Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upstream GKE scopes description #7525

Merged
merged 1 commit into from
Oct 14, 2020
Merged

Upstream GKE scopes description #7525

merged 1 commit into from
Oct 14, 2020

Conversation

modular-magician
Copy link
Collaborator

Upstreams #7441

Downstream PR:

The oauth_scopes section of google_container_cluster has generated a lot of confusion since GCP no longer uses access scopes. The best practice is to use the https://www.googleapis.com/auth/cloud-platform scope and constrain permissions at the service account level. As currently documented, the examples guide the developer down the path of using legacy access scopes. This PR updates the documentation with the recommended configuration.

Related: #1962, #1817, #7391

If this PR is for Terraform, I acknowledge that I have:

  • Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
  • Generated Terraform, and ran make test and make lint to ensure it passes unit and linter tests.
  • Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
  • Ran relevant acceptance tests (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
  • Read the Release Notes Guide before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

Derived from GoogleCloudPlatform/magic-modules#4101

@modular-magician @tshak
Upstream GKE scopes description (hashicorp#4101)
45c90ca 
* GKE documentation recommends default oauth scope

The `oauth_scopes` section of `google_container_cluster` has generated a lot of confusion since GCP [no longer uses access scopes](https://cloud.google.com/kubernetes-engine/docs/how-to/access-scopes). The [best practice](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#best_practices) is to use the `https://www.googleapis.com/auth/cloud-platform` scope and constrain permissions at the service account level. As currently documented, the examples guide the developer down the path of using legacy access scopes. This PR updates the documentation with the recommended configuration.

Related: hashicorp#1962, hashicorp#1817, hashicorp#7391

* Add note to node_config.oauth_scopes pointing to official docs

Co-authored-by: tshak <[email protected]>
Signed-off-by: Modular Magician <[email protected]>
@ghost ghost added the size/xs label Oct 14, 2020
@modular-magician modular-magician merged commit e897113 into hashicorp:master Oct 14, 2020
@ghost
Copy link

ghost commented Nov 14, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Nov 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
size/xs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@modular-magician