Skip to content

Commit 2b82639

Browse files
salrashid123salrashid123
committed
fix mtls id_token credential source
Signed-off-by: sal rashid <salrashid123@gmail.com>
1 parent 2448378 commit 2b82639

File tree

1 file changed

+13
-1
lines changed

1 file changed

+13
-1
lines changed

gcp-adc-tpm.go

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ import (
3030
"github.com/google/go-tpm/tpm2"
3131
"github.com/google/go-tpm/tpm2/transport"
3232
tpmmtls "github.com/salrashid123/mtls-tokensource/tpm"
33+
"google.golang.org/api/option"
3334
credentialspb "google.golang.org/genproto/googleapis/iam/credentials/v1"
3435
)
3536

@@ -336,7 +337,18 @@ func NewGCPTPMCredential(cfg *GCPTPMConfig) (Token, error) {
336337
}
337338

338339
ctx := context.Background()
339-
c, err := credentials.NewIamCredentialsClient(ctx)
340+
341+
ts, err := tpmmtls.TpmMTLSTokenSource(&tpmmtls.TpmMtlsTokenConfig{
342+
TPMDevice: cfg.TPMCloser,
343+
Handle: svcAccountKey,
344+
Audience: fmt.Sprintf("//iam.googleapis.com/projects/%s/locations/global/workloadIdentityPools/%s/providers/%s", cfg.ProjectNumber, cfg.PoolID, cfg.ProviderID),
345+
X509Certificate: cfg.Certificate,
346+
})
347+
if err != nil {
348+
return Token{}, fmt.Errorf("gcp-adc-tpm: error getting token %v", err)
349+
}
350+
351+
c, err := credentials.NewIamCredentialsClient(ctx, option.WithTokenSource(ts))
340352
if err != nil {
341353
return Token{}, fmt.Errorf("gcp-adc-tpm: error creatubg IAM Client: %v", err)
342354
}

0 commit comments

Comments
 (0)