Terraform variable for GCP scopes

Question

I would like to create one variable for various GCP scopes, and then use that variable (of scopes) when I create GCP compute instances.

https://cloud.google.com/sdk/gcloud/reference/alpha/compute/instances/set-scopes#--scopes

In other words, I would like to AVOID having to write out this long mess of URLs when we make each new instance. What is the best way to do this with Terraform?

service_account {

        scopes               = ["https://www.googleapis.com/auth/devstorage.read_only",
                                "https://www.googleapis.com/auth/logging.write",
                                "https://www.googleapis.com/auth/monitoring.write",
                                "https://www.googleapis.com/auth/pubsub",
                                "https://www.googleapis.com/auth/service.management.readonly",
                                "https://www.googleapis.com/auth/servicecontrol",
                                "https://www.googleapis.com/auth/trace.append",
                                "https://www.googleapis.com/auth/cloud-platform",
                                "https://www.googleapis.com/auth/cloud-platform.read-only",
                                "https://www.googleapis.com/auth/cloudplatformprojects",
                                "https://www.googleapis.com/auth/cloudplatformprojects.readonly"]

    }

terraform --version Terraform v0.12.12 + provider.google v2.17.0

Carlo Mencarelli Carlo Mencarelli · Accepted Answer · 2019-10-29T17:15:03

Assuming Terraform 0.12.x you can do this with a list type variable (Ref: https://www.terraform.io/docs/configuration/variables.html)

In your main.tf (or whichever Terraform file you're using):

variable "account_scopes" {
    default = []
    type = list(string)
    description = "List of service account scopes"
}

resource "google_compute_instance" "default" {
    name         = "Hostname"
    machine_type = "n1-standard-2"
    zone         = "us-central1-b"

    boot_disk {
        initialize_params {
            image = "projects/centos-cloud/global/images/centos-8-v20191018"
        }
    }

    scratch_disk {
    }

    network_interface {
        network = "default"
    }

    service_account {
        scopes = var.account_scopes
    }
}

terraform.auto.tfvars

account_scopes = [
                  "https://www.googleapis.com/auth/devstorage.read_only",
                  "https://www.googleapis.com/auth/logging.write",
                  "https://www.googleapis.com/auth/monitoring.write",
                  "https://www.googleapis.com/auth/pubsub",
                  "https://www.googleapis.com/auth/service.management.readonly",
                  "https://www.googleapis.com/auth/servicecontrol",
                  "https://www.googleapis.com/auth/trace.append",
                  "https://www.googleapis.com/auth/cloud-platform",
                  "https://www.googleapis.com/auth/cloud-platform.read-only",
                  "https://www.googleapis.com/auth/cloudplatformprojects",
                  "https://www.googleapis.com/auth/cloudplatformprojects.readonly"
                  ]

Terraform variable for GCP scopes

1 Answers