Creating Service Accounts (#125)

/cc @rambleraptor
2025-07-27 23:21:31 -07:00 · 2018-11-05 11:35:37 -08:00 · 2018-11-05 11:35:37 -08:00 · ff78ac3b85
commit ff78ac3b85
parent 8dbbba47cc
4 changed files with 72 additions and 56 deletions
--- a/plugins/modules/gcp_iam_service_account.py
+++ b/plugins/modules/gcp_iam_service_account.py
@ -18,14 +18,15 @@
 # ----------------------------------------------------------------------------
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 ################################################################################
 # Documentation
 ################################################################################
-ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ["preview"], 'supported_by': 'community'}
+ANSIBLE_METADATA = {'metadata_version': '1.1',
                    'status': ["preview"],
                    'supported_by': 'community'}
 DOCUMENTATION = '''
 ---
@ -61,12 +62,12 @@ extends_documentation_fragment: gcp
 EXAMPLES = '''
 - name: create a service account
  gcp_iam_service_account:
-    name: "{{ sa_name }}"
+      name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com
-    display_name: My Ansible test key
+      display_name: My Ansible test key
-    project: test_project
+      project: "test_project"
-    auth_kind: serviceaccount
+      auth_kind: "serviceaccount"
-    service_account_file: "/tmp/auth.pem"
+      service_account_file: "/tmp/auth.pem"
-    state: present
+      state: present
 '''
 RETURN = '''
@ -118,7 +119,11 @@ def main():
    """Main function"""
    module = GcpModule(
-        argument_spec=dict(state=dict(default='present', choices=['present', 'absent'], type='str'), name=dict(type='str'), display_name=dict(type='str'))
+        argument_spec=dict(
            state=dict(default='present', choices=['present', 'absent'], type='str'),
            name=dict(type='str'),
            display_name=dict(type='str')
        )
    )
    if not module.params['scopes']:
@ -167,11 +172,14 @@ def delete(module, link):
 def resource_to_request(module):
-    request = {u'name': module.params.get('name'), u'displayName': module.params.get('display_name')}
+    request = {
        u'name': module.params.get('name'),
        u'displayName': module.params.get('display_name')
    }
    request = encode_request(request, module)
    return_vals = {}
    for k, v in request.items():
-        if v or v is False:
+        if v:
            return_vals[k] = v
    return return_vals
@ -202,8 +210,8 @@ def return_if_object(module, response, allow_not_found=False):
    try:
        module.raise_for_status(response)
        result = response.json()
-    except getattr(json.decoder, 'JSONDecodeError', ValueError):
+    except getattr(json.decoder, 'JSONDecodeError', ValueError) as inst:
-        module.fail_json(msg="Invalid JSON response with error: %s" % response.text)
+        module.fail_json(msg="Invalid JSON response with error: %s" % inst)
    result = decode_response(result, module)
@ -241,7 +249,7 @@ def response_to_hash(module, response):
        u'uniqueId': response.get(u'uniqueId'),
        u'email': response.get(u'email'),
        u'displayName': response.get(u'displayName'),
-        u'oauth2ClientId': response.get(u'oauth2ClientId'),
+        u'oauth2ClientId': response.get(u'oauth2ClientId')
    }
@ -249,7 +257,10 @@ def encode_request(resource_request, module):
    """Structures the request as accountId + rest of request"""
    account_id = resource_request['name'].split('@')[0]
    del resource_request['name']
-    return {'accountId': account_id, 'serviceAccount': resource_request}
+    return {
        'accountId': account_id,
        'serviceAccount': resource_request
    }
 def decode_response(response, module):
--- a/plugins/modules/gcp_iam_service_account_facts.py
+++ b/plugins/modules/gcp_iam_service_account_facts.py
@ -18,14 +18,15 @@
 # ----------------------------------------------------------------------------
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type
 ################################################################################
 # Documentation
 ################################################################################
-ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ["preview"], 'supported_by': 'community'}
+ANSIBLE_METADATA = {'metadata_version': '1.1',
                    'status': ["preview"],
                    'supported_by': 'community'}
 DOCUMENTATION = '''
 ---
@ -44,12 +45,11 @@ extends_documentation_fragment: gcp
 '''
 EXAMPLES = '''
