[jira] [Commented] (LIBCLOUD-578) GCE: Allow service account permission selection in create_node

Fri, 10 Oct 2014 09:05:48 -0700 

    [ 
https://issues.apache.org/jira/browse/LIBCLOUD-578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14167041#comment-14167041
 ] 

ASF GitHub Bot commented on LIBCLOUD-578:
-----------------------------------------

GitHub user erjohnso opened a pull request:

    https://github.com/apache/libcloud/pull/372

    LIBCLOUD-578: GCE adding Service Accounts to create_node

    Adding support for user-defined Service Account scopes when creating nodes 
in the GCE driver.  The default for this new paramter is modeled after both the 
Google Developers Console and Cloud SDK and sets an instance's (node's) default 
serviceAccount to,
    
    ```
    [{'email': 'default',
    'scopes': ['https://www.googleapis.com/auth/devstorage.read_only']
    }]
    ```
    
    To better match Google tools, short-name aliases as documented in Cloud 
SDK's `gcloud compute instances create --help` are supported.
    
    Typical usage would likely just use the 'default' email for the Service 
Account but allow overriding the list of scopes.  For example,
    
    ```
    ex_service_accounts = [{'scopes': ['bigquery','compute-ro', 'pubsub']}]
    ```
    
    Will map to,
    
    ```
    [{'email': 'default',
    'scopes': [
      'https://www.googleapis.com/auth/bigquery',
      'https://www.googleapis.com/auth/compute.readonly',
      'https://www.googleapis.com/auth/pubsub'
      ]
    }]
    ```
    
    GCE public docs on this capability are,
    https://cloud.google.com/compute/docs/authentication
    https://cloud.google.com/compute/docs/reference/latest/instances#resource
    
    
    /cc @ross-p


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/erjohnso/libcloud 
LIBCLOUD-578_gce_service_accounts

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/libcloud/pull/372.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #372
    
----
commit 1063f711e33caa854a61a0c44984cfac12e10cf8
Author: Eric Johnson <[email protected]>
Date:   2014-10-10T15:52:02Z

    LIBCLOUD-578: GCE adding Service Accounts to create_node

----


> GCE: Allow service account permission selection in create_node
> --------------------------------------------------------------
>
>                 Key: LIBCLOUD-578
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-578
>             Project: Libcloud
>          Issue Type: New Feature
>          Components: Compute
>         Environment: Google Compute Engine
>            Reporter: Alex Young
>
> Presently there is no way to specify service account permissions when 
> building a new node.  This prevents the created instance from accessing other 
> services when needed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to