builder/googlecompute: Adds ability to specify service account

This commit allows user to specify the service account they want to associate with the virtual machine provisionned by setting the service_account_email field in the config. It allows to manage permissions of the instantiated VM properly, using a service account that can be tied up to IAM roles and permissions.
2018-02-21 18:22:39 +01:00 · 2018-02-21 18:22:39 +01:00 · 4befdce47e
parent 33acdbf3bf
commit 4befdce47e
4 changed files with 13 additions and 4 deletions
--- a/builder/googlecompute/config.go
+++ b/builder/googlecompute/config.go
@ -58,6 +58,8 @@ type Config struct {
 	UseInternalIP        bool              `mapstructure:"use_internal_ip"`
 	Zone                 string            `mapstructure:"zone"`

+	ServiceAccountEmail string `mapstructure:"service_account_email"`
+
 	Account            AccountFile
 	stateTimeout       time.Duration
 	imageAlreadyExists bool
--- a/builder/googlecompute/driver.go
+++ b/builder/googlecompute/driver.go
@ -75,6 +75,7 @@ type InstanceConfig struct {
 	OnHostMaintenance string
 	Preemptible       bool
 	Region            string
+	ServiceAccountEmail string
 	Scopes            []string
 	Subnetwork        string
 	Tags              []string
--- a/builder/googlecompute/driver_gce.go
+++ b/builder/googlecompute/driver_gce.go
@ -343,6 +343,14 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) {
 		guestAccelerators = append(guestAccelerators, ac)
 	}

+	serviceAccount := &compute.ServiceAccount{
+		Email:  "default",
+		Scopes: c.Scopes,
+	}
+	if c.ServiceAccountEmail != "" {
+		serviceAccount.Email = c.ServiceAccountEmail
+	}
+
 	// Create the instance information
 	instance := compute.Instance{
 		Description: c.Description,
@ -379,10 +387,7 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) {
 			Preemptible:       c.Preemptible,
 		},
 		ServiceAccounts: []*compute.ServiceAccount{
-			{
-				Email:  "default",
-				Scopes: c.Scopes,
-			},
+			serviceAccount,
 		},
 		Tags: &compute.Tags{
 			Items: c.Tags,
--- a/builder/googlecompute/step_create_instance.go
+++ b/builder/googlecompute/step_create_instance.go
@ -117,6 +117,7 @@ func (s *StepCreateInstance) Run(_ context.Context, state multistep.StateBag) mu
 		OnHostMaintenance: c.OnHostMaintenance,
 		Preemptible:       c.Preemptible,
 		Region:            c.Region,
+		ServiceAccountEmail: c.ServiceAccountEmail,
 		Scopes:            c.Scopes,
 		Subnetwork:        c.Subnetwork,
 		Tags:              c.Tags,