public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-07-08 19:18:30 +00:00
Code Issues Projects Releases Wiki Activity
72959e504c
terraform-provider-google/website/docs/provider_reference.html.markdown
The Magician 7d309fce05 [Terraform] new option "scopes" to define OAuth scopes for provider (#2888) 
Signed-off-by: Modular Magician <magic-modules@google.com>
2019-01-23 16:35:17 -08:00

6.3 KiB
Raw Blame History

layout page_title sidebar_current description
google google provider reference docs-google-provider-reference The Google provider is used to configure your GCP project, location, and creds

google provider reference

-> We recently introduced the google-beta provider. See Provider Versions for more details on how to use google-beta. The documentation in this site is shared between both google and google-beta; fields or resources only present in google-beta will be marked as such.

The google and google-beta provider blocks are used to configure default values for your GCP project and location (zone and region), and add your credentials.

-> You can avoid using a provider block by using environment variables. Every field of google and google-beta is inferred from your environment when it has not been explicitly set. Even better - the GA and beta providers will both share the same values.

Example Usage - Basic provider blocks

provider "google" {
  credentials = "${file("account.json")}"
  project     = "my-project-id"
  region      = "us-central1"
  zone        = "us-central1-c"
}

provider "google-beta" {
  credentials = "${file("account.json")}"
  project     = "my-project-id"
  region      = "us-central1"
  zone        = "us-central1-c"
}

Example Usage - Using beta features with google-beta

To use Google Cloud Platform features that are in beta, explicitly set the provider for your resource to google-beta. See Provider Versions for a full reference on how to use different GCP versions with the Google provider.

resource "google_compute_instance" "ga-instance" {
  provider = "google"

  # ...
}

resource "google_compute_instance" "beta-instance" {
  provider = "google-beta"

  # ...
}

Configuration Reference

The following keys can be used to configure the provider. Both google and google-beta share the same configuration.

  • credentials - (Optional) The path or contents of a file that contains your service account private key in JSON format. You can download your existing Google Cloud service account file from the Google Cloud Console, or you can create a new one from the same page.

    Credentials can also be specified using any of the following environment variables (listed in order of precedence):

    • GOOGLE_CREDENTIALS
    • GOOGLE_CLOUD_KEYFILE_JSON
    • GCLOUD_KEYFILE_JSON

    The GOOGLE_APPLICATION_CREDENTIALS environment variable can also contain the path of a file to obtain credentials from.

    If no credentials are specified, the provider will fall back to using the Google Application Default Credentials. If you are running Terraform from a GCE instance, see Creating and Enabling Service Accounts for Instances for details.

    On your computer, if you have made your identity available as the Application Default Credentials by running gcloud auth application-default login, the provider will use your identity.

    -> Service accounts are the recommended way to manage GCP credentials. GCE metadata is also acceptable, although it can only be used when running Terraform from within certain GCP resources. Credentials obtained through gcloud are not guaranteed to work for all APIs.

  • access_token - (Optional) An temporary OAuth 2.0 access token obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate Google API HTTP requests.

    Access tokens can also be specified using any of the following environment variables (listed in order of precedence):

    • GOOGLE_OAUTH_ACCESS_TOKEN

    -> These access tokens cannot be renewed by Terraform and thus will only work for at most 1 hour. If you anticipate Terraform needing access for more than one hour per run, please use credentials instead. Credentials are used to complete a two-legged OAuth 2.0 flow on your behalf to obtain access tokens and can be used renew or reauthenticate for tokens as needed.

  • project - (Optional) The ID of the project to apply any resources to. This can also be specified using any of the following environment variables (listed in order of precedence):

    • GOOGLE_PROJECT
    • GOOGLE_CLOUD_PROJECT
    • GCLOUD_PROJECT
    • CLOUDSDK_CORE_PROJECT

    -> GOOGLE_PROJECT is the recommended environment variable to use if you choose to add your project using environment variables.

  • region - (Optional) The region to operate under, if not specified by a given resource. This can also be specified using any of the following environment variables (listed in order of precedence):

    • GOOGLE_REGION
    • GCLOUD_REGION
    • CLOUDSDK_COMPUTE_REGION

  • zone - (Optional) The zone to operate under, if not specified by a given resource. This can also be specified using any of the following environment variables (listed in order of precedence):

    • GOOGLE_ZONE
    • GCLOUD_ZONE
    • CLOUDSDK_COMPUTE_ZONE

  • scopes - (Optional) The list of OAuth 2.0 scopes used to generate access token for Google APIs. Default list of scopes: