-
Notifications
You must be signed in to change notification settings - Fork 899
/
google_credential.rb
51 lines (44 loc) · 1.66 KB
/
google_credential.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
module Ansible
class Runner
class GoogleCredential < Credential
def self.auth_type
"ManageIQ::Providers::EmbeddedAnsible::AutomationManager::GoogleCredential"
end
# Modeled off of gce injectors for awx:
#
# https://github.com/ansible/awx/blob/1242ee2b/awx/main/models/credential/injectors.py#L18-L42
#
def env_vars
{
"GCE_EMAIL" => auth.userid || "",
"GCE_PROJECT" => auth.project || "",
"GCE_CREDENTIALS_FILE_PATH" => gce_credentials_file
}
end
def write_config_files
write_gce_credentials_file
end
private
def write_gce_credentials_file
json_data = {
:type => "service_account",
:private_key => auth.auth_key || "",
:client_email => auth.userid || "",
:project_id => auth.project || "",
:auth_uri => "https://accounts.google.com/o/oauth2/auth",
:token_uri => "https://oauth2.googleapis.com/token",
:auth_provider_x509_cert_url => "https://www.googleapis.com/oauth2/v1/certs"
}
if auth.userid.present?
client_x509_cert_url = "https://www.googleapis.com/robot/v1/metadata/x509/#{CGI.escape(auth.userid)}"
json_data[:client_x509_cert_url] = client_x509_cert_url
end
File.write(gce_credentials_file, json_data.to_json)
File.chmod(0o0600, gce_credentials_file)
end
def gce_credentials_file
File.join(base_dir, "gce_credentials")
end
end
end
end