Add support for scope aliases to google_container_cluster

builtin/providers/google/resource_container_cluster.go

@@ -223,10 +223,15 @@ func resourceContainerCluster() *schema.Resource {
 
 						"oauth_scopes": &schema.Schema{
 							Type:     schema.TypeList,
-							Elem:     &schema.Schema{Type: schema.TypeString},
 							Optional: true,
 							Computed: true,
 							ForceNew: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+								StateFunc: func(v interface{}) string {
+									return canonicalizeServiceScope(v.(string))
+								},
+							},
 						},
 					},
 				},
@@ -340,7 +345,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
 			scopesList := v.([]interface{})
 			scopes := []string{}
 			for _, v := range scopesList {
-				scopes = append(scopes, v.(string))
+				scopes = append(scopes, canonicalizeServiceScope(v.(string)))
 			}
 
 			cluster.NodeConfig.OauthScopes = scopes

builtin/providers/google/resource_container_cluster_test.go

@@ -43,6 +43,23 @@ func TestAccContainerCluster_withNodeConfig(t *testing.T) {
 	})
 }
 
+func TestAccContainerCluster_withNodeConfigScopeAlias(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckContainerClusterDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccContainerCluster_withNodeConfigScopeAlias,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckContainerClusterExists(
+						"google_container_cluster.with_node_config_scope_alias"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccContainerCluster_network(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -144,6 +161,24 @@ resource "google_container_cluster" "with_node_config" {
 	}
 }`, acctest.RandString(10))
 
+var testAccContainerCluster_withNodeConfigScopeAlias = fmt.Sprintf(`
+resource "google_container_cluster" "with_node_config_scope_alias" {
+	name = "cluster-test-%s"
+	zone = "us-central1-f"
+	initial_node_count = 1
+
+	master_auth {
+		username = "mr.yoda"
+		password = "adoy.rm"
+	}
+
+	node_config {
+		machine_type = "g1-small"
+		disk_size_gb = 15
+		oauth_scopes = [ "compute-rw", "storage-ro", "logging-write", "monitoring" ]
+	}
+}`, acctest.RandString(10))
+
 var testAccContainerCluster_networkRef = fmt.Sprintf(`
 resource "google_compute_network" "container_network" {
 	name = "container-net-%s"

website/source/docs/providers/google/r/container_cluster.html.markdown

@@ -100,13 +100,16 @@ which the cluster's instances are launched
     in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
 
 * `oauth_scopes` - (Optional) The set of Google API scopes to be made available
-    on all of the node VMs under the "default" service account. The following
+    on all of the node VMs under the "default" service account. These can be
-    scopes are necessary to ensure the correct functioning of the cluster:
+    either FQDNs, or scope aliases. The following scopes are necessary to ensure
+    the correct functioning of the cluster:
 
-  * `https://www.googleapis.com/auth/compute`
+  * `compute-rw` (`https://www.googleapis.com/auth/compute`)
-  * `https://www.googleapis.com/auth/devstorage.read_only`
+  * `storage-ro` (`https://www.googleapis.com/auth/devstorage.read_only`)
-  * `https://www.googleapis.com/auth/logging.write` (if `logging_service` points to Google)
+  * `logging-write` (`https://www.googleapis.com/auth/logging.write`),
-  * `https://www.googleapis.com/auth/monitoring` (if `monitoring_service` points to Google)
+    if `logging_service` points to Google
+  * `monitoring` (`https://www.googleapis.com/auth/monitoring`),
+    if `monitoring_service` points to Google
 
 **Addons Config** supports the following addons: