Uploaded image for project: 'Libcloud'
  1. Libcloud
  2. LIBCLOUD-578

GCE: Allow service account permission selection in create_node

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Compute
    • Labels:
    • Environment:

      Google Compute Engine

      Description

      Presently there is no way to specify service account permissions when building a new node. This prevents the created instance from accessing other services when needed.

        Activity

        Hide
        githubbot ASF GitHub Bot added a comment -

        GitHub user erjohnso opened a pull request:

        https://github.com/apache/libcloud/pull/372

        LIBCLOUD-578: GCE adding Service Accounts to create_node

        Adding support for user-defined Service Account scopes when creating nodes in the GCE driver. The default for this new paramter is modeled after both the Google Developers Console and Cloud SDK and sets an instance's (node's) default serviceAccount to,

        ```
        [

        {'email': 'default', 'scopes': ['https://www.googleapis.com/auth/devstorage.read_only'] }

        ]
        ```

        To better match Google tools, short-name aliases as documented in Cloud SDK's `gcloud compute instances create --help` are supported.

        Typical usage would likely just use the 'default' email for the Service Account but allow overriding the list of scopes. For example,

        ```
        ex_service_accounts = [

        {'scopes': ['bigquery','compute-ro', 'pubsub']}

        ]
        ```

        Will map to,

        ```
        [

        {'email': 'default', 'scopes': [ 'https://www.googleapis.com/auth/bigquery', 'https://www.googleapis.com/auth/compute.readonly', 'https://www.googleapis.com/auth/pubsub' ] }

        ]
        ```

        GCE public docs on this capability are,
        https://cloud.google.com/compute/docs/authentication
        https://cloud.google.com/compute/docs/reference/latest/instances#resource

        /cc @ross-p

        You can merge this pull request into a Git repository by running:

        $ git pull https://github.com/erjohnso/libcloud LIBCLOUD-578_gce_service_accounts

        Alternatively you can review and apply these changes as the patch at:

        https://github.com/apache/libcloud/pull/372.patch

        To close this pull request, make a commit to your master/trunk branch
        with (at least) the following in the commit message:

        This closes #372


        commit 1063f711e33caa854a61a0c44984cfac12e10cf8
        Author: Eric Johnson <erjohnso@google.com>
        Date: 2014-10-10T15:52:02Z

        LIBCLOUD-578: GCE adding Service Accounts to create_node


        Show
        githubbot ASF GitHub Bot added a comment - GitHub user erjohnso opened a pull request: https://github.com/apache/libcloud/pull/372 LIBCLOUD-578 : GCE adding Service Accounts to create_node Adding support for user-defined Service Account scopes when creating nodes in the GCE driver. The default for this new paramter is modeled after both the Google Developers Console and Cloud SDK and sets an instance's (node's) default serviceAccount to, ``` [ {'email': 'default', 'scopes': ['https://www.googleapis.com/auth/devstorage.read_only'] } ] ``` To better match Google tools, short-name aliases as documented in Cloud SDK's `gcloud compute instances create --help` are supported. Typical usage would likely just use the 'default' email for the Service Account but allow overriding the list of scopes. For example, ``` ex_service_accounts = [ {'scopes': ['bigquery','compute-ro', 'pubsub']} ] ``` Will map to, ``` [ {'email': 'default', 'scopes': [ 'https://www.googleapis.com/auth/bigquery', 'https://www.googleapis.com/auth/compute.readonly', 'https://www.googleapis.com/auth/pubsub' ] } ] ``` GCE public docs on this capability are, https://cloud.google.com/compute/docs/authentication https://cloud.google.com/compute/docs/reference/latest/instances#resource /cc @ross-p You can merge this pull request into a Git repository by running: $ git pull https://github.com/erjohnso/libcloud LIBCLOUD-578 _gce_service_accounts Alternatively you can review and apply these changes as the patch at: https://github.com/apache/libcloud/pull/372.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #372 commit 1063f711e33caa854a61a0c44984cfac12e10cf8 Author: Eric Johnson <erjohnso@google.com> Date: 2014-10-10T15:52:02Z LIBCLOUD-578 : GCE adding Service Accounts to create_node
        Hide
        erjohnso Eric Johnson added a comment -

        Hi Alex,

        Better late than never?

        https://github.com/apache/libcloud/pull/372

        Feel free to comment if you don't think this will cover your needs.

        -Eric

        Show
        erjohnso Eric Johnson added a comment - Hi Alex, Better late than never? https://github.com/apache/libcloud/pull/372 Feel free to comment if you don't think this will cover your needs. -Eric
        Hide
        jira-bot ASF subversion and git services added a comment -

        Commit a38ade58404f155c5de82a2a9512809856f63f17 in libcloud's branch refs/heads/trunk from Eric Johnson
        [ https://git-wip-us.apache.org/repos/asf?p=libcloud.git;h=a38ade5 ]

        LIBCLOUD-578: GCE adding Service Accounts to create_node

        Closes #372

        Signed-off-by: Tomaz Muraus <tomaz@apache.org>

        Show
        jira-bot ASF subversion and git services added a comment - Commit a38ade58404f155c5de82a2a9512809856f63f17 in libcloud's branch refs/heads/trunk from Eric Johnson [ https://git-wip-us.apache.org/repos/asf?p=libcloud.git;h=a38ade5 ] LIBCLOUD-578 : GCE adding Service Accounts to create_node Closes #372 Signed-off-by: Tomaz Muraus <tomaz@apache.org>
        Hide
        githubbot ASF GitHub Bot added a comment -

        Github user asfgit closed the pull request at:

        https://github.com/apache/libcloud/pull/372

        Show
        githubbot ASF GitHub Bot added a comment - Github user asfgit closed the pull request at: https://github.com/apache/libcloud/pull/372
        Hide
        erjohnso Eric Johnson added a comment -

        No feedback from OP, merged to trunk. I believe this can be closed now.

        Show
        erjohnso Eric Johnson added a comment - No feedback from OP, merged to trunk. I believe this can be closed now.

          People

          • Assignee:
            erjohnso Eric Johnson
            Reporter:
            ayoung Alex Young
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development