Description
SUMMARY
Currently, the process to add tags to Google Cloud service accounts using Ansible requires executing gcloud commands to manage tags. We propose a new feature to be added to the Google Collection for Ansible that would allow users to manage tags directly through an Ansible module.
ISSUE TYPE
- Feature Idea
COMPONENT NAME
gcp_iam_tag_service_account
ADDITIONAL INFORMATION
Check if a Tag Key Exists
Verify whether a specific tag key (e.g., InfrastructureProvider) exists for a given project.
Create a Tag Key
If the specified tag key does not exist, allow for its creation within a specified project with a description.
Check or Get Tag Value
Retrieve the tag value associated with a tag key if it exists, such as finding the value for shortName=<Tag_value>.
Create a Tag Value
If the tag value does not exist under the tag key, enable its creation with a description.
Bind Tag to Service Account
Facilitate the binding of a specified tag value to a service account in a manner that permits flexible resource management and automation.
- name: Check if InfrastructureProvider tag key exists
ansible.builtin.command: gcloud resource-manager tags keys list --parent=projects/<project_name> --filter="shortName=InfrastructureProvider" --format="value(name)"
register: tag_key_list
failed_when: false
changed_when: tag_key_list.rc != 0
- name: Display existing tag message
ansible.builtin.debug:
msg: "TagKey 'InfrastructureProvider' already exists."
when: tag_key_list.stdout != ""
- name: Get the tag value name where shortName is <Tag_value>
ansible.builtin.command: gcloud resource-manager tags values list --parent=tagKeys/<key_unique_ID> --filter="shortName=<Tag_value>" --format="value(name)"
register: tag_value_list
failed_when: false
changed_when: tag_value_list.rc != 0
when: tag_key_list.stdout != ""
- name: Set tagValues name if tag key exists
ansible.builtin.set_fact:
tag_value_name: "{{ tag_value_list.stdout }}"
when: tag_key_list.stdout != ""
- name: Create InfrastructureProvider tag if it doesn't exist
ansible.builtin.command: gcloud resource-manager tags keys create InfrastructureProvider --parent=projects/<projetc_name> --description="InfrastructureProvider tag"
register: tag_key_create
when: tag_key_list.stdout == ""
changed_when: tag_key_create.rc != 0
- name: Set tagKeys value
ansible.builtin.set_fact:
tag_key_name: "{{ item.split(': ')[1] }}"
loop: "{{ tag_key_create.stdout_lines | d([]) }}"
when:
- "'tagKeys' in item"
- tag_key_list.stdout == ""
- name: Create InfrastructureProvider tag value
ansible.builtin.command: gcloud resource-manager tags values create "<Tag_value>" --parent={{ tag_key_name }} --description="InfrastructureProvider tag value"
register: tag_value_create
when: tag_key_list.stdout == ""
changed_when: tag_value_create.rc != 0
- name: Set tagValues value
ansible.builtin.set_fact:
tag_value_name: "{{ item.split(': ')[1] }}"
loop: "{{ tag_value_create.stdout_lines | d([]) }}"
when:
- "'tagValues' in item"
- tag_value_create.stdout_lines is defined
- name: Bind InfrastructureProvider tag to infra service account
ansible.builtin.command: 'gcloud resource-manager tags bindings create --tag-value={{ tag_value_name }} --parent=//iam.googleapis.com/projects/{{ customer_cloud_provider.account_data.gcp_project }}/serviceAccounts/infra-{{ service_account_email }}'
register: infra_bind_output
#when: tag_key_list.stdout == ""
changed_when: infra_bind_output.rc != 0