mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-03 08:42:39 +00:00
Update OAuth Scopes (#3205)
Update the OAuth scopes to remove the insecure default and match googles latest recommendations https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes
This commit is contained in:
parent
a7b7c4f9dd
commit
71b62c7598
|
@ -51,8 +51,6 @@ resource "google_container_node_pool" "primary_preemptible_nodes" {
|
|||
}
|
||||
|
||||
oauth_scopes = [
|
||||
"https://www.googleapis.com/auth/compute",
|
||||
"https://www.googleapis.com/auth/devstorage.read_only",
|
||||
"https://www.googleapis.com/auth/logging.write",
|
||||
"https://www.googleapis.com/auth/monitoring",
|
||||
]
|
||||
|
@ -90,8 +88,6 @@ resource "google_container_cluster" "primary" {
|
|||
|
||||
node_config {
|
||||
oauth_scopes = [
|
||||
"https://www.googleapis.com/auth/compute",
|
||||
"https://www.googleapis.com/auth/devstorage.read_only",
|
||||
"https://www.googleapis.com/auth/logging.write",
|
||||
"https://www.googleapis.com/auth/monitoring",
|
||||
]
|
||||
|
@ -499,8 +495,10 @@ The `node_config` block supports:
|
|||
either FQDNs, or scope aliases. The following scopes are necessary to ensure
|
||||
the correct functioning of the cluster:
|
||||
|
||||
* `compute-rw` (`https://www.googleapis.com/auth/compute`)
|
||||
* `storage-ro` (`https://www.googleapis.com/auth/devstorage.read_only`)
|
||||
* `storage-ro` (`https://www.googleapis.com/auth/devstorage.read_only`),
|
||||
if the cluster must read private images from GCR.
|
||||
Note this will grant read access to ALL GCS content unless you also
|
||||
specify a custom role. See https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes
|
||||
* `logging-write` (`https://www.googleapis.com/auth/logging.write`),
|
||||
if `logging_service` points to Google
|
||||
* `monitoring` (`https://www.googleapis.com/auth/monitoring`),
|
||||
|
|
|
@ -37,8 +37,6 @@ resource "google_container_node_pool" "primary_preemptible_nodes" {
|
|||
machine_type = "n1-standard-1"
|
||||
|
||||
oauth_scopes = [
|
||||
"https://www.googleapis.com/auth/compute",
|
||||
"https://www.googleapis.com/auth/devstorage.read_only",
|
||||
"https://www.googleapis.com/auth/logging.write",
|
||||
"https://www.googleapis.com/auth/monitoring",
|
||||
]
|
||||
|
@ -78,8 +76,6 @@ resource "google_container_cluster" "primary" {
|
|||
|
||||
node_config {
|
||||
oauth_scopes = [
|
||||
"https://www.googleapis.com/auth/compute",
|
||||
"https://www.googleapis.com/auth/devstorage.read_only",
|
||||
"https://www.googleapis.com/auth/logging.write",
|
||||
"https://www.googleapis.com/auth/monitoring",
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue
Block a user