- name: " a service account facts"
+- name:  a service account facts
  gcp_iam_service_account_facts:
-    project: test_project
+      project: test_project
-    auth_kind: serviceaccount
+      auth_kind: serviceaccount
-    service_account_file: "/tmp/auth.pem"
+      service_account_file: "/tmp/auth.pem"
    state: facts
 '''
 RETURN = '''
@ -102,7 +102,10 @@ import json
 def main():
-    module = GcpModule(argument_spec=dict())
+    module = GcpModule(
        argument_spec=dict(
        )
    )
    if not module.params['scopes']:
        module.params['scopes'] = ['https://www.googleapis.com/auth/iam']
@ -112,7 +115,9 @@ def main():
        items = items.get('items')
    else:
        items = []
-    return_value = {'items': items}
+    return_value = {
        'items': items
    }
    module.exit_json(**return_value)
--- a/tests/integration/gcp_iam_service_account/defaults/main.yml
+++ b/tests/integration/gcp_iam_service_account/defaults/main.yml
@ -1,3 +1,3 @@
 ---
-resource_name: "{{ resource_prefix }}"
+# defaults file
-sa_name: sa-{{ 100000 | random }}@graphite-playground.google.com.iam.gserviceaccount.com
+resource_name: '{{resource_prefix}}'
--- a/tests/integration/gcp_iam_service_account/tasks/main.yml
+++ b/tests/integration/gcp_iam_service_account/tasks/main.yml
@ -15,21 +15,21 @@
 # Pre-test setup
 - name: delete a service account
  gcp_iam_service_account:
-    name: "{{ sa_name }}"
+      name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com
-    display_name: My Ansible test key
+      display_name: My Ansible test key
-    project: "{{ gcp_project }}"
+      project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+      auth_kind: "{{ gcp_cred_kind }}"
-    service_account_file: "{{ gcp_cred_file }}"
+      service_account_file: "{{ gcp_cred_file }}"
-    state: absent
+      state: absent
 #----------------------------------------------------------
 - name: create a service account
  gcp_iam_service_account:
-    name: "{{ sa_name }}"
+      name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com
-    display_name: My Ansible test key
+      display_name: My Ansible test key
-    project: "{{ gcp_project }}"
+      project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+      auth_kind: "{{ gcp_cred_kind }}"
-    service_account_file: "{{ gcp_cred_file }}"
+      service_account_file: "{{ gcp_cred_file }}"
-    state: present
+      state: present
  register: result
 - name: assert changed is true
  assert:
@ -50,12 +50,12 @@
 # ----------------------------------------------------------------------------
 - name: create a service account that already exists
  gcp_iam_service_account:
-    name: "{{ sa_name }}"
+      name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com
-    display_name: My Ansible test key
+      display_name: My Ansible test key
-    project: "{{ gcp_project }}"
+      project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+      auth_kind: "{{ gcp_cred_kind }}"
-    service_account_file: "{{ gcp_cred_file }}"
+      service_account_file: "{{ gcp_cred_file }}"
-    state: present
+      state: present
  register: result
 - name: assert changed is false
  assert:
@ -64,12 +64,12 @@
 #----------------------------------------------------------
 - name: delete a service account
  gcp_iam_service_account:
-    name: "{{ sa_name }}"
+      name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com
-    display_name: My Ansible test key
+      display_name: My Ansible test key
-    project: "{{ gcp_project }}"
+      project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+      auth_kind: "{{ gcp_cred_kind }}"
-    service_account_file: "{{ gcp_cred_file }}"
+      service_account_file: "{{ gcp_cred_file }}"
-    state: absent
+      state: absent
  register: result
 - name: assert changed is true
  assert:
@ -90,12 +90,12 @@
 # ----------------------------------------------------------------------------
 - name: delete a service account that does not exist
  gcp_iam_service_account:
-    name: "{{ sa_name }}"
+      name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com
-    display_name: My Ansible test key
+      display_name: My Ansible test key
-    project: "{{ gcp_project }}"
+      project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+      auth_kind: "{{ gcp_cred_kind }}"
-    service_account_file: "{{ gcp_cred_file }}"
+      service_account_file: "{{ gcp_cred_file }}"
-    state: absent
+      state: absent
  register: result
 - name: assert changed is false
  assert: