From bda22ef5e7efedbcff5aa2c16f6df2d3798412d1 Mon Sep 17 00:00:00 2001
From: Tom Downes <tpdownes@google.com>
Date: Fri, 15 Mar 2024 10:18:35 -0500
Subject: [PATCH] Align service account scopes naming convention in Packer
 module with rest of the Toolkit

---
 modules/packer/custom-image/README.md               |  3 ++-
 modules/packer/custom-image/variables.pkr.hcl       | 13 ++++++++++++-
 .../expectations/igc_pkr/one/image/image.pkr.hcl    |  1 +
 .../igc_pkr/one/image/variables.pkr.hcl             | 13 ++++++++++++-
 .../text_escape/zero/lime/image.pkr.hcl             |  1 +
 .../text_escape/zero/lime/variables.pkr.hcl         | 13 ++++++++++++-
 6 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/modules/packer/custom-image/README.md b/modules/packer/custom-image/README.md
index 69f3823a56..0955b65ade 100644
--- a/modules/packer/custom-image/README.md
+++ b/modules/packer/custom-image/README.md
@@ -286,8 +286,9 @@ No resources.
 | <a name="input_omit_external_ip"></a> [omit\_external\_ip](#input\_omit\_external\_ip) | Provision the image building VM without a public IP address | `bool` | `true` | no |
 | <a name="input_on_host_maintenance"></a> [on\_host\_maintenance](#input\_on\_host\_maintenance) | Describes maintenance behavior for the instance. If left blank this will default to `MIGRATE` except the use of GPUs requires it to be `TERMINATE` | `string` | `null` | no |
 | <a name="input_project_id"></a> [project\_id](#input\_project\_id) | Project in which to create VM and image | `string` | n/a | yes |
-| <a name="input_scopes"></a> [scopes](#input\_scopes) | Service account scopes to attach to the instance. See<br>https://cloud.google.com/compute/docs/access/service-accounts. | `list(string)` | <pre>[<br>  "https://www.googleapis.com/auth/cloud-platform"<br>]</pre> | no |
+| <a name="input_scopes"></a> [scopes](#input\_scopes) | DEPRECATED: use var.service\_account\_scopes | `set(string)` | `null` | no |
 | <a name="input_service_account_email"></a> [service\_account\_email](#input\_service\_account\_email) | The service account email to use. If null or 'default', then the default Compute Engine service account will be used. | `string` | `null` | no |
+| <a name="input_service_account_scopes"></a> [service\_account\_scopes](#input\_service\_account\_scopes) | Service account scopes to attach to the instance. See<br>https://cloud.google.com/compute/docs/access/service-accounts. | `set(string)` | <pre>[<br>  "https://www.googleapis.com/auth/cloud-platform"<br>]</pre> | no |
 | <a name="input_shell_scripts"></a> [shell\_scripts](#input\_shell\_scripts) | A list of paths to local shell scripts which will be uploaded to customize the VM image | `list(string)` | `[]` | no |
 | <a name="input_shielded_instance_config"></a> [shielded\_instance\_config](#input\_shielded\_instance\_config) | Shielded VM configuration for the instance (must set var.enabled\_shielded\_vm) | <pre>object({<br>    enable_secure_boot          = bool<br>    enable_vtpm                 = bool<br>    enable_integrity_monitoring = bool<br>  })</pre> | <pre>{<br>  "enable_integrity_monitoring": true,<br>  "enable_secure_boot": true,<br>  "enable_vtpm": true<br>}</pre> | no |
 | <a name="input_source_image"></a> [source\_image](#input\_source\_image) | Source OS image to build from | `string` | `null` | no |
diff --git a/modules/packer/custom-image/variables.pkr.hcl b/modules/packer/custom-image/variables.pkr.hcl
index 6e455ef46a..ce2b51b3e1 100644
--- a/modules/packer/custom-image/variables.pkr.hcl
+++ b/modules/packer/custom-image/variables.pkr.hcl
@@ -109,11 +109,22 @@ variable "service_account_email" {
 }
 
