mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-09 03:28:29 +00:00
[Terraform] new option "scopes" to define OAuth scopes for provider (#2888)
Signed-off-by: Modular Magician <magic-modules@google.com>
This commit is contained in:
parent
e533068957
commit
7d309fce05
|
@ -54,6 +54,7 @@ type Config struct {
|
||||||
Project string
|
Project string
|
||||||
Region string
|
Region string
|
||||||
Zone string
|
Zone string
|
||||||
|
Scopes []string
|
||||||
|
|
||||||
client *http.Client
|
client *http.Client
|
||||||
userAgent string
|
userAgent string
|
||||||
|
@ -95,15 +96,19 @@ type Config struct {
|
||||||
bigtableClientFactory *BigtableClientFactory
|
bigtableClientFactory *BigtableClientFactory
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Config) loadAndValidate() error {
|
var defaultClientScopes = []string{
|
||||||
clientScopes := []string{
|
|
||||||
"https://www.googleapis.com/auth/compute",
|
"https://www.googleapis.com/auth/compute",
|
||||||
"https://www.googleapis.com/auth/cloud-platform",
|
"https://www.googleapis.com/auth/cloud-platform",
|
||||||
"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
|
"https://www.googleapis.com/auth/ndev.clouddns.readwrite",
|
||||||
"https://www.googleapis.com/auth/devstorage.full_control",
|
"https://www.googleapis.com/auth/devstorage.full_control",
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *Config) loadAndValidate() error {
|
||||||
|
if len(c.Scopes) == 0 {
|
||||||
|
c.Scopes = defaultClientScopes
|
||||||
}
|
}
|
||||||
|
|
||||||
tokenSource, err := c.getTokenSource(clientScopes)
|
tokenSource, err := c.getTokenSource(c.Scopes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -117,3 +117,17 @@ func TestAccConfigLoadValidate_accessToken(t *testing.T) {
|
||||||
t.Fatalf("expected API call with loaded config to work, got error: %s", err)
|
t.Fatalf("expected API call with loaded config to work, got error: %s", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestConfigLoadAndValidate_defaultScopes(t *testing.T) {
|
||||||
|
config := Config{}
|
||||||
|
err := config.loadAndValidate()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("unexpected error: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for index, scope := range defaultClientScopes {
|
||||||
|
if config.Scopes[index] != scope {
|
||||||
|
t.Fatalf("Unexpected default client scopes: %v, index %d", config.Scopes[index], index)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -69,6 +69,11 @@ func Provider() terraform.ResourceProvider {
|
||||||
"CLOUDSDK_COMPUTE_ZONE",
|
"CLOUDSDK_COMPUTE_ZONE",
|
||||||
}, nil),
|
}, nil),
|
||||||
},
|
},
|
||||||
|
"scopes": {
|
||||||
|
Type: schema.TypeList,
|
||||||
|
Optional: true,
|
||||||
|
Elem: &schema.Schema{Type: schema.TypeString},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
DataSourcesMap: map[string]*schema.Resource{
|
DataSourcesMap: map[string]*schema.Resource{
|
||||||
|
@ -269,6 +274,14 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
|
||||||
config.Credentials = v.(string)
|
config.Credentials = v.(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
scopes := d.Get("scopes").([]interface{})
|
||||||
|
if len(scopes) > 0 {
|
||||||
|
config.Scopes = make([]string, len(scopes), len(scopes))
|
||||||
|
}
|
||||||
|
for i, scope := range scopes {
|
||||||
|
config.Scopes[i] = scope.(string)
|
||||||
|
}
|
||||||
|
|
||||||
if err := config.loadAndValidate(); err != nil {
|
if err := config.loadAndValidate(); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -135,9 +135,17 @@ share the same configuration.
|
||||||
* `GCLOUD_ZONE`
|
* `GCLOUD_ZONE`
|
||||||
* `CLOUDSDK_COMPUTE_ZONE`
|
* `CLOUDSDK_COMPUTE_ZONE`
|
||||||
|
|
||||||
|
* `scopes` - (Optional) The list of OAuth 2.0 [scopes] used to generate access token for Google APIs.
|
||||||
|
Default list of scopes:
|
||||||
|
* https://www.googleapis.com/auth/compute
|
||||||
|
* https://www.googleapis.com/auth/cloud-platform
|
||||||
|
* https://www.googleapis.com/auth/ndev.clouddns.readwrite
|
||||||
|
* https://www.googleapis.com/auth/devstorage.full_control
|
||||||
|
|
||||||
[Google Cloud service account file]: https://console.cloud.google.com/apis/credentials/serviceaccountkey
|
[Google Cloud service account file]: https://console.cloud.google.com/apis/credentials/serviceaccountkey
|
||||||
[adc]: https://cloud.google.com/docs/authentication/production
|
[adc]: https://cloud.google.com/docs/authentication/production
|
||||||
[gce-service-account]: https://cloud.google.com/compute/docs/authentication
|
[gce-service-account]: https://cloud.google.com/compute/docs/authentication
|
||||||
[gcloud adc]: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login
|
[gcloud adc]: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login
|
||||||
[service accounts]: https://cloud.google.com/docs/authentication/getting-started
|
[service accounts]: https://cloud.google.com/docs/authentication/getting-started
|
||||||
[GCE metadata]: https://cloud.google.com/docs/authentication/production#obtaining_credentials_on_compute_engine_kubernetes_engine_app_engine_flexible_environment_and_cloud_functions
|
[GCE metadata]: https://cloud.google.com/docs/authentication/production#obtaining_credentials_on_compute_engine_kubernetes_engine_app_engine_flexible_environment_and_cloud_functions
|
||||||
|
[scopes]: https://developers.google.com/identity/protocols/googlescopes
|
||||||
|
|
Loading…
Reference in New Issue
Block a user