ansible-collections/google.cloud
1
0
Fork 0
mirror of https://github.com/ansible-collections/google.cloud.git synced 2025-04-09 04:10:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Ansible: Service Account Keys (#135)

Browse source 
<!-- This change is generated by MagicModules. -->
/cc @rambleraptor
This commit is contained in:
The Magician 2018-11-29 10:25:17 -08:00 committed by Alex Stephen
parent 1a032af480
commit f70dd0bed8
1 changed files with 30 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
plugins/modules/gcp_iam_service_account_key.py
View file

@ -18,14 +18,15 @@
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
################################################################################ ################################################################################
# Documentation # Documentation
################################################################################ ################################################################################
ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ["preview"], 'supported_by': 'community'} ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ["preview"],
'supported_by': 'community'}
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
@ -67,10 +68,10 @@ options:
description: description:
- The name of the serviceAccount. - The name of the serviceAccount.
- 'This field represents a link to a ServiceAccount resource in GCP. It can be - 'This field represents a link to a ServiceAccount resource in GCP. It can be
specified in two ways. First, you can place a dictionary with key ''name'' and specified in two ways. You can add `register: name-of-resource` to a gcp_iam_service_account
value of your resource''s name Alternatively, you can add `register: name-of-resource` task and then set this service_account field to "{{ name-of-resource }}" Alternatively,
to a gcp_iam_service_account task and then set this service_account field to you can set this service_account to a dictionary with the name key where the
"{{ name-of-resource }}"' value is the name of your ServiceAccount'
required: false required: false
path: path:
description: description:
@ -84,23 +85,23 @@ extends_documentation_fragment: gcp
EXAMPLES = ''' EXAMPLES = '''
- name: create a service account - name: create a service account
gcp_iam_service_account: gcp_iam_service_account:
name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com
display_name: My Ansible test key display_name: My Ansible test key
project: "{{ gcp_project }}" project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}" auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}" service_account_file: "{{ gcp_cred_file }}"
state: present state: present
register: serviceaccount register: serviceaccount
- name: create a service account key - name: create a service account key
gcp_iam_service_account_key: gcp_iam_service_account_key:
service_account: "{{ serviceaccount }}" service_account: "{{ serviceaccount }}"
private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE
path: "~/test_account.json" path: "~/test_account.json"
project: test_project project: "test_project"
auth_kind: serviceaccount auth_kind: "serviceaccount"
service_account_file: "/tmp/auth.pem" service_account_file: "/tmp/auth.pem"
state: present state: present
''' '''
RETURN = ''' RETURN = '''
@ -178,7 +179,7 @@ def main():
private_key_type=dict(type='str', choices=['TYPE_UNSPECIFIED', 'TYPE_PKCS12_FILE', 'TYPE_GOOGLE_CREDENTIALS_FILE']), private_key_type=dict(type='str', choices=['TYPE_UNSPECIFIED', 'TYPE_PKCS12_FILE', 'TYPE_GOOGLE_CREDENTIALS_FILE']),
key_algorithm=dict(type='str', choices=['KEY_ALG_UNSPECIFIED', 'KEY_ALG_RSA_1024', 'KEY_ALG_RSA_2048']), key_algorithm=dict(type='str', choices=['KEY_ALG_UNSPECIFIED', 'KEY_ALG_RSA_1024', 'KEY_ALG_RSA_2048']),
service_account=dict(type='dict'), service_account=dict(type='dict'),
path=dict(type='path'), path=dict(type='path')
) )
) )
@ -220,7 +221,10 @@ def delete(module):
def resource_to_request(module): def resource_to_request(module):
request = {u'privateKeyType': module.params.get('private_key_type'), u'keyAlgorithm': module.params.get('key_algorithm')} request = {
u'privateKeyType': module.params.get('private_key_type'),
u'keyAlgorithm': module.params.get('key_algorithm')
}
return_vals = {} return_vals = {}
for k, v in request.items(): for k, v in request.items():
if v: if v:
@ -239,7 +243,7 @@ def key_name_from_file(filename, module):
try: try:
json_data = json.loads(f.read()) json_data = json.loads(f.read())
return "projects/{project_id}/serviceAccounts/{client_email}/keys/{private_key_id}".format(**json_data) return "projects/{project_id}/serviceAccounts/{client_email}/keys/{private_key_id}".format(**json_data)
except ValueError as inst: except:
module.fail_json(msg="File is not a valid GCP JSON service account key") module.fail_json(msg="File is not a valid GCP JSON service account key")
@ -249,7 +253,10 @@ def self_link_from_file(module):
def self_link(module): def self_link(module):
results = {'project': module.params['project'], 'service_account': replace_resource_dict(module.params['service_account'], 'name')} results = {
'project': module.params['project'],
'service_account': replace_resource_dict(module.params['service_account'], 'name')
}
return "https://iam.googleapis.com/v1/projects/{project}/serviceAccounts/{service_account}/keys".format(**results) return "https://iam.googleapis.com/v1/projects/{project}/serviceAccounts/{service_account}/keys".format(**results)