Merge pull request #4043 from minimum2scp/features/googlecompute/custom-scopes

googlecompute builder: support custom scopes

builder/googlecompute/config.go

@@ -41,6 +41,7 @@ type Config struct {
 	Preemptible          bool              `mapstructure:"preemptible"`
 	RawStateTimeout      string            `mapstructure:"state_timeout"`
 	Region               string            `mapstructure:"region"`
+	Scopes               []string          `mapstructure:"scopes"`
 	SourceImage          string            `mapstructure:"source_image"`
 	SourceImageProjectId string            `mapstructure:"source_image_project_id"`
 	StartupScriptFile    string            `mapstructure:"startup_script_file"`
@@ -143,6 +144,14 @@ func NewConfig(raws ...interface{}) (*Config, []string, error) {
 			errs, errors.New("a project_id must be specified"))
 	}
 
+	if c.Scopes == nil {
+		c.Scopes = []string{
+			"https://www.googleapis.com/auth/userinfo.email",
+			"https://www.googleapis.com/auth/compute",
+			"https://www.googleapis.com/auth/devstorage.full_control",
+		}
+	}
+
 	if c.SourceImage == "" {
 		errs = packer.MultiErrorAppend(
 			errs, errors.New("a source_image must be specified"))

builder/googlecompute/config_test.go

@@ -128,6 +128,21 @@ func TestConfigPrepare(t *testing.T) {
 			"foo bar",
 			true,
 		},
+		{
+			"scopes",
+			[]string{},
+			false,
+		},
+		{
+			"scopes",
+			[]string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.full_control", "https://www.googleapis.com/auth/sqlservice.admin"},
+			false,
+		},
+		{
+			"scopes",
+			[]string{"https://www.googleapis.com/auth/cloud-platform"},
+			false,
+		},
 	}
 
 	for _, tc := range cases {

builder/googlecompute/driver.go

@@ -67,6 +67,7 @@ type InstanceConfig struct {
 	OmitExternalIP      bool
 	Preemptible         bool
 	Region              string
+	Scopes              []string
 	ServiceAccountEmail string
 	Subnetwork          string
 	Tags                []string

builder/googlecompute/driver_gce.go

@@ -378,11 +378,7 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) {
 		ServiceAccounts: []*compute.ServiceAccount{
 			&compute.ServiceAccount{
 				Email:  c.ServiceAccountEmail,
-				Scopes: []string{
-					"https://www.googleapis.com/auth/userinfo.email",
-					"https://www.googleapis.com/auth/compute",
-					"https://www.googleapis.com/auth/devstorage.full_control",
-				},
+				Scopes: c.Scopes,
 			},
 		},
 		Tags: &compute.Tags{

builder/googlecompute/step_create_instance.go

@@ -100,6 +100,7 @@ func (s *StepCreateInstance) Run(state multistep.StateBag) multistep.StepAction
 		Preemptible:         c.Preemptible,
 		Region:              c.Region,
 		ServiceAccountEmail: c.Account.ClientEmail,
+		Scopes:              c.Scopes,
 		Subnetwork:          c.Subnetwork,
 		Tags:                c.Tags,
 		Zone:                c.Zone,

website/source/docs/builders/googlecompute.html.md

@@ -171,6 +171,15 @@ builder.
 -   `region` (string) - The region in which to launch the instance. Defaults to
     to the region hosting the specified `zone`.
 
+-   `scopes` (array of strings) - The service account scopes for launched instance.
+    Defaults to:
+
+``` {.json}
+[ "https://www.googleapis.com/auth/userinfo.email",
+  "https://www.googleapis.com/auth/compute",
+  "https://www.googleapis.com/auth/devstorage.full_control" ]
+```
+
 -   `source_image_project_id` (string) - The project ID of the
     project containing the source image.