jimcarl91:
<#CLGL1N5J7|ansible> @Kalesha Gagguturu is anyone worked with google.cloud.gcp_iam_service_account ansible module ? ?
i’m actually trying to activate a service account using ansible and i’m getting this error : Service Account Email only works with Machine Account-based authentication
Kalesha Gagguturu:
@jimcarl91
I haven’t worked on this, so I don’t have much experience on it.
jimcarl91:
ok thx for your answer … I don’t know if you have any idea on how i can troubleshoot this issue ! … i google it and i didn’t find relevant informations
Kalesha Gagguturu:
https://github.com/ansible/ansible/issues/59147
https://github.com/ansible/ansible/issues/57344
Please check this article once!
jimcarl91:
So it’s means that is a bug actually is not fixed isnt ?
Kalesha Gagguturu:
@jimcarl91
Please try this solution, I hope it should help you.
To use the service account to communicate to Google Cloud all you have to do is to download the JSON file that contains your service account key and change the environment variable of the system to:
For Linux/MacOS:
export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/service-account-file.json"
For Windows:
$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\[FILE_NAME].json"
You can get this key from <https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts?supportedpurview=project>
select the Service Account you require, select JSON type and then click on create. You now have the JSON file containing your key on your machine.
You then run the job with:
--serviceAccount=service-account@my-project.iam.gserviceaccount.com
This flag runs with the service account mail. You can get the service account mail from the IAM panel of the Google Console. Also, remember to give the service account the appropriated roles and permissions