search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
13.97k stars 3.41k forks source link

GCE Dynamic Inventory with machine auth #4466

Open ai13f opened 5 years ago

ai13f commented 5 years ago
ISSUE TYPE
SUMMARY

GCE Dynamic Inventory should be able to use machineaccount to authenticate. Right now only serviceaccount can be used. https://github.com/ansible/awx/blob/6.1.0/awx/main/models/credential/injectors.py

AlanCoding commented 5 years ago

to clarify, is this use case is only concerned with playbook runs? Is there a coherent way someone would want to import inventory using machineaccount authentication?

ai13f commented 5 years ago

To clarify, the use case would be if you have AWX deployed on a GCE VM, you should be able to use the default authentication from the VM to import the inventory.

Using machineaccount authentication would alleviate the operational overhead of managing and rotating service account private keys.

According to the docs here: https://docs.ansible.com/ansible/latest/scenario_guides/guide_gce.html#providing-credentials-as-environment-variables

auth_kind can be machineaccount, serviceaccount, or application. But from AWX UI only Service Account credentials are allowed.