How can I use Ansible to run playbooks into GCP GCE VMs whilst using the Control Node's GCP account and IAM permissions

Question

I'm trying to SSH into a Compute Engine VM via Ansible, so that I'm able to interact with a GKE Private Cluster. This VM is in an Ansible Dynamic Inventory, and when I say I want to SSH into it, I mean that I want to be able to run an ansible playbook into it, and not explicitly SSH from another machine other than the Control Node.

I am able to SSH into that VM, but, apparently, when I do so, I'm authenticated on the VM with the VM's attached Service Account, and I'd like to use my own GCP account's credentials, [which I am able to do on the Ansible Control Node machine by using gcloud compute ssh, since I'm authenticated with the gcloud CLI on that machine.]* Is there any way that I could use those credentials to SSH into that VM with Ansible?

I am aware that I could just give the VM Service Account the needed IAM roles or use another Service Account, by generating a Service Account Key, copying it to the VM and using the gcloud CLI inside the VM to authenticate with that key, but I'm trying to avoid both of these alternatives for security reasons. Other alternatives are welcome.

*Edit: Apparently, when I SSH via gcloud auth ssh, I am not authenticated as myself. Running gcloud auth list on the VM showed me that the only credentials available inside the VM are the VM's service account.

Edit 2: Included mention to the Dynamic inventory and provided more detailed explanation.

Answer 1

At the moment (Aug 24) I can find no trace of the google-auth role in ansible galaxy. Maybe it's been refactored away. I think most people are generating ssh keys externally.