gcp_iam_role – Creates a GCP Role
New in version 2.8.
Synopsis
- A role in the Identity and Access Management API .
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| auth_kind
string / required
|
|
The type of credential used.
|
| description
-
|
Human-readable description for the role.
|
|
| included_permissions
-
|
Names of permissions this role grants when bound in an IAM policy.
|
|
| name
- / required
|
The name of the role.
|
|
| project
string
|
The Google Cloud Platform project to use.
|
|
| scopes
list
|
Array of scopes to be used.
|
|
| service_account_contents
string
|
A string representing the contents of a Service Account JSON file.
This should not be passed in as a dictionary, but a string that has the exact contents of a service account json file (valid JSON)
|
|
| service_account_email
string
|
An optional service account email address if machineaccount is selected and the user does not wish to use the default email.
|
|
| service_account_file
path
|
The path of a Service Account JSON file if serviceaccount is selected as type.
|
|
| stage
-
|
|
The current launch stage of the role.
|
| state
-
|
|
Whether the given object should exist in GCP
|
| title
-
|
A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
|
Notes
Note
- For authentication, you can set service_account_file using the
GCP_SERVICE_ACCOUNT_FILEenv variable. - For authentication, you can set service_account_email using the
GCP_SERVICE_ACCOUNT_EMAILenv variable. - For authentication, you can set service_account_contents using the
GCP_SERVICE_ACCOUNT_CONTENTSenv variable. - For authentication, you can set auth_kind using the
GCP_AUTH_KINDenv variable. - For authentication, you can set scopes using the
GCP_SCOPESenv variable. - Environment variables values will only be used if the playbook values are not set.
- The service_account_email and service_account_file options are mutually exclusive.
Examples
- name: create a role
gcp_iam_role:
name: myCustomRole2
title: My Custom Role
description: My custom role description
included_permissions:
- iam.roles.list
- iam.roles.create
- iam.roles.delete
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| deleted
boolean
|
success |
The current deleted state of the role.
|
| description
string
|
success |
Human-readable description for the role.
|
| includedPermissions
list
|
success |
Names of permissions this role grants when bound in an IAM policy.
|
| name
string
|
success |
The name of the role.
|
| stage
string
|
success |
The current launch stage of the role.
|
| title
string
|
success |
A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Google Inc. (@googlecloudplatform)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/gcp_iam_role_module.html