 variable "scopes" {
+  description = "DEPRECATED: use var.service_account_scopes"
+  type        = set(string)
+  default     = null
+
+  validation {
+    condition     = var.scopes == null
+    error_message = "DEPRECATED: var.scopes was renamed to var.service_account_scopes with identical format."
+  }
+}
+
+variable "service_account_scopes" {
   description = <<EOD
 Service account scopes to attach to the instance. See
 https://cloud.google.com/compute/docs/access/service-accounts.
 EOD
-  type        = list(string)
+  type        = set(string)
   default = [
     "https://www.googleapis.com/auth/cloud-platform",
   ]
diff --git a/tools/validate_configs/golden_copies/expectations/igc_pkr/one/image/image.pkr.hcl b/tools/validate_configs/golden_copies/expectations/igc_pkr/one/image/image.pkr.hcl
index e243ca5665..9a9a0aa93d 100644
--- a/tools/validate_configs/golden_copies/expectations/igc_pkr/one/image/image.pkr.hcl
+++ b/tools/validate_configs/golden_copies/expectations/igc_pkr/one/image/image.pkr.hcl
@@ -107,6 +107,7 @@ source "googlecompute" "toolkit_image" {
   use_internal_ip             = var.omit_external_ip
   subnetwork                  = var.subnetwork_name
   network_project_id          = var.network_project_id
+  service_account_email       = var.service_account_email
   scopes                      = var.scopes
   source_image                = var.source_image
   source_image_family         = var.source_image_family
diff --git a/tools/validate_configs/golden_copies/expectations/igc_pkr/one/image/variables.pkr.hcl b/tools/validate_configs/golden_copies/expectations/igc_pkr/one/image/variables.pkr.hcl
index 6e455ef46a..ce2b51b3e1 100644
--- a/tools/validate_configs/golden_copies/expectations/igc_pkr/one/image/variables.pkr.hcl
+++ b/tools/validate_configs/golden_copies/expectations/igc_pkr/one/image/variables.pkr.hcl
@@ -109,11 +109,22 @@ variable "service_account_email" {
 }
 
 variable "scopes" {
+  description = "DEPRECATED: use var.service_account_scopes"
+  type        = set(string)
+  default     = null
+
+  validation {
+    condition     = var.scopes == null
+    error_message = "DEPRECATED: var.scopes was renamed to var.service_account_scopes with identical format."
+  }
+}
+
+variable "service_account_scopes" {
   description = <<EOD
 Service account scopes to attach to the instance. See
 https://cloud.google.com/compute/docs/access/service-accounts.
 EOD
-  type        = list(string)
+  type        = set(string)
   default = [
     "https://www.googleapis.com/auth/cloud-platform",
   ]
diff --git a/tools/validate_configs/golden_copies/expectations/text_escape/zero/lime/image.pkr.hcl b/tools/validate_configs/golden_copies/expectations/text_escape/zero/lime/image.pkr.hcl
index e243ca5665..9a9a0aa93d 100644
--- a/tools/validate_configs/golden_copies/expectations/text_escape/zero/lime/image.pkr.hcl
+++ b/tools/validate_configs/golden_copies/expectations/text_escape/zero/lime/image.pkr.hcl
@@ -107,6 +107,7 @@ source "googlecompute" "toolkit_image" {
   use_internal_ip             = var.omit_external_ip
   subnetwork                  = var.subnetwork_name
   network_project_id          = var.network_project_id
+  service_account_email       = var.service_account_email
   scopes                      = var.scopes
   source_image                = var.source_image
   source_image_family         = var.source_image_family
diff --git a/tools/validate_configs/golden_copies/expectations/text_escape/zero/lime/variables.pkr.hcl b/tools/validate_configs/golden_copies/expectations/text_escape/zero/lime/variables.pkr.hcl
index 6e455ef46a..ce2b51b3e1 100644
--- a/tools/validate_configs/golden_copies/expectations/text_escape/zero/lime/variables.pkr.hcl
+++ b/tools/validate_configs/golden_copies/expectations/text_escape/zero/lime/variables.pkr.hcl
@@ -109,11 +109,22 @@ variable "service_account_email" {
 }
 
 variable "scopes" {
+  description = "DEPRECATED: use var.service_account_scopes"
+  type        = set(string)
+  default     = null
+
+  validation {
+    condition     = var.scopes == null
+    error_message = "DEPRECATED: var.scopes was renamed to var.service_account_scopes with identical format."
+  }
+}
+
+variable "service_account_scopes" {
   description = <<EOD
 Service account scopes to attach to the instance. See
 https://cloud.google.com/compute/docs/access/service-accounts.
 EOD
-  type        = list(string)
+  type        = set(string)
   default = [
     "https://www.googleapis.com/auth/cloud-platform",
   ]