Try SpotterCreates a GCP SslCert
Authors: Google Inc. (@googlecloudplatform)
preview | supported by community
Install with ansible-galaxy collection install delowan.googlecloud:==1.0.2
collections:
- name: delowan.googlecloud
version: 1.0.2Represents an SSL certificate created for a Cloud SQL instance. To use the SSL certificate you must have the SSL Client Certificate and the associated SSL Client Key. The Client Key can be downloaded only when the SSL certificate is created with the insert method.
- name: create a instance
google.cloud.gcp_sql_instance:
name: "{{resource_name}}-2"
settings:
ip_configuration:
authorized_networks:
- name: google dns server
value: 8.8.8.8/32
tier: db-n1-standard-1
region: us-central1
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: instance
- name: create a SSL cert
google.cloud.gcp_sql_ssl_cert:
common_name: "{{resource_name}}"
instance: "{{instance['name'}}"
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
cert:
description:
- PEM representation of the X.509 certificate.
required: false
type: str
state:
choices:
- present
- absent
default: present
description:
- Whether the given object should exist in GCP
type: str
scopes:
description:
- Array of scopes to be used
elements: str
type: list
project:
description:
- The Google Cloud Platform project to use.
type: str
env_type:
description:
- Specifies which Ansible environment you're running this module within.
- This should not be set unless you know what you're doing.
- This only alters the User Agent string for any API requests.
type: str
instance:
description:
- The name of the Cloud SQL instance. This does not include the project ID.
- 'This field represents a link to a Instance resource in GCP. It can be specified
in two ways. First, you can place a dictionary with key ''name'' and value of your
resource''s name Alternatively, you can add `register: name-of-resource` to a gcp_sql_instance
task and then set this instance field to "{{ name-of-resource }}"'
required: true
type: dict
auth_kind:
choices:
- application
- machineaccount
- serviceaccount
description:
- The type of credential used.
required: true
type: str
common_name:
description:
- User supplied name. Constrained to [a-zA-Z.-_ ]+.
required: false
type: str
create_time:
description:
- The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
required: false
type: str
expiration_time:
description:
- The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.
required: false
type: str
sha1_fingerprint:
description:
- The SHA-1 of the certificate.
required: true
type: str
cert_serial_number:
description:
- Serial number, as extracted from the certificate.
required: false
type: str
service_account_file:
description:
- The path of a Service Account JSON file if serviceaccount is selected as type.
type: path
service_account_email:
description:
- An optional service account email address if machineaccount is selected and the
user does not wish to use the default email.
type: str
service_account_contents:
description:
- The contents of a Service Account JSON file, either in a dictionary or as a JSON
string that represents it.
type: jsonarg
cert: description: - PEM representation of the X.509 certificate. returned: success type: str certSerialNumber: description: - Serial number, as extracted from the certificate. returned: success type: str commonName: description: - User supplied name. Constrained to [a-zA-Z.-_ ]+. returned: success type: str createTime: description: - The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z. returned: success type: str expirationTime: description: - The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z. returned: success type: str instance: description: - The name of the Cloud SQL instance. This does not include the project ID. returned: success type: dict sha1Fingerprint: description: - The SHA-1 of the certificate. returned: success type: str