CODEWITHSUNDEEP
google-cloud-platformansiblegoogle-iamansible-tower
Sc.Shenoy
Sc.Shenoy

Reputation: 23

Ansible to bind custom role or permissions to GCP IAM

Im wondering if there is a way to bind a custom role to a GCP IAM user via Ansible.

I have a playbook that creates a custom role successfully and another that creates a service account separately but the latter does not have fields for permissions. Also, I cannot find any modules that are related to creating a policy like they have for AWS here (https://docs.ansible.com/ansible/latest/modules/list_of_all_modules.html).

These playbooks run on tower if it makes a difference. I understand this can be done with terraform templates but there is a cases for me where i would have to try and do it all via ansible. Wanted to see if this is explored. Searching shows more aws oriented things with policies playbooks and such.

Thanks in advance..

Sample playbook i have is:

- name: create a role
      gcp_iam_role:
        name: myCustomRole1
        title: custom_role_ansible_1
        description: Custom role test 1
        included_permissions:
          - storage.objects.list
          - iam.roles.list
          - iam.roles.create
          - iam.roles.delete
        project: project-name
        state: present

- name: create a service account
  gcp_iam_service_account:
    name: sa-{{ resource_name.split("-")[-1] }}@graphite-playground.google.com.iam.gserviceaccount.com
    display_name: My Ansible test key
    project: project-name
    #auth_kind: serviceaccount
    #service_account_file: "/tmp/auth.pem"
    state: present

Upvotes: 1

Views: 827

Answers (1)

SystemZ
SystemZ

Reputation: 56

This is currently not possible. Before it will be implemented in Ansible-native way, you can use shell workaround.

Source with more details and shell example: https://github.com/ansible-collections/google.cloud/issues/238

Upvotes: 0

Related Questions