From da7d317e463c8d1368d4e9be4ef396aea701c2af Mon Sep 17 00:00:00 2001
From: YAMADA Tsuyoshi <tyamada@minimum2scp.org>
Date: Sat, 22 Oct 2016 14:45:33 +0900
Subject: [PATCH 1/3] googlecompute: Run instance with custom scopes

---
 builder/googlecompute/config.go               |  9 +++++++++
 builder/googlecompute/config_test.go          | 15 +++++++++++++++
 builder/googlecompute/driver.go               |  1 +
 builder/googlecompute/driver_gce.go           |  8 ++------
 builder/googlecompute/step_create_instance.go |  1 +
 5 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/builder/googlecompute/config.go b/builder/googlecompute/config.go
index 9c80b7271..3be6c342c 100644
--- a/builder/googlecompute/config.go
+++ b/builder/googlecompute/config.go
@@ -41,6 +41,7 @@ type Config struct {
 	Preemptible          bool              `mapstructure:"preemptible"`
 	RawStateTimeout      string            `mapstructure:"state_timeout"`
 	Region               string            `mapstructure:"region"`
+	Scopes               []string          `mapstructure:"scopes"`
 	SourceImage          string            `mapstructure:"source_image"`
 	SourceImageProjectId string            `mapstructure:"source_image_project_id"`
 	StartupScriptFile    string            `mapstructure:"startup_script_file"`
@@ -143,6 +144,14 @@ func NewConfig(raws ...interface{}) (*Config, []string, error) {
 			errs, errors.New("a project_id must be specified"))
 	}
 
+	if c.Scopes == nil {
+		c.Scopes = []string{
+			"https://www.googleapis.com/auth/userinfo.email",
+			"https://www.googleapis.com/auth/compute",
+			"https://www.googleapis.com/auth/devstorage.full_control",
+		}
+	}
+
 	if c.SourceImage == "" {
 		errs = packer.MultiErrorAppend(
 			errs, errors.New("a source_image must be specified"))
diff --git a/builder/googlecompute/config_test.go b/builder/googlecompute/config_test.go
index f54ba92e8..fcfd78f3b 100644
--- a/builder/googlecompute/config_test.go
+++ b/builder/googlecompute/config_test.go
@@ -128,6 +128,21 @@ func TestConfigPrepare(t *testing.T) {
 			"foo bar",
 			true,
 		},
+		{
+			"scopes",
+			[]string{},
+			false,
+		},
+		{
+			"scopes",
+			[]string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.full_control", "https://www.googleapis.com/auth/sqlservice.admin"},
+			false,
+		},
+		{
+			"scopes",
+			[]string{"https://www.googleapis.com/auth/cloud-platform"},
+			false,
+		},
 	}
 
 	for _, tc := range cases {
diff --git a/builder/googlecompute/driver.go b/builder/googlecompute/driver.go
index 0ccf17aa5..b60ad851c 100644
--- a/builder/googlecompute/driver.go
+++ b/builder/googlecompute/driver.go
@@ -67,6 +67,7 @@ type InstanceConfig struct {
 	OmitExternalIP      bool
 	Preemptible         bool
 	Region              string
+	Scopes              []string
 	ServiceAccountEmail string
 	Subnetwork          string
 	Tags                []string
diff --git a/builder/googlecompute/driver_gce.go b/builder/googlecompute/driver_gce.go
index 2da03157e..3d524d152 100644
--- a/builder/googlecompute/driver_gce.go
+++ b/builder/googlecompute/driver_gce.go
@@ -377,12 +377,8 @@ func (d *driverGCE) RunInstance(c *InstanceConfig) (<-chan error, error) {
 		},
 		ServiceAccounts: []*compute.ServiceAccount{
 			&compute.ServiceAccount{
-				Email: c.ServiceAccountEmail,
-				Scopes: []string{
-					"https://www.googleapis.com/auth/userinfo.email",
-					"https://www.googleapis.com/auth/compute",
-					"https://www.googleapis.com/auth/devstorage.full_control",
-				},
+				Email:  c.ServiceAccountEmail,
+				Scopes: c.Scopes,
 			},
 		},
 		Tags: &compute.Tags{
diff --git a/builder/googlecompute/step_create_instance.go b/builder/googlecompute/step_create_instance.go
index f4a2c8eb8..ab70fd450 100644
--- a/builder/googlecompute/step_create_instance.go
+++ b/builder/googlecompute/step_create_instance.go
@@ -100,6 +100,7 @@ func (s *StepCreateInstance) Run(state multistep.StateBag) multistep.StepAction
 		Preemptible:         c.Preemptible,
 		Region:              c.Region,
 		ServiceAccountEmail: c.Account.ClientEmail,
+		Scopes:              c.Scopes,
 		Subnetwork:          c.Subnetwork,
 		Tags:                c.Tags,
 		Zone:                c.Zone,

