ansible-collections/google.cloud
1
0
Fork 0
mirror of https://github.com/ansible-collections/google.cloud.git synced 2025-07-28 23:51:32 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Ansible - allowing for creds to be passed in as string/env var (#200)

Browse source 
Signed-off-by: Modular Magician <magic-modules@google.com>
This commit is contained in:
The Magician 2019-03-06 13:54:51 -08:00 committed by Alex Stephen
commit 109b68984e
2 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
plugins/doc_fragment/gcp.py
View file

@ -27,7 +27,11 @@ options:
service_account_file: service_account_file:
description: description:
- The path of a Service Account JSON file if serviceaccount is selected as type. - The path of a Service Account JSON file if serviceaccount is selected as type.
type: path service_account_contents:
description:
- A string representing the contents of a Service Account JSON file.
- This should not be passed in as a dictionary, but a string has
the exact contents of a service account json file (valid JSON).
service_account_email: service_account_email:
description: description:
- An optional service account email address if machineaccount is selected - An optional service account email address if machineaccount is selected
@ -38,8 +42,10 @@ options:
- Array of scopes to be used. - Array of scopes to be used.
type: list type: list
notes: notes:
- For authentication, you can set service_account_file using the - for authentication, you can set service_account_file using the
C(GCP_SERVICE_ACCOUNT_FILE) env variable. c(gcp_service_account_file) env variable.
- for authentication, you can set service_account_contents using the
c(GCP_SERVICE_ACCOUNT_CONTENTS) env variable.
- For authentication, you can set service_account_email using the - For authentication, you can set service_account_email using the
C(GCP_SERVICE_ACCOUNT_EMAIL) env variable. C(GCP_SERVICE_ACCOUNT_EMAIL) env variable.
- For authentication, you can set service_account_contents using the - For authentication, you can set service_account_contents using the

3
plugins/module_utils/gcp_utils.py
View file

@ -158,6 +158,9 @@ class GcpSession(object):
elif cred_type == 'serviceaccount' and self.module.params.get('service_account_file'): elif cred_type == 'serviceaccount' and self.module.params.get('service_account_file'):
path = os.path.realpath(os.path.expanduser(self.module.params['service_account_file'])) path = os.path.realpath(os.path.expanduser(self.module.params['service_account_file']))
return service_account.Credentials.from_service_account_file(path).with_scopes(self.module.params['scopes']) return service_account.Credentials.from_service_account_file(path).with_scopes(self.module.params['scopes'])
elif cred_type == 'serviceaccount' and self.module.params.get('service_account_contents'):
cred = json.loads(self.module.params.get('service_account_contents'))
return service_account.Credentials.from_service_account_info(cred).with_scopes(self.module.params['scopes'])
elif cred_type == 'machineaccount': elif cred_type == 'machineaccount':
return google.auth.compute_engine.Credentials( return google.auth.compute_engine.Credentials(
self.module.params['service_account_email']) self.module.params['service_account_email'])