Support service accounts on GCE instances

Update the Google Compute Engine provider to add support for service accounts on `google_compute_instance`. Both gcloud shorthand (`compute-ro`, `storage-ro`, etc.) and OAuth2 API endpoints are supported. This feature is currently limited to a single service account (supporting multiple scopes) and an automatically-generated service account email.
2024-07-03 08:42:39 +00:00 · 2014-10-07 04:16:50 -04:00 · 2014-10-07 04:16:50 -04:00 · 1ec0749d5d
commit 1ec0749d5d
parent 3916ab21af
1 changed files with 11 additions and 0 deletions
--- a/r/compute_instance.html.markdown
+++ b/r/compute_instance.html.markdown
@ -30,6 +30,10 @@ resource "google_compute_instance" "default" {
 	metadata {
 		foo = "bar"
 	}
+
+	service_account {
+		scopes = ["userinfo-email", "compute-ro", "storage-ro"]
+	}
 }
 ```

@ -60,6 +64,8 @@ The following arguments are supported:
    specified multiple times for multiple networks. Structure is documented
    below.

+* `service_account` - (Optional) Service account to attach to the instance.
+
 * `tags` - (Optional) Tags to attach to the instance.

 The `disk` block supports:
@ -82,6 +88,11 @@ The `network` block supports:
 * `address` - (Optional) The IP address of a reserved IP address to assign
     to this interface.

+The `service_account` block supports:
+
+* `scopes` - (Required) A list of service scopes. Both OAuth2 URLs and gcloud
+    short names are supported.
+
 ## Attributes Reference

 The following attributes are exported: