GCP OAuth 2.0¶
This guide demonstrates a basic GCP driver setup: a single inventory namespace is populated with servers having been authorised via GCP OAuth 2.0 (configure GCP using OAuth 2.0).
For further configuration details, please refer to the documentation.
. ├── .gauth │ └── your-secrets-file.json └── bcome └── networks.yml
The networks.yml file contains your network configuration, whilst ‘your-secrets-file.json’ contains your OAuth 2.0 application secrets.
Any user requiring use of your OAuth 2.0 application will need the OAuth 2.0 application secrets.
Bcome will trigger an OAuth 2.0 authentication process with first usage (or should the access tokens returned from the OAuth 2.0 process have expired or been invalidated).
Access tokens are saved to the .gauth directory, the contents of which should not be added to source control.
The networks.yml configuration is simple:
--- wbz: type: inventory description: Entire WBZ estate network: type: gcp project: wbznet zone: europe-west1-b authentication_scheme: oauth secrets_filename: your-secrets-file.json service_scopes: - https://www.googleapis.com/auth/compute.readonly - https://www.googleapis.com/auth/cloud-platform filters: status:running ssh_settings: proxy: - host_lookup: by_bcome_namespace namespace: bastion
For a full list of namespace attributes see namespace attributes.