mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-03 08:42:39 +00:00
[Terraform] new option "scopes" to define OAuth scopes for provider (#2888)
Signed-off-by: Modular Magician <magic-modules@google.com>
This commit is contained in:
parent
e533068957
commit
7d309fce05
|
@ -54,6 +54,7 @@ type Config struct {
|
|||
Project string
|
||||
Region string
|
||||
Zone string
|
||||
Scopes []string
|
||||
|
||||
client *http.Client
|
||||
userAgent string
|
||||
|
@ -95,15 +96,19 @@ type Config struct {
|
|||
bigtableClientFactory *BigtableClientFactory
|
||||
}
|
||||
|
||||
var defaultClientScopes = []string{
|
||||
"https://www.googleapis.com/auth/compute",
|
||||
"https://www.googleapis.com/auth/cloud-platform",
|
||||
"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
|
||||
"https://www.googleapis.com/auth/devstorage.full_control",
|
||||
}
|
||||
|
||||
func (c *Config) loadAndValidate() error {
|
||||
clientScopes := []string{
|
||||
"https://www.googleapis.com/auth/compute",
|
||||
"https://www.googleapis.com/auth/cloud-platform",
|
||||
"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
|
||||
"https://www.googleapis.com/auth/devstorage.full_control",
|
||||
if len(c.Scopes) == 0 {
|
||||
c.Scopes = defaultClientScopes
|
||||
}
|
||||
|
||||
tokenSource, err := c.getTokenSource(clientScopes)
|
||||
tokenSource, err := c.getTokenSource(c.Scopes)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -117,3 +117,17 @@ func TestAccConfigLoadValidate_accessToken(t *testing.T) {
|
|||
t.Fatalf("expected API call with loaded config to work, got error: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestConfigLoadAndValidate_defaultScopes(t *testing.T) {
|
||||
config := Config{}
|
||||
err := config.loadAndValidate()
|
||||
if err != nil {
|
||||
t.Fatalf("unexpected error: %v", err)
|
||||
}
|
||||
|
||||
for index, scope := range defaultClientScopes {
|
||||
if config.Scopes[index] != scope {
|
||||
t.Fatalf("Unexpected default client scopes: %v, index %d", config.Scopes[index], index)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -69,6 +69,11 @@ func Provider() terraform.ResourceProvider {
|
|||
"CLOUDSDK_COMPUTE_ZONE",
|
||||
}, nil),
|
||||
},
|
||||
"scopes": {
|
||||
Type: schema.TypeList,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
},
|
||||
|
||||
DataSourcesMap: map[string]*schema.Resource{
|
||||
|
@ -269,6 +274,14 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
|||
config.Credentials = v.(string)
|
||||
}
|
||||
|
||||
scopes := d.Get("scopes").([]interface{})
|
||||
if len(scopes) > 0 {
|
||||
config.Scopes = make([]string, len(scopes), len(scopes))
|
||||
}
|
||||
for i, scope := range scopes {
|
||||
config.Scopes[i] = scope.(string)
|
||||
}
|
||||
|
||||
if err := config.loadAndValidate(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -135,9 +135,17 @@ share the same configuration.
|
|||
* `GCLOUD_ZONE`
|
||||
* `CLOUDSDK_COMPUTE_ZONE`
|
||||
|
||||
* `scopes` - (Optional) The list of OAuth 2.0 [scopes] used to generate access token for Google APIs.
|
||||
Default list of scopes:
|
||||
* https://www.googleapis.com/auth/compute
|
||||
* https://www.googleapis.com/auth/cloud-platform
|
||||
* https://www.googleapis.com/auth/ndev.clouddns.readwrite
|
||||
* https://www.googleapis.com/auth/devstorage.full_control
|
||||
|
||||
[Google Cloud service account file]: https://console.cloud.google.com/apis/credentials/serviceaccountkey
|
||||
[adc]: https://cloud.google.com/docs/authentication/production
|
||||
[gce-service-account]: https://cloud.google.com/compute/docs/authentication
|
||||
[gcloud adc]: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login
|
||||
[service accounts]: https://cloud.google.com/docs/authentication/getting-started
|
||||
[GCE metadata]: https://cloud.google.com/docs/authentication/production#obtaining_credentials_on_compute_engine_kubernetes_engine_app_engine_flexible_environment_and_cloud_functions
|
||||
[scopes]: https://developers.google.com/identity/protocols/googlescopes
|
||||
|
|
Loading…
Reference in New Issue
Block a user