Try SpotterCreates a GCP ServiceAccountKey
Authors: Google Inc. (@googlecloudplatform)
preview | supported by community
Install with ansible-galaxy collection install delowan.googlecloud:==1.0.2
collections:
- name: delowan.googlecloud
version: 1.0.2A service account in the Identity and Access Management API.
- name: create a service account
google.cloud.gcp_iam_service_account:
name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com
display_name: My Ansible test key
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: serviceaccount
- name: create a service account key
google.cloud.gcp_iam_service_account_key:
service_account: "{{ serviceaccount }}"
private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE
path: "~/test_account.json"
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
path:
description:
- The full name of the file that will hold the service account private key. The management
of this file will depend on the value of sync_file parameter.
- File path must be absolute.
required: false
type: path
state:
choices:
- present
- absent
default: present
description:
- Whether the given object should exist in GCP
type: str
scopes:
description:
- Array of scopes to be used
elements: str
type: list
project:
description:
- The Google Cloud Platform project to use.
type: str
env_type:
description:
- Specifies which Ansible environment you're running this module within.
- This should not be set unless you know what you're doing.
- This only alters the User Agent string for any API requests.
type: str
auth_kind:
choices:
- application
- machineaccount
- serviceaccount
description:
- The type of credential used.
required: true
type: str
key_algorithm:
description:
- Specifies the algorithm for the key.
- 'Some valid choices include: "KEY_ALG_UNSPECIFIED", "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048"'
required: false
type: str
service_account:
description:
- The name of the serviceAccount.
- 'This field represents a link to a ServiceAccount resource in GCP. It can be specified
in two ways. First, you can place a dictionary with key ''name'' and value of your
resource''s name Alternatively, you can add `register: name-of-resource` to a gcp_iam_service_account
task and then set this service_account field to "{{ name-of-resource }}"'
required: false
type: dict
private_key_type:
description:
- Output format for the service account key.
- 'Some valid choices include: "TYPE_UNSPECIFIED", "TYPE_PKCS12_FILE", "TYPE_GOOGLE_CREDENTIALS_FILE"'
required: false
type: str
service_account_file:
description:
- The path of a Service Account JSON file if serviceaccount is selected as type.
type: path
service_account_email:
description:
- An optional service account email address if machineaccount is selected and the
user does not wish to use the default email.
type: str
service_account_contents:
description:
- The contents of a Service Account JSON file, either in a dictionary or as a JSON
string that represents it.
type: jsonarg
keyAlgorithm:
description:
- Specifies the algorithm for the key.
returned: success
type: str
keyType:
description:
- Specifies the type of the key. Possible values include KEY_TYPE_UNSPECIFIED, USER_MANAGED
and SYSTEM_MANAGED .
returned: success
type: str
name:
description:
- The name of the key.
returned: success
type: str
path:
description:
- The full name of the file that will hold the service account private key. The
management of this file will depend on the value of sync_file parameter.
- File path must be absolute.
returned: success
type: str
privateKeyData:
description:
- Private key data. Base-64 encoded.
returned: success
type: str
privateKeyType:
description:
- Output format for the service account key.
returned: success
type: str
publicKeyData:
description:
- Public key data. Base-64 encoded.
returned: success
type: str
serviceAccount:
description:
- The name of the serviceAccount.
returned: success
type: dict
validAfterTime:
description:
- Key can only be used after this time.
returned: success
type: str
validBeforeTime:
description:
- Key can only be used before this time.
returned: success
type: str