`Credential type 'accesstoken' not implemented` error

[kazcrn-omnisend]

SUMMARY

I'm setting up GitHub action to run ansible playbook/inventory utilizing GCP Workload identity. It seems I can get access_token from WI, but gcp_compute does not recognize this auth_kind env variable

ISSUE TYPE

• Bug Report

COMPONENT NAME

gcp_compute plugin

ANSIBLE VERSION

ansible 2.9.6
  config file = /tmp/github-runner-dind/ansible-runner/ansible-runner/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.8.10 (default, May 26 2023, 14:05:08) [GCC 9.4.0]

COLLECTION VERSION

1.2.0

CONFIGURATION

INVENTORY_ENABLED(/tmp/github-runner-dind/ansible-runner/ansible-runner/ansible.cfg) = ['gcp_compute']

OS / ENVIRONMENT

we use this img - myoung34/github-runner:latest It is based on ubuntu focal

STEPS TO REPRODUCE

I have configured minimal github workflow:

name: ansible-runner
on:
  workflow_dispatch:
jobs:
  build:
    runs-on: development-dind
    permissions:
      contents: 'read'
      id-token: 'write'
    steps:
      - uses: actions/checkout@v3
      - name: Authenticate to Google Cloud
        id: auth
        uses: google-github-actions/auth@v0.4.0
        with:
          token_format: 'access_token'
          workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER_GH_DEVELOPMENT }}
          service_account: ansible-runner@---HIDDEN---.iam.gserviceaccount.com

      - name: Install dependencies
        run: apt-get install ansible python3-requests python3-google-auth -y

      - name: test run
        env:
          GCP_ACCESS_TOKEN: "${{ steps.auth.outputs.access_token }}"
          GCP_AUTH_KIND: "accesstoken"
        run: ansible-inventory -i inventory/development --list

I have used env variables to set auth_kind and access_token parameters, so inventory file looks like this:

---
plugin: gcp_compute
projects:
  - ---HIDDEN---
filters:
  - name = development-mongodb-c1-*
groups:
  mongod: name.startswith('development-mongodb-c1-s')
  mongoc: name.startswith('development-mongodb-c1-config-')
  mongos: name.startswith('development-mongodb-c1-mongos-n1-')
hostnames:
  - name
keyed_groups:
  - prefix: zone
    key: zone|last
  - prefix: mongod
    key: name.split("-")[3]
compose:
  ansible_host: name

ansible-inventory -i inventory/development --list

EXPECTED RESULTS

Expected to have ansible inventory listed

ACTUAL RESULTS

Run ansible-inventory -i inventory/development --list
  ansible-inventory -i inventory/development --list
  shell: /usr/bin/bash -e {0}
  env:
    CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE: /tmp/github-runner-dind/_temp/059aac5e8bd158dc89[2]...
    GOOGLE_APPLICATION_CREDENTIALS: /tmp/github-runner-dind/_temp/0[5](---HIDDEN---)9aac5e8bd158dc89205113
    CLOUDSDK_PROJECT: ---HIDDEN---
    CLOUDSDK_CORE_PROJECT: ---HIDDEN---
    GCP_PROJECT: ---HIDDEN---
    GCLOUD_PROJECT: ---HIDDEN---
    GOOGLE_CLOUD_PROJECT: ---HIDDEN---
    GCP_ACCESS_TOKEN: ***
    GCP_AUTH_KIND: accesstoken
Warning: :  * Failed to parse /tmp/github-runner-dind/ansible-runner/ansible-
runner/inventory/development/inventory.gcp.yaml with gcp_compute plugin:
Credential type 'accesstoken' not implemented
Warning: : Unable to parse /tmp/github-runner-dind/ansible-runner/ansible-
runner/inventory/development/inventory.gcp.yaml as an inventory source
Warning: : Unable to parse /tmp/github-runner-dind/ansible-runner/ansible-
runner/inventory/development as an inventory source
Warning: : No inventory was parsed, only implicit localhost is available
{
    "_meta": {
        "hostvars": {}
    },
    "all": {
        "children": [
            "ungrouped"
        ]
    }
}

[kazcrn-omnisend]

FYI works correctly with ansible 2.10