diff --git a/internal/agentdeployer/_static/docker-agent-base.yml.tmpl b/internal/agentdeployer/_static/docker-agent-base.yml.tmpl index c31e12fa0..baf97441c 100644 --- a/internal/agentdeployer/_static/docker-agent-base.yml.tmpl +++ b/internal/agentdeployer/_static/docker-agent-base.yml.tmpl @@ -6,6 +6,8 @@ {{- $agent_version := fact "agent_version" }} {{- $agent_image := fact "agent_image" }} {{- $enrollment_token := fact "enrollment_token" }} +{{- $google_application_credentials := fact "google_application_credentials" -}} +{{- $google_credential_source_file := fact "google_credential_source_file" -}} services: elastic-agent: hostname: ${AGENT_HOSTNAME} @@ -62,5 +64,21 @@ services: source: ${SERVICE_LOGS_DIR} target: /run/service_logs/ read_only: false + {{ if ne $google_application_credentials "" }} + # Mount Google Application Credentials file provided + # Required for external accounts authentication when creating resources via terraform in GCP + - type: bind + source: {{ $google_application_credentials }} + target: {{ $google_application_credentials }} + read_only: true + {{ end }} + {{ if ne $google_credential_source_file "" }} + # Mount Google credential source file (token file) provided + # Required for external accounts authentication when creating resources via terraform in GCP + - type: bind + source: {{ $google_credential_source_file }} + target: {{ $google_credential_source_file }} + read_only: true + {{ end }} extra_hosts: - "host.docker.internal:host-gateway" diff --git a/internal/agentdeployer/agent.go b/internal/agentdeployer/agent.go index 794db8c1e..67652a4dc 100644 --- a/internal/agentdeployer/agent.go +++ b/internal/agentdeployer/agent.go @@ -306,21 +306,39 @@ func (d *DockerComposeAgentDeployer) installDockerCompose(ctx context.Context, a return "", nil } + googleApplicationCredentials := os.Getenv("GOOGLE_APPLICATION_CREDENTIALS") + if googleApplicationCredentials != "" { + if _, err := os.Stat(googleApplicationCredentials); err != nil { + logger.Warn("GOOGLE_APPLICATION_CREDENTIALS environment variable is set, but the file does not exist. Skipping inclusion in agent configuration.") + googleApplicationCredentials = "" + } + } + + googleCredentialSourceFile := os.Getenv("GOOGLE_CREDENTIAL_SOURCE_FILE") + if googleCredentialSourceFile != "" { + if _, err := os.Stat(googleCredentialSourceFile); err != nil { + logger.Warn("GOOGLE_CREDENTIAL_SOURCE_FILE environment variable is set, but the file does not exist. Skipping inclusion in agent configuration.") + googleCredentialSourceFile = "" + } + } + resourceManager := resource.NewManager() resourceManager.AddFacter(resource.StaticFacter{ - "agent_image": agentImage, - "user": agentInfo.Agent.User, - "capabilities": strings.Join(agentInfo.Agent.LinuxCapabilities, ","), - "runtime": agentInfo.Agent.Runtime, - "pid_mode": agentInfo.Agent.PidMode, - "ports": strings.Join(agentInfo.Agent.Ports, ","), - "dockerfile_hash": hex.EncodeToString(hashDockerfile), - "agent_version": agentVersion, - "fleet_url": fleetURL, - "kibana_host": stack.DockerInternalHost(kibanaHost), - "elasticsearch_username": config.ElasticsearchUsername, - "elasticsearch_password": config.ElasticsearchPassword, - "enrollment_token": enrollmentToken, + "agent_image": agentImage, + "user": agentInfo.Agent.User, + "capabilities": strings.Join(agentInfo.Agent.LinuxCapabilities, ","), + "runtime": agentInfo.Agent.Runtime, + "pid_mode": agentInfo.Agent.PidMode, + "ports": strings.Join(agentInfo.Agent.Ports, ","), + "dockerfile_hash": hex.EncodeToString(hashDockerfile), + "agent_version": agentVersion, + "fleet_url": fleetURL, + "kibana_host": stack.DockerInternalHost(kibanaHost), + "elasticsearch_username": config.ElasticsearchUsername, + "elasticsearch_password": config.ElasticsearchPassword, + "enrollment_token": enrollmentToken, + "google_credential_source_file": googleCredentialSourceFile, + "google_application_credentials": googleApplicationCredentials, }) resourceManager.RegisterProvider("file", &resource.FileProvider{