feat: skip GCP ADC authent when GCP_JWT is not present

Don't set GCP ADC authent when GCP_JWT is not present to preserve gitlab-ci-local with local GCP authentication

feat: skip GCP ADC authent when GCP_JWT is not present
9ffc6327 · Pierre Smeyers · 21cf0fdf · 9ffc6327
Commit 9ffc6327 authored 4 months ago by Pierre Smeyers
--- a/templates/gitlab-ci-k8s-gcp.yml
+++ b/templates/gitlab-ci-k8s-gcp.yml
@@ -57,9 +57,11 @@ variables:
  K8S_KUBECTL_IMAGE: $[[ inputs.kubectl-image ]]

 .k8s-gcp-adc:
-  - echo "Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"
-  - echo $GCP_JWT > "$CI_BUILDS_DIR/.auth_token.jwt"
-  - |-
+  - |
+    if [[ "$GCP_JWT" ]]
+    then
+      echo "Installing GCP authentication with env GOOGLE_APPLICATION_CREDENTIALS file"
+      echo $GCP_JWT > "$CI_BUILDS_DIR/.auth_token.jwt"
      if [[ "$ENV_TYPE" ]]
      then
        case "$ENV_TYPE" in
@@ -79,7 +81,6 @@ variables:
      fi
      oidc_provider="${env_oidc_provider:-$GCP_OIDC_PROVIDER}"
      oidc_account="${env_oidc_account:-$GCP_OIDC_ACCOUNT}"
-  - |-
      cat << EOF > "$CI_BUILDS_DIR/google_application_credentials.json"
      {
        "type": "external_account",
@@ -92,7 +93,10 @@ variables:
        "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${oidc_account}:generateAccessToken"
      }
    EOF
-  - export GOOGLE_APPLICATION_CREDENTIALS="$CI_BUILDS_DIR/google_application_credentials.json"
+      export GOOGLE_APPLICATION_CREDENTIALS="$CI_BUILDS_DIR/google_application_credentials.json"
+    else
+      echo '[WARN] $GCP_JWT is not set: cannot setup Application Default Credentials (ADC) authentication'
+    fi

 .k8s-deploy:
  id_tokens: