gcp: support projects with no default permissions (#3656)

* helm/gcp: use service account in operator and joinservice * helm: format operator testdata * terraform/iam: create additional service account for VMs This service account is used in the following commits and is attached to the VMs * config: pass VM service account from iam create to cluster create via config * cli/iamcreate: limit name prefix length * docs: add minimal gcp IAM permissions
2025-07-22 23:10:36 -04:00 · 2025-03-25 14:13:38 +01:00 · 2025-03-25 14:13:38 +01:00 · 66815a4a47
commit 66815a4a47
parent 83e08e3e37
42 changed files with 771 additions and 466 deletions
--- a/cli/internal/terraform/variables_test.go
+++ b/cli/internal/terraform/variables_test.go
@ -122,8 +122,9 @@ func TestGCPClusterVariables(t *testing.T) {
 				DiskType:        "pd-ssd",
 			},
 		},
-		CustomEndpoint: "example.com",
-		CCTechnology:   "SEV_SNP",
+		CustomEndpoint:      "example.com",
+		CCTechnology:        "SEV_SNP",
+		IAMServiceAccountVM: "example@example.com",
 	}

 	// test that the variables are correctly rendered
@ -151,10 +152,11 @@ node_groups = {
    zone          = "eu-central-1b"
  }
 }
-custom_endpoint        = "example.com"
-internal_load_balancer = false
-cc_technology          = "SEV_SNP"
-additional_labels        = null
+custom_endpoint        	= "example.com"
+internal_load_balancer	= false
+cc_technology           = "SEV_SNP"
+iam_service_account_vm	= "example@example.com"
+additional_labels      	= null
 `
 	got := vars.String()
 	assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
@ -173,9 +175,27 @@ func TestGCPIAMVariables(t *testing.T) {
 region             = "eu-central-1"
 zone               = "eu-central-1a"
 service_account_id = "my-service-account"
+name_prefix        = ""
 `
 	got := vars.String()
 	assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
+
+	vars = GCPIAMVariables{
+		Project:    "my-project",
+		Region:     "eu-central-1",
+		Zone:       "eu-central-1a",
+		NamePrefix: "my-prefix",
+	}
+
+	// test that the variables are correctly rendered
+	want = `project_id         = "my-project"
+region             = "eu-central-1"
+zone               = "eu-central-1a"
+service_account_id = ""
+name_prefix        = "my-prefix"
+`
+	got = vars.String()
+	assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
 }

 func TestAzureClusterVariables(t *testing.T) {