Terraform-provider-google: Add --oauth-service-account-email and --oauth-token-scope to cloud scheduler resource
Description
Add --oauth-service-account-email and --oauth-token-scope to cloud scheduler resource so that we can use cloud scheduler to make gcp rest calls.
New or Affected Resource(s)
google_cloud_scheduler_job
Potential Terraform Configuration
resource "google_cloud_scheduler_job" "job" {
name = "test-job"
schedule = "*/4 * * * *"
oauth-service-account-email = "[email protected]"
oauth-token-scope = "https://www.googleapis.com/auth/cloud-platform"
http_target {
uri = "https://region-gcp_project.cloudfunctions.net/func_name"
http_method = "POST"
}
}
Revised implementation Taken from @francoissera comment below.
resource "google_cloud_scheduler_job" "job" {
name = "test-job"
schedule = "*/4 * * * *"
http_target {
uri = "https://region-gcp_project.cloudfunctions.net/func_name"
http_method = "POST"
oauthToken = {
serviceAccountEmail = "myservice_account_email}"
audience = "https://region-gcp_project.cloudfunctions.net/func_name"
}
}
}
spacetj
All 6 comments
I think oauthToken and oidcToken are part of HttpTarget and not AppEngineHttpTarget, as stated in the API doc https://cloud.google.com/scheduler/docs/reference/rest/v1/projects.locations.jobs#httptarget
for example, to schedule the call of a http triggered cloud function with authentication enabled:
resource "google_cloud_scheduler_job" "job" {
name = "test-job"
schedule = "*/4 * * * *"
http_target {
uri = "https://region-gcp_project.cloudfunctions.net/func_name"
http_method = "POST"
oidcToken = {
serviceAccountEmail = "myservice_account_email}"
audience = "https://region-gcp_project.cloudfunctions.net/func_name"
}
}
}
francoisserra
on 25 Jul 2019
You're right @francoisserra. I have updated and credited my initial issue to take in your changes. Thanks for the feedback.
spacetj
on 26 Jul 2019
I would really like to see this so Cloud Scheduler jobs that call authenticated Cloud Run apps can be fully managed with Terraform.
chriswacker
on 29 Jul 2019
Should that be "oauth-token-scopes", plural and array, and not a singular "oauth-token-scope"? E.g.
oauth-token-scopes = [ "https://www.googleapis.com/auth/admin.directory.group", "https://www.googleapis.com/auth/admin.directory.user", ]
More often than not I use narrow scopes for my applications, have to use multiple.
SP3269
on 16 Aug 2019
Thanks @spacetj for opening this issue. It's been closed with #4222 and will be released shortly.
megan07
on 16 Aug 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 16 Sep 2019
Related issues
jpza
·
42Comments
nysthee
·
45Comments
josephlewis42
·
33Comments
shaulishaked
·
24Comments
Mistobaan
·
35Comments
Most helpful comment
I think
oauthTokenandoidcTokenare part of HttpTarget and not AppEngineHttpTarget, as stated in the API doc https://cloud.google.com/scheduler/docs/reference/rest/v1/projects.locations.jobs#httptargetfor example, to schedule the call of a http triggered cloud function with authentication enabled: