Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GKE documentation recommends default oauth scope #7441

Merged
merged 1 commit into from
Oct 14, 2020
Merged

GKE documentation recommends default oauth scope #7441

merged 1 commit into from
Oct 14, 2020

Conversation

tshak
Copy link
Contributor

@tshak tshak commented Oct 6, 2020

The oauth_scopes section of google_container_cluster has generated a lot of confusion since GCP no longer uses access scopes. The best practice is to use the https://www.googleapis.com/auth/cloud-platform scope and constrain permissions at the service account level. As currently documented, the examples guide the developer down the path of using legacy access scopes. This PR updates the documentation with the recommended configuration.

Related: #1962, #1817, #7391

@tshak
GKE documentation recommends default oauth scope
b979b7b 
The `oauth_scopes` section of `google_container_cluster` has generated a lot of confusion since GCP [no longer uses access scopes](https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes). The [best practice](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#best_practices) is to use the `https://www.googleapis.com/auth/cloud-platform` scope and constrain permissions at the service account level. As currently documented, the examples guide the developer down the path of using legacy access scopes. This PR updates the documentation with the recommended configuration. 

Related: #1962, #1817, #7391
@ghost ghost added size/xs labels Oct 6, 2020
@ghost ghost requested a review from slevenick October 6, 2020 14:04
@slevenick slevenick mentioned this pull request Oct 13, 2020
Merged
5 tasks
slevenick
slevenick approved these changes Oct 14, 2020
View reviewed changes
Copy link
Collaborator

@slevenick slevenick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution! I've also added similar documentation to the node_config.oauth_scopes field in the upstream PR.

@slevenick slevenick merged commit f9893e0 into hashicorp:master Oct 14, 2020
This was referenced Oct 14, 2020
Merged
Merged
@tshak tshak deleted the patch-2 branch October 16, 2020 12:03
@ghost
Copy link

ghost commented Nov 14, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Nov 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@slevenick slevenick slevenick approved these changes

Assignees
No one assigned
Labels
size/xs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tshak @slevenick