Merge pull request #5928 from kri5/service_account_gce

Builder GoogleCompute: Allows to specify GCE service account build VM
2018-03-06 13:41:33 -08:00 · 2018-03-06 13:41:33 -08:00 · 97060d100c
parent d3f1b501c6 bda07497e9
commit 97060d100c
5 changed files with 58 additions and 46 deletions
--- a/builder/googlecompute/config.go
+++ b/builder/googlecompute/config.go
@ -58,6 +58,8 @@ type Config struct {
 	UseInternalIP        bool              `mapstructure:"use_internal_ip"`
 	Zone                 string            `mapstructure:"zone"`

+	ServiceAccountEmail string `mapstructure:"service_account_email"`
+
 	Account            AccountFile
 	stateTimeout       time.Duration
 	imageAlreadyExists bool
--- a/builder/googlecompute/driver.go
+++ b/builder/googlecompute/driver.go
@ -58,27 +58,28 @@ type Driver interface {
 }

 type InstanceConfig struct {
-	AcceleratorType   string
-	AcceleratorCount  int64
-	Address           string
-	Description       string
-	DiskSizeGb        int64
-	DiskType          string
-	Image             *Image
-	Labels            map[string]string
-	MachineType       string
-	Metadata          map[string]string
-	Name              string
-	Network           string
-	NetworkProjectId  string
-	OmitExternalIP    bool
-	OnHostMaintenance string
-	Preemptible       bool
-	Region            string
-	Scopes            []string
-	Subnetwork        string
-	Tags              []string
-	Zone              string
+	AcceleratorType     string
+	AcceleratorCount    int64
+	Address             string
+	Description         string
+	DiskSizeGb          int64
+	DiskType            string
+	Image               *Image
+	Labels              map[string]string
+	MachineType         string
+	Metadata            map[string]string
+	Name                string
+	Network             string
+	NetworkProjectId    string
+	OmitExternalIP      bool
+	OnHostMaintenance   string
+	Preemptible         bool
+	Region              string
+	ServiceAccountEmail string
+	Scopes              []string
+	Subnetwork          string
+	Tags                []string
+	Zone                string
 }

 // WindowsPasswordConfig is the data structue that GCE needs to encrypt the created
--- a/builder/googlecompute/driver_gce.go
+++ b/builder/googlecompute/driver_gce.go
@ -343,6 +343,14 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) {
 		guestAccelerators = append(guestAccelerators, ac)
 	}

+	serviceAccount := &compute.ServiceAccount{
+		Email:  "default",
+		Scopes: c.Scopes,
+	}
+	if c.ServiceAccountEmail != "" {
+		serviceAccount.Email = c.ServiceAccountEmail
+	}
+
 	// Create the instance information
 	instance := compute.Instance{
 		Description: c.Description,
@ -379,10 +387,7 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) {
 			Preemptible:       c.Preemptible,
 		},
 		ServiceAccounts: []*compute.ServiceAccount{
-			{
-				Email:  "default",
-				Scopes: c.Scopes,
-			},
+			serviceAccount,
 		},
 		Tags: &compute.Tags{
 			Items: c.Tags,
--- a/builder/googlecompute/step_create_instance.go
+++ b/builder/googlecompute/step_create_instance.go
@ -100,27 +100,28 @@ func (s *StepCreateInstance) Run(_ context.Context, state multistep.StateBag) mu
 	var metadata map[string]string
 	metadata, err = c.createInstanceMetadata(sourceImage, sshPublicKey)
 	errCh, err = d.RunInstance(&InstanceConfig{
-		AcceleratorType:   c.AcceleratorType,
-		AcceleratorCount:  c.AcceleratorCount,
-		Address:           c.Address,
-		Description:       "New instance created by Packer",
-		DiskSizeGb:        c.DiskSizeGb,
-		DiskType:          c.DiskType,
-		Image:             sourceImage,
-		Labels:            c.Labels,
-		MachineType:       c.MachineType,
-		Metadata:          metadata,
-		Name:              name,
-		Network:           c.Network,
-		NetworkProjectId:  c.NetworkProjectId,
-		OmitExternalIP:    c.OmitExternalIP,
-		OnHostMaintenance: c.OnHostMaintenance,
-		Preemptible:       c.Preemptible,
-		Region:            c.Region,
-		Scopes:            c.Scopes,
-		Subnetwork:        c.Subnetwork,
-		Tags:              c.Tags,
-		Zone:              c.Zone,
+		AcceleratorType:     c.AcceleratorType,
+		AcceleratorCount:    c.AcceleratorCount,
+		Address:             c.Address,
+		Description:         "New instance created by Packer",
+		DiskSizeGb:          c.DiskSizeGb,
+		DiskType:            c.DiskType,
+		Image:               sourceImage,
+		Labels:              c.Labels,
+		MachineType:         c.MachineType,
+		Metadata:            metadata,
+		Name:                name,
+		Network:             c.Network,
+		NetworkProjectId:    c.NetworkProjectId,
+		OmitExternalIP:      c.OmitExternalIP,
+		OnHostMaintenance:   c.OnHostMaintenance,
+		Preemptible:         c.Preemptible,
+		Region:              c.Region,
+		ServiceAccountEmail: c.ServiceAccountEmail,
+		Scopes:              c.Scopes,
+		Subnetwork:          c.Subnetwork,
+		Tags:                c.Tags,
+		Zone:                c.Zone,
 	})

 	if err == nil {
--- a/website/source/docs/builders/googlecompute.html.md
+++ b/website/source/docs/builders/googlecompute.html.md
@ -268,6 +268,9 @@ builder.
 -   `region` (string) - The region in which to launch the instance. Defaults to
    to the region hosting the specified `zone`.

+-   `service_account_email` (string) - The service account to be used for launched instance. Defaults to
+    the project's default service account.
+
 -   `scopes` (array of strings) - The service account scopes for launched instance.
    Defaults to: