ansible-collections
Native type of authentication
SUMMARY
Case: The same scripts are used in two different environments:
- in CI/CD environment
- locally on the developers' laptops
Service accounts in the CI/CD environment are used for authorization. This is now supported.
For local use, it is better to use gcloud auth login, because such access is easier to revoke.
Service account management is very expensive to issue to developers.
The suggestion is to use the capabilities of method google.auth.default() by default.
File ~/.config/gcloud/application_default_credentials.json will be used by default.
We can also pass the path to the service account in the environment variable GOOGLE_APPLICATION_CREDENTIALS.
ISSUE TYPE
- Feature Idea
COMPONENT NAME
- gcp_utils.py
ADDITIONAL INFORMATION
Example with auth_kind: native.
The path to the Service Account JSON file is taken from GOOGLE_APPLICATION_CREDENTIALS in a CI/CD environment.
Or a user account via a web-based authorization flow is used for local run.
- name: create a object
google.cloud.gcp_storage_object:
action: download
bucket: ansible-bucket
src: modules.zip
dest: "~/modules.zip"
project: test_project
auth_kind: native
