impersonate_service_account configuration is no longer working in version 1.1.4

[shpml]

Overview of the Issue

The impersonate_service_account configuration is no longer working in version 1.1.4. It seems to have been removed but there is no mention in the releases page, the full changelog shows it has been changed and now looks like there is a dependency on Hashicorp Vault.

ImpersonateServiceAccount string `mapstructure:"impersonate_service_account" required:"false"`
// Can be set instead of account_file. If set, this builder will use
// HashiCorp Vault to generate an Oauth token for authenticating against
// Google Cloud. The value should be the path of the token generator
// within vault.

Plugin and Packer version

Tested with

Packer v1.9.5
http://github.com/hashicorp/googlecompute v1.1.4

Packer v1.10.0
http://github.com/hashicorp/googlecompute v1.1.4

Simplified Packer Buildfile

source "googlecompute" "my_project" {
  image_name                  = "custom-image"
  impersonate_service_account = "[email protected]"
  instance_name               = "custom-image"
  machine_type                = "e2-medium"
  project_id                  = var.gcp_project_id
  source_image_family         = var.base_image_family
  ssh_username                = "packer"
}

build {
  sources = ["source.googlecompute.my_project"]

  provisioner "ansible" {
    playbook_file   = "${var.home}/.ansible/playbooks/${var.playbook_file}"
    roles_path      = "${var.home}/.ansible/roles"
    user            = "packer"
  }
}

Log Fragments and crash.log files

packer init image/my-project.pkr.hcl

Installed plugin github.com/hashicorp/ansible v1.1.1 in "/root/.config/packer/plugins/github.com/hashicorp/ansible/packer-plugin-ansible_v1.1.1_x5.0_linux_amd64"

Installed plugin github.com/hashicorp/googlecompute v1.1.4 in "/root/.config/packer/plugins/github.com/hashicorp/googlecompute/packer-plugin-googlecompute_v1.1.4_x5.0_linux_amd64"

packer build -timestamp-ui -on-error=cleanup \
-var-file=env/env_vars.pkrvars.hcl \
image/my-project.pkr.hcl

googlecompute.my_project: output will be in this color.

2023-12-11T05:34:03Z: Build 'googlecompute.my_project' errored after 812 microseconds: impersonate: scopes must be provided

Work Around

Version lock to 1.1.3

packer {
  required_plugins {
    ansible = {
      version = "~> 1.1"
      source  = "github.com/hashicorp/ansible"
    }

    googlecompute = {
      source  = "github.com/hashicorp/googlecompute"
      version = "1.1.3"
    }
  }
}

[scottjab]

I am also seeing this exact issue.

[histamineblkr]

We are experiencing the same issue on all of our pipelines using the google compute module and need to pin to 1.1.3 to maintain successful builds.

[DaveSchile-Zonar]

Same.

[ruettenm]

We have the same problem with version 1.1.4. A rollback to 1.1.3 also solved the problem on our side.

If impersonate_service_account is really not supported anymore I would have assumed that it is a breaking change and a new major version.

[jfpanisset]

Same experience here trying to use the code in:

https://github.com/GoogleCloudPlatform/cloud-builders-community/tree/master/packer/examples/gce

and found a similar issue against that repo:

GoogleCloudPlatform/cloud-builders-community#641

Rolling back the googlecompute plugin to 1.1.3 allowed the build to complete.

[stkelly99]

I am also seeing this issue in all versions after 1.1.3 - build runs successfully on 1.1.3 but fails when tested against 1.1.6 and 1.1.4. I am keen to upgrade to the latest version of the plugin due to vulnerabilities that are being reported with version 1.1.3. Please advise if there are any plans to address this issue . Thanks

[kxs-mdoyon]

Any plan to work on that gub?