gcp_iam_service_account_key – Creates a GCP ServiceAccountKey
New in version 2.8.
Synopsis
- A service account in the Identity and Access Management API.
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| auth_kind string / required |
| The type of credential used. |
| key_algorithm - |
| Specifies the algorithm for the key. |
| path - | The full name of the file that will hold the service account private key. The management of this file will depend on the value of sync_file parameter. File path must be absolute. | |
| private_key_type - |
| Output format for the service account key. |
| project string | The Google Cloud Platform project to use. | |
| scopes list | Array of scopes to be used. | |
| service_account - | The name of the serviceAccount. This field represents a link to a ServiceAccount resource in GCP. It can be specified in two ways. First, you can place a dictionary with key 'name' and value of your resource's name Alternatively, you can add `register: name-of-resource` to a gcp_iam_service_account task and then set this service_account field to "{{ name-of-resource }}" | |
| service_account_contents string | A string representing the contents of a Service Account JSON file. This should not be passed in as a dictionary, but a string that has the exact contents of a service account json file (valid JSON) | |
| service_account_email string | An optional service account email address if machineaccount is selected and the user does not wish to use the default email. | |
| service_account_file path | The path of a Service Account JSON file if serviceaccount is selected as type. | |
| state - |
| Whether the given object should exist in GCP |
Notes
Note
- For authentication, you can set service_account_file using the
GCP_SERVICE_ACCOUNT_FILEenv variable. - For authentication, you can set service_account_email using the
GCP_SERVICE_ACCOUNT_EMAILenv variable. - For authentication, you can set service_account_contents using the
GCP_SERVICE_ACCOUNT_CONTENTSenv variable. - For authentication, you can set auth_kind using the
GCP_AUTH_KINDenv variable. - For authentication, you can set scopes using the
GCP_SCOPESenv variable. - Environment variables values will only be used if the playbook values are not set.
- The service_account_email and service_account_file options are mutually exclusive.
Examples
- name: create a service account
gcp_iam_service_account:
name: test-ansible@graphite-playground.google.com.iam.gserviceaccount.com
display_name: My Ansible test key
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: serviceaccount
- name: create a service account key
gcp_iam_service_account_key:
service_account: "{{ serviceaccount }}"
private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE
path: "~/test_account.json"
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| keyAlgorithm string | success | Specifies the algorithm for the key. |
| name string | success | The name of the key. |
| path string | success | The full name of the file that will hold the service account private key. The management of this file will depend on the value of sync_file parameter. File path must be absolute. |
| privateKeyData string | success | Private key data. Base-64 encoded. |
| privateKeyType string | success | Output format for the service account key. |
| publicKeyData string | success | Public key data. Base-64 encoded. |
| serviceAccount dictionary | success | The name of the serviceAccount. |
| validAfterTime string | success | Key can only be used after this time. |
| validBeforeTime string | success | Key can only be used before this time. |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Google Inc. (@googlecloudplatform)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/gcp_iam_service_account_key_module.html