GCP OAuth 2.0

This guide demonstrates a basic GCP driver setup: a single inventory namespace is populated with servers having been authorised via GCP OAuth 2.0 (configure GCP using OAuth 2.0).

For further configuration details, please refer to the documentation.

Directory structure

.
├── .gauth
│   └── your-secrets-file.json
└── bcome
    └── networks.yml

The networks.yml file contains your network configuration, whilst ‘your-secrets-file.json’ contains your OAuth 2.0 application secrets.

Note

Any user requiring use of your OAuth 2.0 application will need the OAuth 2.0 application secrets.

Bcome will trigger an OAuth 2.0 authentication process with first usage (or should the access tokens returned from the OAuth 2.0 process have expired or been invalidated).

Warning

Access tokens are saved to the .gauth directory, the contents of which should not be added to source control.

Network Configuration

The networks.yml configuration is simple:

---
wbz:
  type: inventory
  description: Entire WBZ estate

  network:
    type: gcp
    project: wbznet
    zone: europe-west1-b
    authentication_scheme: oauth
    secrets_filename: your-secrets-file.json
    service_scopes:
    - https://www.googleapis.com/auth/compute.readonly
    - https://www.googleapis.com/auth/cloud-platform
    filters: status:running

  ssh_settings:
    proxy:
      - host_lookup: by_bcome_namespace
        namespace: bastion

Note

For a full list of namespace attributes see namespace attributes.

Ascii Cast

The following Ascii Cast illustrates the above configuration:

Note

To replay this Asciicast in your own terminal, install the asciinema package from https://asciinema.org/, and then enter the following in your terminal:

asciinema play https://asciinema.org/a/iskFuzue4LzAx6LIV9l44JGuy