Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion pkg/asset/installconfig/gcp/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -720,7 +720,11 @@ func (c *Client) GetNamespacedTagValue(ctx context.Context, tagNamespacedName st
}

func (c *Client) getKeyManagementClient(ctx context.Context) (*kms.KeyManagementClient, error) {
kmsClient, err := kms.NewKeyManagementClient(ctx, option.WithCredentials(c.ssn.Credentials))
opts, err := CredentialOptions(c.ssn)
if err != nil {
return nil, fmt.Errorf("failed to get credential options: %w", err)
}
kmsClient, err := kms.NewKeyManagementClient(ctx, opts...)
if err != nil {
return nil, fmt.Errorf("failed to create kms key management client: %w", err)
}
Expand Down
27 changes: 22 additions & 5 deletions pkg/asset/installconfig/gcp/services.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,17 +59,34 @@ func CreateEndpointOption(endpointName string, service ServiceNameGCP) option.Cl
return option.WithEndpoint(endpoint)
}

// CredentialOptions returns the client options for authenticating with GCP,
// including universe domain support for Google Cloud Dedicated.
// When credential JSON is available, it is passed via WithCredentialsJSON so
// the client library can use self-signed JWTs for non-default universe
// domains (where the OAuth2 token endpoint is unavailable). Falls back to
// WithCredentials for metadata-based credentials that have no JSON.
func CredentialOptions(ssn *Session) ([]option.ClientOption, error) {
ud, err := ssn.Credentials.GetUniverseDomain()
if err != nil {
return nil, fmt.Errorf("failed to get universe domain: %w", err)
}
var opts []option.ClientOption
if len(ssn.Credentials.JSON) > 0 {
opts = append(opts, option.WithCredentialsJSON(ssn.Credentials.JSON))
} else {
opts = append(opts, option.WithCredentials(ssn.Credentials))
}
Comment thread
patrickdillon marked this conversation as resolved.
opts = append(opts, option.WithUniverseDomain(ud))
return opts, nil
}

// getOptions creates the options for use during service creation.
func getOptions(ctx context.Context) ([]option.ClientOption, error) {
ssn, err := GetSession(ctx)
if err != nil {
return nil, fmt.Errorf("failed to get session: %w", err)
}

options := []option.ClientOption{
option.WithCredentials(ssn.Credentials),
}
return options, nil
return CredentialOptions(ssn)
}

// GetComputeService creates the compute service. The service is created with credentials and any service
Expand Down
11 changes: 11 additions & 0 deletions pkg/clusterapi/system.go
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,17 @@ func (c *system) Run(ctx context.Context) error { //nolint:gocyclo
logrus.Infof("setting %q to %s for capg infrastructure controller", gAppCredEnvVar, v)
}

// Google Cloud Dedicated support: detect universe domain from
// credentials and pass it to the CAPG controller via env var.
ud, err := session.Credentials.GetUniverseDomain()
if err != nil {
return fmt.Errorf("failed to get universe domain from gcp credentials: %w", err)
}
if ud != "googleapis.com" {
capgEnvVars["GOOGLE_CLOUD_UNIVERSE_DOMAIN"] = ud
logrus.Infof("setting GOOGLE_CLOUD_UNIVERSE_DOMAIN to %q for capg infrastructure controller", ud)
}

controllers = append(controllers,
c.getInfrastructureController(
&GCP,
Expand Down
6 changes: 5 additions & 1 deletion pkg/quota/gcp/gcp.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package gcp

import (
"context"
"fmt"
"net/http"
"sort"
"strings"
Expand Down Expand Up @@ -35,7 +36,10 @@ func Load(ctx context.Context, project string, endpoint *gcptypes.PSCEndpoint, s
if err != nil {
return nil, errors.Wrap(err, "failed to create services svc")
}
metricsOptions := []option.ClientOption{option.WithCredentials(ssn.Credentials)}
metricsOptions, err := gcpconfig.CredentialOptions(ssn)
if err != nil {
return nil, fmt.Errorf("failed to get credential options: %w", err)
}
metricsSvc, err := monitoring.NewMetricClient(ctx, metricsOptions...)
if err != nil {
return nil, errors.Wrap(err, "failed to create metrics svc")
Expand Down