builder/googlecompute: Adds ability to specify service account
This commit allows user to specify the service account they want to associate with the virtual machine provisionned by setting the service_account_email field in the config. It allows to manage permissions of the instantiated VM properly, using a service account that can be tied up to IAM roles and permissions.
This commit is contained in:
Christophe Courtaut
parent
33acdbf3bf
commit
4befdce47e
|
|
@ -58,6 +58,8 @@ type Config struct {
|
||||||
UseInternalIP bool `mapstructure:"use_internal_ip"`
|
UseInternalIP bool `mapstructure:"use_internal_ip"`
|
||||||
Zone string `mapstructure:"zone"`
|
Zone string `mapstructure:"zone"`
|
||||||
|
|
||||||
|
ServiceAccountEmail string `mapstructure:"service_account_email"`
|
||||||
|
|
||||||
Account AccountFile
|
Account AccountFile
|
||||||
stateTimeout time.Duration
|
stateTimeout time.Duration
|
||||||
imageAlreadyExists bool
|
imageAlreadyExists bool
|
||||||
|
|
|
||||||
|
|
@ -75,6 +75,7 @@ type InstanceConfig struct {
|
||||||
OnHostMaintenance string
|
OnHostMaintenance string
|
||||||
Preemptible bool
|
Preemptible bool
|
||||||
Region string
|
Region string
|
||||||
|
ServiceAccountEmail string
|
||||||
Scopes []string
|
Scopes []string
|
||||||
Subnetwork string
|
Subnetwork string
|
||||||
Tags []string
|
Tags []string
|
||||||
|
|
|
||||||
|
|
@ -343,6 +343,14 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) {
|
||||||
guestAccelerators = append(guestAccelerators, ac)
|
guestAccelerators = append(guestAccelerators, ac)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
serviceAccount := &compute.ServiceAccount{
|
||||||
|
Email: "default",
|
||||||
|
Scopes: c.Scopes,
|
||||||
|
}
|
||||||
|
if c.ServiceAccountEmail != "" {
|
||||||
|
serviceAccount.Email = c.ServiceAccountEmail
|
||||||
|
}
|
||||||
|
|
||||||
// Create the instance information
|
// Create the instance information
|
||||||
instance := compute.Instance{
|
instance := compute.Instance{
|
||||||
Description: c.Description,
|
Description: c.Description,
|
||||||
|
|
@ -379,10 +387,7 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) {
|
||||||
Preemptible: c.Preemptible,
|
Preemptible: c.Preemptible,
|
||||||
},
|
},
|
||||||
ServiceAccounts: []*compute.ServiceAccount{
|
ServiceAccounts: []*compute.ServiceAccount{
|
||||||
{
|
serviceAccount,
|
||||||
Email: "default",
|
|
||||||
Scopes: c.Scopes,
|
|
||||||
},
|
|
||||||
},
|
},
|
||||||
Tags: &compute.Tags{
|
Tags: &compute.Tags{
|
||||||
Items: c.Tags,
|
Items: c.Tags,
|
||||||
|
|
|
||||||
|
|
@ -117,6 +117,7 @@ func (s *StepCreateInstance) Run(_ context.Context, state multistep.StateBag) mu
|
||||||
OnHostMaintenance: c.OnHostMaintenance,
|
OnHostMaintenance: c.OnHostMaintenance,
|
||||||
Preemptible: c.Preemptible,
|
Preemptible: c.Preemptible,
|
||||||
Region: c.Region,
|
Region: c.Region,
|
||||||
|
ServiceAccountEmail: c.ServiceAccountEmail,
|
||||||
Scopes: c.Scopes,
|
Scopes: c.Scopes,
|
||||||
Subnetwork: c.Subnetwork,
|
Subnetwork: c.Subnetwork,
|
||||||
Tags: c.Tags,
|
Tags: c.Tags,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue