From 4befdce47e6c7816193ffa1337c144b863847292 Mon Sep 17 00:00:00 2001 From: Christophe Courtaut Date: Wed, 21 Feb 2018 18:22:39 +0100 Subject: [PATCH] builder/googlecompute: Adds ability to specify service account This commit allows user to specify the service account they want to associate with the virtual machine provisionned by setting the service_account_email field in the config. It allows to manage permissions of the instantiated VM properly, using a service account that can be tied up to IAM roles and permissions. --- builder/googlecompute/config.go | 2 ++ builder/googlecompute/driver.go | 1 + builder/googlecompute/driver_gce.go | 13 +++++++++---- builder/googlecompute/step_create_instance.go | 1 + 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/builder/googlecompute/config.go b/builder/googlecompute/config.go index c8863d4d9..3d9194c17 100644 --- a/builder/googlecompute/config.go +++ b/builder/googlecompute/config.go @@ -58,6 +58,8 @@ type Config struct { UseInternalIP bool `mapstructure:"use_internal_ip"` Zone string `mapstructure:"zone"` + ServiceAccountEmail string `mapstructure:"service_account_email"` + Account AccountFile stateTimeout time.Duration imageAlreadyExists bool diff --git a/builder/googlecompute/driver.go b/builder/googlecompute/driver.go index fdb7d9442..c99c38359 100644 --- a/builder/googlecompute/driver.go +++ b/builder/googlecompute/driver.go @@ -75,6 +75,7 @@ type InstanceConfig struct { OnHostMaintenance string Preemptible bool Region string + ServiceAccountEmail string Scopes []string Subnetwork string Tags []string diff --git a/builder/googlecompute/driver_gce.go b/builder/googlecompute/driver_gce.go index c84ab222f..5f286fa71 100644 --- a/builder/googlecompute/driver_gce.go +++ b/builder/googlecompute/driver_gce.go @@ -343,6 +343,14 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) { guestAccelerators = append(guestAccelerators, ac) } + serviceAccount := &compute.ServiceAccount{ + Email: "default", + Scopes: c.Scopes, + } + if c.ServiceAccountEmail != "" { + serviceAccount.Email = c.ServiceAccountEmail + } + // Create the instance information instance := compute.Instance{ Description: c.Description, @@ -379,10 +387,7 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) { Preemptible: c.Preemptible, }, ServiceAccounts: []*compute.ServiceAccount{ - { - Email: "default", - Scopes: c.Scopes, - }, + serviceAccount, }, Tags: &compute.Tags{ Items: c.Tags, diff --git a/builder/googlecompute/step_create_instance.go b/builder/googlecompute/step_create_instance.go index ee3b6643b..9ff74d85f 100644 --- a/builder/googlecompute/step_create_instance.go +++ b/builder/googlecompute/step_create_instance.go @@ -117,6 +117,7 @@ func (s *StepCreateInstance) Run(_ context.Context, state multistep.StateBag) mu OnHostMaintenance: c.OnHostMaintenance, Preemptible: c.Preemptible, Region: c.Region, + ServiceAccountEmail: c.ServiceAccountEmail, Scopes: c.Scopes, Subnetwork: c.Subnetwork, Tags: c.Tags,