43 lines
1.2 KiB
Python
43 lines
1.2 KiB
Python
from os.path import join
|
|
from json import dumps
|
|
|
|
service_account = node.metadata.get('gcloud/service_account')
|
|
project = node.metadata.get('gcloud/project')
|
|
|
|
directories[f'/etc/gcloud'] = {
|
|
'purge': True,
|
|
}
|
|
|
|
files['/etc/gcloud/gcloud.json'] = {
|
|
'content': dumps(
|
|
node.metadata.get('gcloud'),
|
|
indent=4,
|
|
sort_keys=True
|
|
),
|
|
}
|
|
|
|
files['/etc/gcloud/service_account.json'] = {
|
|
'content': repo.vault.decrypt_file(
|
|
join(repo.path, 'data', 'gcloud', 'service_accounts', f'{service_account}@{project}.json.enc')
|
|
),
|
|
'mode': '500',
|
|
'needs': [
|
|
'pkg_apt:google-cloud-sdk',
|
|
],
|
|
}
|
|
|
|
actions['gcloud_activate_service_account'] = {
|
|
'command': 'gcloud auth activate-service-account --key-file /etc/gcloud/service_account.json',
|
|
'unless': f"gcloud auth list | grep -q '^\*[[:space:]]*{service_account}@{project}.iam.gserviceaccount.com'",
|
|
'needs': [
|
|
f'file:/etc/gcloud/service_account.json'
|
|
],
|
|
}
|
|
|
|
actions['gcloud_select_project'] = {
|
|
'command': f"gcloud config set project '{project}'",
|
|
'unless': f"gcloud config get-value project | grep -q '^{project}$'",
|
|
'needs': [
|
|
f'action:gcloud_activate_service_account'
|
|
],
|
|
}
|