search

vmware-archive / terraforming-gcp

use terraform, deploy yourself a pcf
Apache License 2.0
71 stars 87 forks source link

Make the deployer service account be optional #121

Open EronWright opened 5 years ago

EronWright commented 5 years ago

It would be nice if the script could be used without requiring that a powerful service account be created (service_account_key var). What is the justification for such an account? The instructions would be simpler if one could simply use their own account.

The underlying Google provider for TF supports various options for credentials; one option is simply to use the Application Default Credentials, which may make it possible to directly use the user identity (via gcloud auth application-default login) (more information).

Suggestion: allow more flexible configuration of the credentials block of the google provider.

jasonbisson commented 5 years ago

+1 If it's a greenfield environment running the Terraform execution on the GCP platform provides the option to remove the service key.