chore: Removes token usage to native impersonation (terraform-google-modules#656)

amandakarina · web-flow · commit 769072480f2d · 2022-03-10T10:00:36.000-06:00
* Removes token usage to native impersonation

* Remove unnecessary blank line
diff --git a/1-org/envs/shared/providers.tf b/1-org/envs/shared/providers.tf
@@ -18,30 +18,13 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "600s"
-}
-
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
 
 provider "google-beta" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
-
diff --git a/2-environments/envs/development/providers.tf b/2-environments/envs/development/providers.tf
@@ -18,30 +18,13 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "600s"
-}
-
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
 
 provider "google-beta" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
-
diff --git a/2-environments/envs/non-production/providers.tf b/2-environments/envs/non-production/providers.tf
@@ -18,30 +18,13 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "600s"
-}
-
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
 
 provider "google-beta" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
-
diff --git a/2-environments/envs/production/providers.tf b/2-environments/envs/production/providers.tf
@@ -18,30 +18,13 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "600s"
-}
-
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
 
 provider "google-beta" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
-
diff --git a/3-networks/envs/development/providers.tf b/3-networks/envs/development/providers.tf
@@ -18,32 +18,16 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "1200s"
-}
 
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token    = data.google_service_account_access_token.default.access_token
-  request_timeout = "60s"
+  impersonate_service_account = local.tf_sa
+  request_timeout             = "60s"
 }
 
 provider "google-beta" {
-  access_token    = data.google_service_account_access_token.default.access_token
-  request_timeout = "60s"
+  impersonate_service_account = local.tf_sa
+  request_timeout             = "60s"
 }
-
diff --git a/3-networks/envs/non-production/providers.tf b/3-networks/envs/non-production/providers.tf
@@ -18,32 +18,16 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "1200s"
-}
 
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token    = data.google_service_account_access_token.default.access_token
-  request_timeout = "60s"
+  impersonate_service_account = local.tf_sa
+  request_timeout             = "60s"
 }
 
 provider "google-beta" {
-  access_token    = data.google_service_account_access_token.default.access_token
-  request_timeout = "60s"
+  impersonate_service_account = local.tf_sa
+  request_timeout             = "60s"
 }
-
diff --git a/3-networks/envs/production/providers.tf b/3-networks/envs/production/providers.tf
@@ -18,32 +18,16 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "1200s"
-}
 
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token    = data.google_service_account_access_token.default.access_token
-  request_timeout = "60s"
+  impersonate_service_account = local.tf_sa
+  request_timeout             = "60s"
 }
 
 provider "google-beta" {
-  access_token    = data.google_service_account_access_token.default.access_token
-  request_timeout = "60s"
+  impersonate_service_account = local.tf_sa
+  request_timeout             = "60s"
 }
-
diff --git a/3-networks/envs/shared/providers.tf b/3-networks/envs/shared/providers.tf
@@ -18,32 +18,16 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "1200s"
-}
 
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token    = data.google_service_account_access_token.default.access_token
-  request_timeout = "60s"
+  impersonate_service_account = local.tf_sa
+  request_timeout             = "60s"
 }
 
 provider "google-beta" {
-  access_token    = data.google_service_account_access_token.default.access_token
-  request_timeout = "60s"
+  impersonate_service_account = local.tf_sa
+  request_timeout             = "60s"
 }
-
diff --git a/4-projects/business_unit_1/development/providers.tf b/4-projects/business_unit_1/development/providers.tf
@@ -18,29 +18,14 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "1200s"
-}
 
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
 
 provider "google-beta" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
diff --git a/4-projects/business_unit_1/non-production/providers.tf b/4-projects/business_unit_1/non-production/providers.tf
@@ -18,29 +18,13 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "1200s"
-}
-
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
 
 provider "google-beta" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
diff --git a/4-projects/business_unit_1/production/providers.tf b/4-projects/business_unit_1/production/providers.tf
@@ -18,29 +18,14 @@ locals {
   tf_sa = var.terraform_service_account
 }
 
-provider "google" {
-  alias = "impersonate"
-
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonate
-  target_service_account = local.tf_sa
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "1200s"
-}
 
 /******************************************
   Provider credential configuration
  *****************************************/
 provider "google" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
 
 provider "google-beta" {
-  access_token = data.google_service_account_access_token.default.access_token
+  impersonate_service_account = local.tf_sa
 }
diff --git a/4-projects/business_unit_1/shared/providers.tf b/4-projects/business_unit_1/shared/providers.tf
diff --git a/4-projects/business_unit_2/development/providers.tf b/4-projects/business_unit_2/development/providers.tf
diff --git a/4-projects/business_unit_2/non-production/providers.tf b/4-projects/business_unit_2/non-production/providers.tf
diff --git a/4-projects/business_unit_2/production/providers.tf b/4-projects/business_unit_2/production/providers.tf
diff --git a/4-projects/business_unit_2/shared/providers.tf b/4-projects/business_unit_2/shared/providers.tf
