    31  			// https://github.com/golang/oauth2/blob/9780585627b5122c8cc9c6a378ac9861507e7551/google/doc.go#L54-L68
    32  			cred, err := google.FindDefaultCredentials(ctx, defaultGCPScopes...)
    33  			errors.CheckError(err)
    34  			token, err := cred.TokenSource.Token()
    35  			errors.CheckError(err)
    36  			_, _ = fmt.Fprint(os.Stdout, formatJSON(token.AccessToken, token.Expiry))
    37  		},
    38  	}
    39  	return command
    40  }