libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LIBCLOUD-578) GCE: Allow service account permission selection in create_node
Date Fri, 10 Oct 2014 16:04:33 GMT

    [ https://issues.apache.org/jira/browse/LIBCLOUD-578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14167041#comment-14167041
] 

ASF GitHub Bot commented on LIBCLOUD-578:
-----------------------------------------

GitHub user erjohnso opened a pull request:

    https://github.com/apache/libcloud/pull/372

    LIBCLOUD-578: GCE adding Service Accounts to create_node

    Adding support for user-defined Service Account scopes when creating nodes in the GCE
driver.  The default for this new paramter is modeled after both the Google Developers Console
and Cloud SDK and sets an instance's (node's) default serviceAccount to,
    
    ```
    [{'email': 'default',
    'scopes': ['https://www.googleapis.com/auth/devstorage.read_only']
    }]
    ```
    
    To better match Google tools, short-name aliases as documented in Cloud SDK's `gcloud
compute instances create --help` are supported.
    
    Typical usage would likely just use the 'default' email for the Service Account but allow
overriding the list of scopes.  For example,
    
    ```
    ex_service_accounts = [{'scopes': ['bigquery','compute-ro', 'pubsub']}]
    ```
    
    Will map to,
    
    ```
    [{'email': 'default',
    'scopes': [
      'https://www.googleapis.com/auth/bigquery',
      'https://www.googleapis.com/auth/compute.readonly',
      'https://www.googleapis.com/auth/pubsub'
      ]
    }]
    ```
    
    GCE public docs on this capability are,
    https://cloud.google.com/compute/docs/authentication
    https://cloud.google.com/compute/docs/reference/latest/instances#resource
    
    
    /cc @ross-p


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/erjohnso/libcloud LIBCLOUD-578_gce_service_accounts

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/libcloud/pull/372.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #372
    
----
commit 1063f711e33caa854a61a0c44984cfac12e10cf8
Author: Eric Johnson <erjohnso@google.com>
Date:   2014-10-10T15:52:02Z

    LIBCLOUD-578: GCE adding Service Accounts to create_node

----


> GCE: Allow service account permission selection in create_node
> --------------------------------------------------------------
>
>                 Key: LIBCLOUD-578
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-578
>             Project: Libcloud
>          Issue Type: New Feature
>          Components: Compute
>         Environment: Google Compute Engine
>            Reporter: Alex Young
>
> Presently there is no way to specify service account permissions when building a new
node.  This prevents the created instance from accessing other services when needed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message