From dc21fd6a5322b8b0282563b3f3590f99de74f4a2 Mon Sep 17 00:00:00 2001
From: David Collom <david.collom@jetstack.io>
Date: Wed, 16 Mar 2022 13:02:29 +0000
Subject: [PATCH] Implement WorkloadIdentity/InjectedIdentity Support

Signed-off-by: David Collom <david.collom@jetstack.io>
---
 Makefile                |  2 +-
 go.mod                  |  2 ++
 internal/clients/gcp.go | 23 +++++++++++++++--------
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/Makefile b/Makefile
index 11d6b66e..0b681eaa 100644
--- a/Makefile
+++ b/Makefile
@@ -125,4 +125,4 @@ crossplane.help:
 
 help-special: crossplane.help
 
-.PHONY: crossplane.help help-special
\ No newline at end of file
+.PHONY: crossplane.help help-special
diff --git a/go.mod b/go.mod
index 714bccb4..0786bd22 100644
--- a/go.mod
+++ b/go.mod
@@ -11,6 +11,8 @@ require (
 	github.com/hashicorp/terraform-provider-google v1.20.1-0.20211102210101-f004d2d203fa
 	github.com/pkg/errors v0.9.1
 	go.uber.org/multierr v1.7.0 // indirect
+	golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1
+	google.golang.org/api v0.59.0
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	k8s.io/apimachinery v0.22.0
 	k8s.io/client-go v0.22.0
diff --git a/internal/clients/gcp.go b/internal/clients/gcp.go
index 19199c69..6de78683 100644
--- a/internal/clients/gcp.go
+++ b/internal/clients/gcp.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
 	"github.com/crossplane/crossplane-runtime/pkg/resource"
 	"github.com/crossplane/terrajet/pkg/terraform"
 	"github.com/pkg/errors"
@@ -55,18 +56,24 @@ func TerraformSetupBuilder(version, providerSource, providerVersion string) terr
 			return ps, errors.Wrap(err, errTrackUsage)
 		}
 
-		data, err := resource.CommonCredentialExtractor(ctx, pc.Spec.Credentials.Source, client, pc.Spec.Credentials.CommonCredentialSelectors)
-		if err != nil {
-			return ps, errors.Wrap(err, errExtractCredentials)
-		}
-
 		// set provider configuration
 		ps.Configuration = map[string]interface{}{
 			keyProject: pc.Spec.ProjectID,
 		}
-		// set environment variables for sensitive provider configuration
-		ps.Env = []string{
-			fmt.Sprintf(fmtEnvVar, envCredentials, string(data)),
+
+		switch s := pc.Spec.Credentials.Source; s { //nolint:exhaustive
+		case xpv1.CredentialsSourceInjectedIdentity:
+			// We don't need to do anything here, as the TF Provider will take care of workloadIdentity etc.
+		default:
+			data, err := resource.CommonCredentialExtractor(ctx, pc.Spec.Credentials.Source, client, pc.Spec.Credentials.CommonCredentialSelectors)
+			if err != nil {
+				return ps, errors.Wrap(err, errExtractCredentials)
+			}
+
+			// set environment variables for sensitive provider configuration
+			ps.Env = []string{
+				fmt.Sprintf(fmtEnvVar, envCredentials, string(data)),
+			}
 		}
 		return ps, nil
 	}