I have created an Azure pipeline that should auth with a GCP service account and do the maven test step. In the test I have a BigQuery client directly connecting to the BigQuery datasets, querying it and doing some assertions, that's why I need the credentials.
It is all working fine on my local machine, where I have pointe GOOGLE_APPLICATION_CREDENTIALS
to the .json
containing the service account key.
Even in the pipeline, everything works fine with the key (I've checked it on some terraform steps and they are picking up the credentials provided in such a way), except the maven command.
Below is the code I'm using:
Azure pipeline:
steps:
- task: Bash@3
displayName: Copy GCP Service Account Key
inputs:
workingDirectory: ${{parameters.working_drectory}}
targetType: 'inline'
script: 'echo ${{parameters.credentials}} | base64 -d > svc.json'
- task: laurensknoll.google-cloud-sdk-tasks.gcloud-runner.GcloudRunner@0
displayName: 'gcloud auth activate-service-account'
inputs:
command: 'auth activate-service-account'
arguments: '--key-file svc.json'
workingDirectory: ${{parameters.working_drectory}}
- task: laurensknoll.google-cloud-sdk-tasks.gcloud-runner.GcloudRunner@0
displayName: 'gcloud config set project'
inputs:
command: 'config set project'
arguments: ${{parameters.project}}
workingDirectory: ${{parameters.working_drectory}}
- task: MavenAuthenticate@0
# This task will authenticate your maven feed for input deps and output deps
inputs:
artifactsFeeds: $(incomingFeedName)
- task: Maven@3
# The version in the POM has to be set to the 'correct value' which is defined by line 2 of this file
# Note that this changes the pom, so the cache key in the step called 'Cache Maven' will change, and we will need to change this back later
inputs:
mavenPomFile: 'samples/testproject/pom.xml'
goals: 'test'
mavenAuthenticateFeed: true
displayName: Build test and set the version, package
relavant POM part:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>${maven-surefire-plugin.version}</version>
<configuration>
<parallel>all</parallel>
<threadCount>4</threadCount>
<redirectTestOutputToFile>true</redirectTestOutputToFile>
<systemPropertyVariables>
<WSNSHELL_HOME>GOOGLE_APPLICATION_CREDENTIALS</WSNSHELL_HOME>
</systemPropertyVariables>
</configuration>
<dependencies>
<dependency>
<groupId>org.apache.maven.surefire</groupId>
<artifactId>surefire-junit47</artifactId>
<version>${maven-surefire-plugin.version}</version>
</dependency>
</dependencies>
</plugin>
I have tried as well as passing the GOOGLE_APPLICATION_CREDENTIALS
as an option to maven with -DGOOGLE_APPLICATION_CREDENTIALS=svc.json
but that hasn't worked either
The issue was that the credentials json file wasn't present in the maven working directory, meaning the maven working directory and other steps working directory wasn't the same.
The issue was fixed by copying the credentials json file to the maven working directory.