translating gcloud container clusters create --scope into a Terraform config

Question

I have the following gcloud command:

gcloud container clusters create my-cluster \
     --region us-east1 \
     --node-locations us-east1-b,us-east1-c,us-east1-d \
     --disk-type=pd-ssd \
     --disk-size=50GB \
     --labels=portworx=gke \
     --machine-type=n1-highcpu-8 \
     --num-nodes=3 \
     --image-type ubuntu \
     --scopes compute-rw,storage-ro \
     --enable-autoscaling --max-nodes=6 --min-nodes=3

I'm trying to work out specifically what:

--scopes compute-rw,storage-ro

should translate to in my config, the nearest thing I can find to this is oauth_scopes, if this is what --scope maps to, what does compute_rw and storage-ro map to as oauth_scopes takes URLs.

Answer 1

That's correct, scopes translates to oauth_scopes in Terraform. From the Terraform documentation, you can see the definition:

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#oauth_scopes

oauth_scopes    = [
      "https://www.googleapis.com/auth/cloud-platform"
    ]

In your gcloud command, compute-rw means read and write and storage-ro means storage read only. That would translate to the following scopes:

oauth_scopes    = [
      "https://www.googleapis.com/auth/compute",
      "https://www.googleapis.com/auth/devstorage.read_only"
    ]