Add flex oidc support (#20324)

iQQBot · web-flow · commit 6a1111a2db63 · 2024-10-29T04:26:54.000-04:00
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -341,5 +341,5 @@ ENV PRE_COMMIT_HOME=/workspace/.pre-commit
 
 # Setting the environment variable here so that it will be accessible to all tasks and
 # terminal sessions in Gitpod workspaces.
-ENV PREVIEW_ENV_DEV_SA_KEY_PATH=
+ENV PREVIEW_ENV_DEV_SA_KEY_PATH=/root/.config/gcloud/sa.json
 ENV GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES=1
diff --git a/dev/flex-oidc/oidc.js b/dev/flex-oidc/oidc.js
@@ -8,15 +8,15 @@ const getIDToken = async () => {
             const config = JSON.parse(fs.readFileSync(configPath, "utf8"));
 
             const controlPlaneApiEndpoint = config.controlPlaneApiEndpoint;
-            const workspaceToken = config.workspaceToken;
+            const environmentToken = config.environmentToken;
 
             const url = new URL(controlPlaneApiEndpoint);
             const client = http2.connect(url.origin);
 
             const req = client.request({
                 ":method": "POST",
                 "content-type": "application/json",
-                authorization: `Bearer ${workspaceToken}`,
+                authorization: `Bearer ${environmentToken}`,
                 ":path": `${url.pathname}/gitpod.v1.IdentityService/GetIDToken`,
             });
 
diff --git a/dev/preview/workflow/preview/configure-workspace.sh b/dev/preview/workflow/preview/configure-workspace.sh
@@ -20,11 +20,11 @@ fi
 
 if [ -f "/usr/local/gitpod/config/initial-spec.json" ]; then
   gcloud iam workload-identity-pools create-cred-config \
-    projects/184212049955/locations/global/workloadIdentityPools/gitpod-next/providers/gitpod-next-provider \
+    projects/184212049955/locations/global/workloadIdentityPools/gitpod-flex/providers/gitpod-flex-provider \
     --service-account=preview-environmnet-dev@gitpod-dev-preview.iam.gserviceaccount.com \
     --service-account-token-lifetime-seconds=1h \
     --output-file="${PREVIEW_ENV_DEV_SA_KEY_PATH}" \
-    --executable-command='node /workspace/gitpod/dev/next-oidc/oidc.js' \
+    --executable-command='node /workspace/gitpod/dev/flex-oidc/oidc.js' \
     --executable-timeout-millis=5000
 elif [[ -n "${PREVIEW_ENV_DEV_CRED:-}" ]]; then
   echo "${PREVIEW_ENV_DEV_CRED}" >"${PREVIEW_ENV_DEV_SA_KEY_PATH}"
