delowan / delowan.googlecloud / 1.0.2 / module / gcp_iam_service_account_key Creates a GCP ServiceAccountKey Authors: Google Inc. (@googlecloudplatform) preview | supported by communitydelowan.googlecloud.gcp_iam_service_account_key (1.0.2) — module
Install with ansible-galaxy collection install delowan.googlecloud:==1.0.2
collections: - name: delowan.googlecloud version: 1.0.2
A service account in the Identity and Access Management API.
- name: create a service account google.cloud.gcp_iam_service_account: name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com display_name: My Ansible test key project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" state: present register: serviceaccount
- name: create a service account key google.cloud.gcp_iam_service_account_key: service_account: "{{ serviceaccount }}" private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE path: "~/test_account.json" project: test_project auth_kind: serviceaccount service_account_file: "/tmp/auth.pem" state: present
path: description: - The full name of the file that will hold the service account private key. The management of this file will depend on the value of sync_file parameter. - File path must be absolute. required: false type: path state: choices: - present - absent default: present description: - Whether the given object should exist in GCP type: str scopes: description: - Array of scopes to be used elements: str type: list project: description: - The Google Cloud Platform project to use. type: str env_type: description: - Specifies which Ansible environment you're running this module within. - This should not be set unless you know what you're doing. - This only alters the User Agent string for any API requests. type: str auth_kind: choices: - application - machineaccount - serviceaccount description: - The type of credential used. required: true type: str key_algorithm: description: - Specifies the algorithm for the key. - 'Some valid choices include: "KEY_ALG_UNSPECIFIED", "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048"' required: false type: str service_account: description: - The name of the serviceAccount. - 'This field represents a link to a ServiceAccount resource in GCP. It can be specified in two ways. First, you can place a dictionary with key ''name'' and value of your resource''s name Alternatively, you can add `register: name-of-resource` to a gcp_iam_service_account task and then set this service_account field to "{{ name-of-resource }}"' required: false type: dict private_key_type: description: - Output format for the service account key. - 'Some valid choices include: "TYPE_UNSPECIFIED", "TYPE_PKCS12_FILE", "TYPE_GOOGLE_CREDENTIALS_FILE"' required: false type: str service_account_file: description: - The path of a Service Account JSON file if serviceaccount is selected as type. type: path service_account_email: description: - An optional service account email address if machineaccount is selected and the user does not wish to use the default email. type: str service_account_contents: description: - The contents of a Service Account JSON file, either in a dictionary or as a JSON string that represents it. type: jsonarg
keyAlgorithm: description: - Specifies the algorithm for the key. returned: success type: str keyType: description: - Specifies the type of the key. Possible values include KEY_TYPE_UNSPECIFIED, USER_MANAGED and SYSTEM_MANAGED . returned: success type: str name: description: - The name of the key. returned: success type: str path: description: - The full name of the file that will hold the service account private key. The management of this file will depend on the value of sync_file parameter. - File path must be absolute. returned: success type: str privateKeyData: description: - Private key data. Base-64 encoded. returned: success type: str privateKeyType: description: - Output format for the service account key. returned: success type: str publicKeyData: description: - Public key data. Base-64 encoded. returned: success type: str serviceAccount: description: - The name of the serviceAccount. returned: success type: dict validAfterTime: description: - Key can only be used after this time. returned: success type: str validBeforeTime: description: - Key can only be used before this time. returned: success type: str