@@ -72,6 +72,17 @@ resource "google_dataproc_cluster" "mycluster" {
7272 gce_cluster_config {
7373 #network = "${google_compute_network.dataproc_network.name}"
7474 tags = ["foo", "bar"]
75+ service_account_scopes = [
76+ # User supplied scopes
77+ "https://www.googleapis.com/auth/monitoring",
78+
79+ # The following scopes necessary for the cluster to function properly are
80+ # always added, even if not explicitly specified:
81+ # useraccounts-ro: https://www.googleapis.com/auth/cloud.useraccounts.readonly
82+ # storage-rw: https://www.googleapis.com/auth/devstorage.read_write
83+ # logging-write: https://www.googleapis.com/auth/logging.write
84+ "useraccounts-ro","storage-rw","logging-write"
85+ ]
7586 }
7687
7788 # You can define multiple initialization_action blocks
@@ -209,10 +220,11 @@ The `cluster_config.gce_cluster_config` block supports:
209220* ` service_account ` - (Optional) The service account to be used by the Node VMs.
210221 If not specified, the "default" service account is used.
211222
212- * ` service_account_scopes ` - (Optional, Computed) The set of Google API scopes to be made available
213- on all of the node VMs under the `service_account` specified. These can be
214- either FQDNs, or scope aliases. The following scopes are necessary to ensure
215- the correct functioning of the cluster:
223+ * ` service_account_scopes ` - (Optional, Computed) The set of Google API scopes
224+ to be made available on all of the node VMs under the ` service_account `
225+ specified. These can be either FQDNs, or scope aliases. The following scopes
226+ must be set if any other scopes are set. They're necessary to ensure the
227+ correct functioning ofthe cluster, and are set automatically by the API:
216228
217229 * ` useraccounts-ro ` (` https://www.googleapis.com/auth/cloud.useraccounts.readonly ` )
218230 * ` storage-rw ` (` https://www.googleapis.com/auth/devstorage.read_write ` )
0 commit comments