From e1464c379c89965674c886de98beffdb963a840d Mon Sep 17 00:00:00 2001
From: Ryan Richard <richardry@vmware.com>
Date: Fri, 15 Nov 2024 09:40:22 -0800
Subject: [PATCH] improve how scripts check for gcloud auth

---
 hack/edit-gcloud-secret.sh                             |  5 ++---
 hack/fly-helpers.sh                                    |  2 +-
 hack/get-aws-ad-env-vars.sh                            |  4 ++--
 hack/get-github-env-vars.sh                            |  4 ++--
 infra/concourse-install/bootstrap-secrets.sh           |  7 +++----
 .../delete-concourse-internal-workers.sh               | 10 ++++++++--
 .../deploy-concourse-internal-workers.sh               | 10 ++++++++--
 infra/concourse-install/deploy-concourse-web.sh        | 10 ++++++++--
 8 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/hack/edit-gcloud-secret.sh b/hack/edit-gcloud-secret.sh
index 3b85e0c81..06a81a020 100755
--- a/hack/edit-gcloud-secret.sh
+++ b/hack/edit-gcloud-secret.sh
@@ -23,11 +23,10 @@ if ! command -v gcloud &> /dev/null; then
     echo "Please install the gcloud CLI"
     exit 1
 fi
-if [[ -z "$(gcloud config list account --format "value(core.account)")" ]]; then
-  echo "Please run \`gcloud auth login\`"
+if ! gcloud auth print-access-token &>/dev/null; then
+  echo "Please run \`gcloud auth login\` and try again."
   exit 1
 fi
-
 if [[ -z "${PINNIPED_GCP_PROJECT:-}" ]]; then
   echo "PINNIPED_GCP_PROJECT env var must be set"
   exit 1
diff --git a/hack/fly-helpers.sh b/hack/fly-helpers.sh
index 1739a4579..8e8565b02 100644
--- a/hack/fly-helpers.sh
+++ b/hack/fly-helpers.sh
@@ -19,7 +19,7 @@ function set_pipeline() {
   "$ROOT_DIR"/hack/setup-fly.sh
 
   # Ensure that the user is authenticated with gcloud.
-  if [[ -z "$(gcloud config list account --format "value(core.account)")" ]]; then
+  if ! gcloud auth print-access-token &>/dev/null; then
     echo "Please run \`gcloud auth login\` and try again."
     exit 1
   fi
diff --git a/hack/get-aws-ad-env-vars.sh b/hack/get-aws-ad-env-vars.sh
index 9689d42c4..571fdb9d4 100755
--- a/hack/get-aws-ad-env-vars.sh
+++ b/hack/get-aws-ad-env-vars.sh
@@ -6,8 +6,8 @@
 # To be run before local integration tests.
 # From the pinniped repo:
 # hack/prepare-for-integration-tests.sh --get-active-directory-vars "../pinniped-ci-branch/hack/get-aws-ad-env-vars.sh"
-if [[ -z "$(gcloud config list account --format "value(core.account)")" ]]; then
-  echo "Please run \`gcloud auth login\`"
+if ! gcloud auth print-access-token &>/dev/null; then
+  echo "Please run \`gcloud auth login\` and try again."
   exit 1
 fi
 
diff --git a/hack/get-github-env-vars.sh b/hack/get-github-env-vars.sh
index 3ba143808..9afb0cc67 100755
--- a/hack/get-github-env-vars.sh
+++ b/hack/get-github-env-vars.sh
@@ -6,8 +6,8 @@
 # To be run before local integration tests.
 # From the pinniped repo:
 # hack/prepare-for-integration-tests.sh --get-github-vars "../pinniped-ci-branch/hack/get-github-env-vars.sh"
-if [[ -z "$(gcloud config list account --format "value(core.account)")" ]]; then
-  echo "Please run \`gcloud auth login\`"
+if ! gcloud auth print-access-token &>/dev/null; then
+  echo "Please run \`gcloud auth login\` and try again."
   exit 1
 fi
 
diff --git a/infra/concourse-install/bootstrap-secrets.sh b/infra/concourse-install/bootstrap-secrets.sh
index bf685fee4..46529ed34 100755
--- a/infra/concourse-install/bootstrap-secrets.sh
+++ b/infra/concourse-install/bootstrap-secrets.sh
@@ -5,7 +5,7 @@
 
