copy_service_account_key
Copy the service account key to the chrome-bot home directory.
Does this safely by extracting the files from berglas to temp files, copying them over, and then deleting the temp files.
Loads the common key.json
file from berglas and copies them over to the target machine. See //kube/secrets for more details on berglas and Skia secrets.
The key is stored as a kubernetes secret in berglas secrets for the cluster etc
and the secret name skolo-bot-service-account
.
You can see this secret in the list of all secrets for the etc
cluster:
$ ../../kube/secrets/list-secrets-by-cluster.sh etc skolo-service-accounts skolo-bot-service-account skia-rpi-adb-key k3s-node-token authorized_keys ansible-secret-vars
The file is copied into $HOME/.config/gcloud/application_default_credentials.json
so that client libraries can find and use this by default.
This role uses the skolo_account
variable defined in //skolo/ansible/group_vars/all.yml
and potentially overridden in hosts.ini
.
The secrets.yml
is only put in a temp file long enough to be copied to the target machine, then the temp file is removed by the clean_up_tempfile
handler.
- hosts: '{{ variable_hosts }}' roles: - copy_adbkey