find special cloud shell spot for creds

pkg/addons/gcpauth/enable.go

@@ -19,9 +19,10 @@ package gcpauth
 import (
 	"bytes"
 	"context"
-	"encoding/json"
+	"io/ioutil"
 	"os"
 	"os/exec"
+	"path"
 	"strconv"
 
 	"github.com/pkg/errors"
@@ -65,15 +66,18 @@ func enableAddon(cfg *config.ClusterConfig) error {
 	}
 
 	if creds.JSON == nil {
-		// credentials were found from the surrounding environment instead of from a file, we need to create a file from these creds.
-		token, err := creds.TokenSource.Token()
-		if err != nil {
-			// well that's no good, the creds aren't valid
+		// If we're in a special environment, the creds file goes in a special place.
+		if e := os.Getenv("CLOUDSDK_CONFIG"); e != "" {
+			credFile := path.Join(e, "application_default_credentials.json")
+			b, err := ioutil.ReadFile(credFile)
+			if err != nil {
+				exit.Message(reason.InternalCredsNotFound, "Could not find any GCP credentials. Either run `gcloud auth application-default login` or set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of your credentials file.")
+			}
+			creds.JSON = b
+		} else {
+			// We don't currently support authentication through the metadata server
 			exit.Message(reason.InternalCredsNotFound, "Could not find any GCP credentials. Either run `gcloud auth application-default login` or set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of your credentials file.")
 		}
-		tokenCredsBuffer := new(bytes.Buffer)
-		json.NewEncoder(tokenCredsBuffer).Encode(token)
-		creds.JSON = tokenCredsBuffer.Bytes()
 	}
 
 	f := assets.NewMemoryAssetTarget(creds.JSON, credentialsPath, "0444")