 set -euo pipefail
 
-# Require two env vars.
+# Require env vars.
 if [[ -z "${GITHUB_CLIENT_ID:-}" ]]; then
   echo "GITHUB_CLIENT_ID env var must be set"
   exit 1
@@ -14,7 +14,6 @@ if [[ -z "${GITHUB_CLIENT_SECRET:-}" ]]; then
   echo "GITHUB_CLIENT_SECRET env var must be set"
   exit 1
 fi
-
 if [[ -z "${PINNIPED_GCP_PROJECT:-}" ]]; then
   echo "PINNIPED_GCP_PROJECT env var must be set"
   exit 1
@@ -29,8 +28,8 @@ if ! command -v yq &>/dev/null; then
   echo "Please install the yq CLI"
   exit
 fi
-if [[ -z "$(gcloud config list account --format "value(core.account)")" ]]; then
-  echo "Please run \`gcloud auth login\`"
+if ! gcloud auth print-access-token &>/dev/null; then
+  echo "Please run \`gcloud auth login\` and try again."
   exit 1
 fi
 
diff --git a/infra/concourse-install/delete-concourse-internal-workers.sh b/infra/concourse-install/delete-concourse-internal-workers.sh
index 2a29dcebb..d8421535f 100755
--- a/infra/concourse-install/delete-concourse-internal-workers.sh
+++ b/infra/concourse-install/delete-concourse-internal-workers.sh
@@ -31,8 +31,14 @@ if ! command -v terraform &>/dev/null; then
   echo "Please install the terraform CLI"
   exit
 fi
-if [[ -z "$(gcloud config list account --format "value(core.account)")" ]]; then
-  echo "Please run \`gcloud auth login\`"
+# This is needed for running gcloud commands.
+if ! gcloud auth print-access-token &>/dev/null; then
+  echo "Please run \`gcloud auth login\` and try again."
+  exit 1
+fi
+# This is needed for running terraform commands.
+if ! gcloud auth application-default print-access-token --quiet &>/dev/null; then
+  echo "Please run \`gcloud auth application-default login\` and try again."
   exit 1
 fi
 
diff --git a/infra/concourse-install/deploy-concourse-internal-workers.sh b/infra/concourse-install/deploy-concourse-internal-workers.sh
index 2599bc69b..5850858d8 100755
--- a/infra/concourse-install/deploy-concourse-internal-workers.sh
+++ b/infra/concourse-install/deploy-concourse-internal-workers.sh
@@ -36,8 +36,14 @@ if ! command -v terraform &>/dev/null; then
   echo "Please install the terraform CLI"
   exit
 fi
-if [[ -z "$(gcloud config list account --format "value(core.account)")" ]]; then
-  echo "Please run \`gcloud auth login\`"
+# This is needed for running gcloud commands.
+if ! gcloud auth print-access-token &>/dev/null; then
+  echo "Please run \`gcloud auth login\` and try again."
+  exit 1
+fi
+# This is needed for running terraform commands.
+if ! gcloud auth application-default print-access-token --quiet &>/dev/null; then
+  echo "Please run \`gcloud auth application-default login\` and try again."
   exit 1
 fi
 
diff --git a/infra/concourse-install/deploy-concourse-web.sh b/infra/concourse-install/deploy-concourse-web.sh
index bfbd79c17..4bb476595 100755
--- a/infra/concourse-install/deploy-concourse-web.sh
+++ b/infra/concourse-install/deploy-concourse-web.sh
@@ -36,8 +36,14 @@ if ! command -v terraform &>/dev/null; then
   echo "Please install the terraform CLI"
   exit
 fi
-if [[ -z "$(gcloud config list account --format "value(core.account)")" ]]; then
-  echo "Please run \`gcloud auth login\`"
+# This is needed for running gcloud commands.
+if ! gcloud auth print-access-token &>/dev/null; then
+  echo "Please run \`gcloud auth login\` and try again."
+  exit 1
+fi
+# This is needed for running terraform commands.
+if ! gcloud auth application-default print-access-token --quiet &>/dev/null; then
+  echo "Please run \`gcloud auth application-default login\` and try again."
   exit 1
 fi