Skip to content

Instantly share code, notes, and snippets.

@geirsagberg

geirsagberg/tfsa.ts

Created April 20, 2021 12:04
Show Gist options
  • Save geirsagberg/847708d601ad31c72b90dff362dbe577 to your computer and use it in GitHub Desktop.
Save geirsagberg/847708d601ad31c72b90dff362dbe577 to your computer and use it in GitHub Desktop.
Download ZIP
Deno script for impersonating STM SA
Raw
tfsa.ts
#!/usr/bin/env -S deno run --allow-net --allow-read --allow-run
let tfVars: string;
try {
tfVars = Deno.readTextFileSync("./environments/STM.tfvars");
} catch (error) {
console.error(error);
Deno.exit(1);
}
const projectId = tfVars.match(/project_id\s+=\s+"(?<project_id>.+?)"/)?.groups
?.project_id;
if (!projectId) {
console.error("Project ID not found");
Deno.exit(2);
}
const tokenOutput = await Deno.run({
cmd: [
"gcloud",
"--impersonate-service-account=terraform@" +
projectId +
".iam.gserviceaccount.com",
"auth",
"print-access-token",
],
stdout: "piped",
}).output();
const token = new TextDecoder().decode(tokenOutput).trim();
await Deno.run({
cmd: ["terraform"].concat(Deno.args),
env: {
GOOGLE_OAUTH_ACCESS_TOKEN: token,
},
}).status();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment