ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

providers/google: Allow custom Compute Engine service account 

This commit allows an operator to specify the e-mail address of a service
account to use with a Google Compute Engine instance. If no service account
e-mail is provided, the default service account is used.

Closes #7985
This commit is contained in:
Evan Brown 2016-08-04 14:12:52 -07:00
parent f75c3a9459
commit 0e565e5973
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
builtin/providers/google/resource_compute_instance.go
View File

@ -250,14 +250,16 @@ func resourceComputeInstance() *schema.Resource {
"service_account": &schema.Schema{ "service_account": &schema.Schema{
Type: schema.TypeList, Type: schema.TypeList,
MaxItems: 1,
Optional: true, Optional: true,
ForceNew: true, ForceNew: true,
Elem: &schema.Resource{ Elem: &schema.Resource{
Schema: map[string]*schema.Schema{ Schema: map[string]*schema.Schema{
"email": &schema.Schema{ "email": &schema.Schema{
Type: schema.TypeString, Type: schema.TypeString,
Computed: true,
ForceNew: true, ForceNew: true,
Optional: true,
Computed: true,
}, },
"scopes": &schema.Schema{ "scopes": &schema.Schema{
@ -524,8 +526,13 @@ func resourceComputeInstanceCreate(d *schema.ResourceData, meta interface{}) err
scopes[i] = canonicalizeServiceScope(v.(string)) scopes[i] = canonicalizeServiceScope(v.(string))
} }
email := "default"
if v := d.Get(prefix + ".email"); v != nil {
email = v.(string)
}
serviceAccount := &compute.ServiceAccount{ serviceAccount := &compute.ServiceAccount{
Email: "default", Email: email,
Scopes: scopes, Scopes: scopes,
} }

14
website/source/docs/providers/google/r/compute_instance.html.markdown
View File

@ -101,6 +101,7 @@ The following arguments are supported:
this configuration option are detailed below. this configuration option are detailed below.
* `service_account` - (Optional) Service account to attach to the instance. * `service_account` - (Optional) Service account to attach to the instance.
Structure is documented below.
* `tags` - (Optional) Tags to attach to the instance. * `tags` - (Optional) Tags to attach to the instance.
@ -151,6 +152,14 @@ The `access_config` block supports:
* `nat_ip` - (Optional) The IP address that will be 1:1 mapped to the instance's * `nat_ip` - (Optional) The IP address that will be 1:1 mapped to the instance's
network ip. If not given, one will be generated. network ip. If not given, one will be generated.
The `service_account` block supports:
* `email` - (Optional) The service account e-mail address. If not given, the
default Google Compute Engine service account is used.
* `scopes` - (Required) A list of service scopes. Both OAuth2 URLs and gcloud
short names are supported.
(DEPRECATED) The `network` block supports: (DEPRECATED) The `network` block supports:
* `source` - (Required) The name of the network to attach this interface to. * `source` - (Required) The name of the network to attach this interface to.
@ -158,11 +167,6 @@ The `access_config` block supports:
* `address` - (Optional) The IP address of a reserved IP address to assign * `address` - (Optional) The IP address of a reserved IP address to assign
to this interface. to this interface.
The `service_account` block supports:
* `scopes` - (Required) A list of service scopes. Both OAuth2 URLs and gcloud
short names are supported.
The `scheduling` block supports: The `scheduling` block supports:
* `preemptible` - (Optional) Is the instance preemptible. * `preemptible` - (Optional) Is the instance preemptible.