public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-07-03 08:42:39 +00:00
Code Issues Projects Releases Wiki Activity

Update OAuth Scopes (#3205)

Browse Source 
Update the OAuth scopes to remove the insecure default and match googles latest recommendations https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes
This commit is contained in:
Mike Brooks 2019-03-20 18:28:19 +00:00 committed by Chris Stephens
parent a7b7c4f9dd
commit 71b62c7598
2 changed files with 12 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
website/docs/r/container_cluster.html.markdown
View File

@ -51,8 +51,6 @@ resource "google_container_node_pool" "primary_preemptible_nodes" {
}
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
@ -90,8 +88,6 @@ resource "google_container_cluster" "primary" {
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
@ -499,8 +495,10 @@ The `node_config` block supports:
either FQDNs, or scope aliases. The following scopes are necessary to ensure
the correct functioning of the cluster:
* `compute-rw` (`https://www.googleapis.com/auth/compute`)
* `storage-ro` (`https://www.googleapis.com/auth/devstorage.read_only`)
* `storage-ro` (`https://www.googleapis.com/auth/devstorage.read_only`),
if the cluster must read private images from GCR.
Note this will grant read access to ALL GCS content unless you also
specify a custom role. See https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes
* `logging-write` (`https://www.googleapis.com/auth/logging.write`),
if `logging_service` points to Google
* `monitoring` (`https://www.googleapis.com/auth/monitoring`),

4
website/docs/r/container_node_pool.html.markdown
View File

@ -37,8 +37,6 @@ resource "google_container_node_pool" "primary_preemptible_nodes" {
machine_type = "n1-standard-1"
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
@ -78,8 +76,6 @@ resource "google_container_cluster" "primary" {
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]