From b51ee347cbd2c26c1af45177d427ffb62b008b39 Mon Sep 17 00:00:00 2001
From: Chi Zhang <chizhg@google.com>
Date: Mon, 27 Jan 2020 17:39:26 -0800
Subject: [PATCH] give cloud-platform scope by default (#1015)

---
 test/gke/request.go                           |  9 +++++++
 .../clustermanager/e2e-tests/gke_test.go      | 26 +++++++++----------
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/test/gke/request.go b/test/gke/request.go
index 0cb89fc6f..c1fe803b5 100644
--- a/test/gke/request.go
+++ b/test/gke/request.go
@@ -114,6 +114,15 @@ func NewCreateClusterRequest(request *Request) (*container.CreateClusterRequest,
 					},
 					Config: &container.NodeConfig{
 						MachineType: request.NodeType,
+						// The set of Google API scopes to be made available on all
+						// of the node VMs under the "default" service account.
+						// If unspecified, no scopes are added, unless Cloud Logging or
+						// Cloud Monitoring are enabled, in which case their required
+						// scopes will be added.
+						// `https://www.googleapis.com/auth/devstorage.read_only` is required
+						// for communicating with **gcr.io**, and it's included in cloud-platform scope.
+						// TODO(chizhg): give more fine granular scope based on the actual needs.
+						OauthScopes: []string{container.CloudPlatformScope},
 					},
 				},
 			},
diff --git a/testutils/clustermanager/e2e-tests/gke_test.go b/testutils/clustermanager/e2e-tests/gke_test.go
index bbeb4b54e..f05b28248 100644
--- a/testutils/clustermanager/e2e-tests/gke_test.go
+++ b/testutils/clustermanager/e2e-tests/gke_test.go
@@ -600,7 +600,7 @@ func TestAcquire(t *testing.T) {
 					{
 						Name:             "default-pool",
 						InitialNodeCount: DefaultGKEMinNodes,
-						Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+						Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 						Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 					},
 				},
@@ -630,7 +630,7 @@ func TestAcquire(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -657,7 +657,7 @@ func TestAcquire(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -698,7 +698,7 @@ func TestAcquire(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -724,7 +724,7 @@ func TestAcquire(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -752,7 +752,7 @@ func TestAcquire(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -779,7 +779,7 @@ func TestAcquire(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -818,7 +818,7 @@ func TestAcquire(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -846,7 +846,7 @@ func TestAcquire(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -872,7 +872,7 @@ func TestAcquire(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -897,7 +897,7 @@ func TestAcquire(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -1080,7 +1080,7 @@ func TestDelete(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},
@@ -1171,7 +1171,7 @@ func TestDelete(t *testing.T) {
 						{
 							Name:             "default-pool",
 							InitialNodeCount: DefaultGKEMinNodes,
-							Config:           &container.NodeConfig{MachineType: "n1-standard-4"},
+							Config:           &container.NodeConfig{MachineType: "n1-standard-4", OauthScopes: []string{container.CloudPlatformScope}},
 							Autoscaling:      &container.NodePoolAutoscaling{Enabled: true, MaxNodeCount: 3, MinNodeCount: 1},
 						},
 					},