From ea300b6d00aa7e56ecc8db7d86b839c90712e750 Mon Sep 17 00:00:00 2001
From: Malte Poll <mp@edgeless.systems>
Date: Thu, 17 Nov 2022 10:33:36 +0100
Subject: [PATCH] Terraform GCP: Always use local account for resource creation
 (#571)

* Terraform GCP: Always use local account for resource creation
* Update CHANGELOG
---
 CHANGELOG.md                                      | 9 ++++++---
 cli/internal/terraform/terraform/gcp/main.tf      | 2 --
 cli/internal/terraform/terraform/gcp/variables.tf | 5 -----
 cli/internal/terraform/variables.go               | 1 -
 4 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 111eaa770..c78f90252 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,13 +32,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 <!-- For now removed features. -->
 - `access-manager` was removed from code base. K8s native way to SSH into nodes documented.
 
+### Fixed
+
 ### Security
 
-## [2.2.2] - 2022-11-16
+## [2.2.2] - 2022-11-17
 
-Contains no changes compared to v2.2.1.
+### Fixed
 
-v2.2.2 was released, to fix a release process error encountered in v2.2.1. This lead to a broken QEMU-based Constellation deployment.
+- `constellation create` on GCP now always uses the local default credentials.
+- A release process error encountered in v2.2.1. This led to a broken QEMU-based Constellation deployment, where PCR[8] didn't match.
 
 ## [2.2.1] - 2022-11-16
 
diff --git a/cli/internal/terraform/terraform/gcp/main.tf b/cli/internal/terraform/terraform/gcp/main.tf
index 32ae54467..a016bd4c9 100644
--- a/cli/internal/terraform/terraform/gcp/main.tf
+++ b/cli/internal/terraform/terraform/gcp/main.tf
@@ -12,8 +12,6 @@ terraform {
 }
 
 provider "google" {
-  credentials = file(var.credentials_file)
-
   project = var.project
   region  = var.region
   zone    = var.zone
diff --git a/cli/internal/terraform/terraform/gcp/variables.tf b/cli/internal/terraform/terraform/gcp/variables.tf
index faf8477f1..bce6e5612 100644
--- a/cli/internal/terraform/terraform/gcp/variables.tf
+++ b/cli/internal/terraform/terraform/gcp/variables.tf
@@ -35,11 +35,6 @@ variable "zone" {
   description = "The GCP zone to deploy the cluster in."
 }
 
-variable "credentials_file" {
-  type        = string
-  description = "The path to the GCP credentials file."
-}
-
 variable "instance_type" {
   type        = string
   description = "The GCP instance type to deploy."
diff --git a/cli/internal/terraform/variables.go b/cli/internal/terraform/variables.go
index b8cbc0e39..ee4f2e28e 100644
--- a/cli/internal/terraform/variables.go
+++ b/cli/internal/terraform/variables.go
@@ -106,7 +106,6 @@ func (v *GCPVariables) String() string {
 	writeLinef(b, "project = %q", v.Project)
 	writeLinef(b, "region = %q", v.Region)
 	writeLinef(b, "zone = %q", v.Zone)
-	writeLinef(b, "credentials_file = %q", v.CredentialsFile)
 	writeLinef(b, "instance_type = %q", v.InstanceType)
 	writeLinef(b, "state_disk_type = %q", v.StateDiskType)
 	writeLinef(b, "image_id = %q", v.ImageID)