From 283d3e5758aa7ca18f0a9c4e6961c92acd8d81cf Mon Sep 17 00:00:00 2001
From: YAMADA Tsuyoshi <tyamada@minimum2scp.org>
Date: Sat, 22 Oct 2016 15:30:18 +0900
Subject: [PATCH 2/3] Updated document

---
 website/source/docs/builders/googlecompute.html.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/website/source/docs/builders/googlecompute.html.md b/website/source/docs/builders/googlecompute.html.md
index e24c899d3..bc6fc32cb 100644
--- a/website/source/docs/builders/googlecompute.html.md
+++ b/website/source/docs/builders/googlecompute.html.md
@@ -171,6 +171,10 @@ builder.
 -   `region` (string) - The region in which to launch the instance. Defaults to
     to the region hosting the specified `zone`.
 
+-   `scopes` (array of strings) - The service account scopes for launched instance.
+    Defaults to
+    `["https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.full_control"]`.
+
 -   `source_image_project_id` (string) - The project ID of the 
     project containing the source image.
 

From dd89aa7243bd63fd5e252489c0a22f7ccd5baa20 Mon Sep 17 00:00:00 2001
From: Rickard von Essen <rickard.von.essen@gmail.com>
Date: Sat, 22 Oct 2016 21:06:07 +0200
Subject: [PATCH 3/3] Formatted the default value and cleaned some trailing
 spaces.

---
 .../source/docs/builders/googlecompute.html.md    | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/website/source/docs/builders/googlecompute.html.md b/website/source/docs/builders/googlecompute.html.md
index bc6fc32cb..09f54b9c7 100644
--- a/website/source/docs/builders/googlecompute.html.md
+++ b/website/source/docs/builders/googlecompute.html.md
@@ -172,10 +172,15 @@ builder.
     to the region hosting the specified `zone`.
 
 -   `scopes` (array of strings) - The service account scopes for launched instance.
-    Defaults to
-    `["https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.full_control"]`.
+    Defaults to:
 
--   `source_image_project_id` (string) - The project ID of the 
+``` {.json}
+[ "https://www.googleapis.com/auth/userinfo.email",
+  "https://www.googleapis.com/auth/compute",
+  "https://www.googleapis.com/auth/devstorage.full_control" ]
+```
+
+-   `source_image_project_id` (string) - The project ID of the
     project containing the source image.
 
 -   `startup_script_file` (string) - The filepath to a startup script to run on 
@@ -194,10 +199,10 @@ builder.
 
 -   `use_internal_ip` (boolean) - If true, use the instance's internal IP
     instead of its external IP during building.
-    
+
 ## Startup Scripts
 
-Startup scripts can be a powerful tool for configuring the instance from which the image is made. 
+Startup scripts can be a powerful tool for configuring the instance from which the image is made.
 The builder will wait for a startup script to terminate. A startup script can be provided via the
 `startup_script_file` or 'startup-script' instance creation `metadata` field. Therefore, the build
 time will vary depending on the duration of the startup script. If `startup_script_file` is set,