Service account scopes are not taken in InstanceTemplate

[albertpx]

Hello!

• Vote on this issue by adding a 👍 reaction
• To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already)

Issue details

Set custom scopes to service account in instance template:

        scopes=[
            "logging-write",
            "monitoring-write"
        ],
        email=service_account.email

While the service account name itself would be correct, the scopes will be all disabled.

This is working properly using the classic gcp module.

Steps to reproduce

Same as above

Expected: correct scopes would be set Actual: all scopes are disabled.

[tall3n]

i experienced something similar on the instance compute side.

In Classic you could use for instance cloud-platform, in native you have to use the URL. cloud-platform vs. https://www.googleapis.com/auth/cloud-platform

However, on the Instance (Non Managed) side it would throw and error.