gcp_iam_role – Creates a GCP Role
New in version 2.8.
Synopsis
- A role in the Identity and Access Management API .
Requirements
The below requirements are needed on the host that executes this module.
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| auth_kind string / required |
| The type of credential used. |
| description - | Human-readable description for the role. | |
| included_permissions - | Names of permissions this role grants when bound in an IAM policy. | |
| name - / required | The name of the role. | |
| project string | The Google Cloud Platform project to use. | |
| scopes list | Array of scopes to be used. | |
| service_account_contents string | A string representing the contents of a Service Account JSON file. This should not be passed in as a dictionary, but a string that has the exact contents of a service account json file (valid JSON) | |
| service_account_email string | An optional service account email address if machineaccount is selected and the user does not wish to use the default email. | |
| service_account_file path | The path of a Service Account JSON file if serviceaccount is selected as type. | |
| stage - |
| The current launch stage of the role. |
| state - |
| Whether the given object should exist in GCP |
| title - | A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes. |
Notes
Note
- For authentication, you can set service_account_file using the
GCP_SERVICE_ACCOUNT_FILEenv variable. - For authentication, you can set service_account_email using the
GCP_SERVICE_ACCOUNT_EMAILenv variable. - For authentication, you can set service_account_contents using the
GCP_SERVICE_ACCOUNT_CONTENTSenv variable. - For authentication, you can set auth_kind using the
GCP_AUTH_KINDenv variable. - For authentication, you can set scopes using the
GCP_SCOPESenv variable. - Environment variables values will only be used if the playbook values are not set.
- The service_account_email and service_account_file options are mutually exclusive.
Examples
- name: create a role
gcp_iam_role:
name: myCustomRole2
title: My Custom Role
description: My custom role description
included_permissions:
- iam.roles.list
- iam.roles.create
- iam.roles.delete
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| deleted boolean | success | The current deleted state of the role. |
| description string | success | Human-readable description for the role. |
| includedPermissions list | success | Names of permissions this role grants when bound in an IAM policy. |
| name string | success | The name of the role. |
| stage string | success | The current launch stage of the role. |
| title string | success | A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes. |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Google Inc. (@googlecloudplatform)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/gcp_iam_role_module.html