Skip to content

Commit

Permalink
Clarify dataproc SA scopes computed-ness (hashicorp#1128)
Browse files Browse the repository at this point in the history
Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician authored and rileykarson committed Sep 9, 2019
1 parent 77114d1 commit ae6660a
Showing 1 changed file with 16 additions and 4 deletions.
20 changes: 16 additions & 4 deletions website/docs/r/dataproc_cluster.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,17 @@ resource "google_dataproc_cluster" "mycluster" {
gce_cluster_config {
#network = "${google_compute_network.dataproc_network.name}"
tags = ["foo", "bar"]
service_account_scopes = [
# User supplied scopes
"https://www.googleapis.com/auth/monitoring",
# The following scopes necessary for the cluster to function properly are
# always added, even if not explicitly specified:
# useraccounts-ro: https://www.googleapis.com/auth/cloud.useraccounts.readonly
# storage-rw: https://www.googleapis.com/auth/devstorage.read_write
# logging-write: https://www.googleapis.com/auth/logging.write
"useraccounts-ro","storage-rw","logging-write"
]
}
# You can define multiple initialization_action blocks
Expand Down Expand Up @@ -209,10 +220,11 @@ The `cluster_config.gce_cluster_config` block supports:
* `service_account` - (Optional) The service account to be used by the Node VMs.
If not specified, the "default" service account is used.

* `service_account_scopes` - (Optional, Computed) The set of Google API scopes to be made available
on all of the node VMs under the `service_account` specified. These can be
either FQDNs, or scope aliases. The following scopes are necessary to ensure
the correct functioning of the cluster:
* `service_account_scopes` - (Optional, Computed) The set of Google API scopes
to be made available on all of the node VMs under the `service_account`
specified. These can be either FQDNs, or scope aliases. The following scopes
must be set if any other scopes are set. They're necessary to ensure the
correct functioning ofthe cluster, and are set automatically by the API:

* `useraccounts-ro` (`https://www.googleapis.com/auth/cloud.useraccounts.readonly`)
* `storage-rw` (`https://www.googleapis.com/auth/devstorage.read_write`)
Expand Down

0 comments on commit ae6660a

Please sign in to comment.