copy_service_account_key
Copy the service account key to the chrome-bot home directory.
Does this safely by extracting the files from berglas to temp files, copying them over, and then deleting the temp files.
Loads the common key.json file from berglas and copies them over to the target machine. See //kube/secrets for more details on berglas and Skia secrets.
The key is stored as a kubernetes secret in berglas secrets for the cluster etc and the secret name skolo-bot-service-account.
You can see this secret in the list of all secrets for the etc cluster:
$ ../../kube/secrets/list-secrets-by-cluster.sh etc
skolo-service-accounts
skolo-bot-service-account
skia-rpi-adb-key
k3s-node-token
authorized_keys
ansible-secret-vars
The file is copied into $HOME/.config/gcloud/application_default_credentials.json so that client libraries can find and use this by default.
This role uses the skolo_account variable defined in //skolo/ansible/group_vars/all.yml and potentially overridden in hosts.ini.
The secrets.yml is only put in a temp file long enough to be copied to the target machine, then the temp file is removed by the clean_up_tempfile handler.
- hosts: '{{ variable_hosts }}'
roles:
- copy_adbkey