Merge pull request #94 from lantier/feature/node-pools-oauth-scopes

morgante · web-flow · commit 439a1e39cb0e · 2019-04-12T13:39:41.000-07:00
Add feature to define individual oauth scopes to node pools
diff --git a/README.md b/README.md
@@ -44,6 +44,14 @@ module "gke" {
     },
   ]
 
+  node_pools_oauth_scopes = {
+    all     = []
+
+    default-node-pool = [
+      "https://www.googleapis.com/auth/cloud-platform",
+    ]
+  }
+
   node_pools_labels = {
     all = {}
 
diff --git a/cluster_regional.tf b/cluster_regional.tf
@@ -132,9 +132,7 @@ resource "google_container_node_pool" "pools" {
     service_account = "${lookup(var.node_pools[count.index], "service_account", local.service_account)}"
     preemptible     = "${lookup(var.node_pools[count.index], "preemptible", false)}"
 
-    oauth_scopes = [
-      "https://www.googleapis.com/auth/cloud-platform",
-    ]
+    oauth_scopes = ["${concat(var.node_pools_oauth_scopes["all"], var.node_pools_oauth_scopes[lookup(var.node_pools[count.index], "name")])}"]
   }
 
   lifecycle {
diff --git a/cluster_zonal.tf b/cluster_zonal.tf
@@ -132,9 +132,7 @@ resource "google_container_node_pool" "zonal_pools" {
     service_account = "${lookup(var.node_pools[count.index], "service_account", local.service_account)}"
     preemptible     = "${lookup(var.node_pools[count.index], "preemptible", false)}"
 
-    oauth_scopes = [
-      "https://www.googleapis.com/auth/cloud-platform",
-    ]
+    oauth_scopes = ["${concat(var.node_pools_oauth_scopes["all"], var.node_pools_oauth_scopes[lookup(var.node_pools[count.index], "name")])}"]
   }
 
   lifecycle {
diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf
@@ -63,6 +63,14 @@ module "gke" {
     },
   ]
 
+  node_pools_oauth_scopes = {
+    all     = []
+
+    pool-01 = []
+    
+    pool-02 = []
+  }
+  
   node_pools_metadata = {
     all = {}
 
diff --git a/variables.tf b/variables.tf
@@ -180,6 +180,16 @@ variable "node_pools_tags" {
   }
 }
 
+variable "node_pools_oauth_scopes" {
+  type        = "map"
+  description = "Map of lists containing node oauth scopes by node-pool name"
+
+  default = {
+    all               = ["https://www.googleapis.com/auth/cloud-platform"]
+    default-node-pool = []
+  }
+}
+
 variable "stub_domains" {
   type        = "map"
   description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"

Original file line number	Diff line number	Diff line change
`@@ -132,9 +132,7 @@ resource "google_container_node_pool" "pools" {`
`132`	`132`	`service_account = "${lookup(var.node_pools[count.index], "service_account", local.service_account)}"`
`133`	`133`	`preemptible = "${lookup(var.node_pools[count.index], "preemptible", false)}"`
`134`	`134`
`135`		`- oauth_scopes = [`
`136`		`- "https://www.googleapis.com/auth/cloud-platform",`
`137`		`- ]`
	`135`	`+ oauth_scopes = ["${concat(var.node_pools_oauth_scopes["all"], var.node_pools_oauth_scopes[lookup(var.node_pools[count.index], "name")])}"]`
`138`	`136`	`}`
`139`	`137`
`140`	`138`	`lifecycle {`