GCP OAuth 2.0¶
This guide demonstrates a basic GCP driver setup: a single inventory namespace is populated with servers having been authorised via GCP OAuth 2.0 (configure GCP using OAuth 2.0).
For further configuration details, please refer to the documentation.
Directory structure¶
.
├── .gauth
│ └── your-secrets-file.json
└── bcome
└── networks.yml
The networks.yml file contains your network configuration, whilst ‘your-secrets-file.json’ contains your OAuth 2.0 application secrets.
Note
Any user requiring use of your OAuth 2.0 application will need the OAuth 2.0 application secrets.
Bcome will trigger an OAuth 2.0 authentication process with first usage (or should the access tokens returned from the OAuth 2.0 process have expired or been invalidated).
Warning
Access tokens are saved to the .gauth directory, the contents of which should not be added to source control.
Network Configuration¶
The networks.yml configuration is simple:
---
wbz:
type: inventory
description: Entire WBZ estate
network:
type: gcp
project: wbznet
zone: europe-west1-b
authentication_scheme: oauth
secrets_filename: your-secrets-file.json
service_scopes:
- https://www.googleapis.com/auth/compute.readonly
- https://www.googleapis.com/auth/cloud-platform
filters: status:running
ssh_settings:
proxy:
- host_lookup: by_bcome_namespace
namespace: bastion
Note
For a full list of namespace attributes see namespace attributes.
Ascii Cast¶
The following Ascii Cast illustrates the above configuration:
Note
To replay this Asciicast in your own terminal, install the asciinema
package from https://asciinema.org/, and then enter the following in your terminal:
asciinema play https://asciinema.org/a/iskFuzue4LzAx6LIV9l44JGuy