From 49dc2b51ed865c87a42c0b2c55b9da1f40dcbf62 Mon Sep 17 00:00:00 2001
From: Alexandru Anghel <alexandru.anghel@gmail.com>
Date: Tue, 11 Jun 2019 12:54:01 +0100
Subject: [PATCH] Updates to account for latest GCP changes.

---
 INSTALL_GCE.md       | 27 ++++++++++++++-------------
 inventory/gce/gce.py | 42 ++++++++++++------------------------------
 2 files changed, 26 insertions(+), 43 deletions(-)

diff --git a/INSTALL_GCE.md b/INSTALL_GCE.md
index f587517c..d48ce0b7 100644
--- a/INSTALL_GCE.md
+++ b/INSTALL_GCE.md
@@ -37,7 +37,7 @@ This node must be able to connect to the cluster nodes via SSH and to the Google
    ```
    pip install setuptools --upgrade
    pip install pip --upgrade   
-   pip install ansible apache-libcloud pycrypto
+   pip install ansible apache-libcloud pycrypto requests google-auth
    ```
 
 
@@ -70,7 +70,7 @@ This node must be able to connect to the cluster nodes via SSH and to the Google
    ```
    pip install setuptools --upgrade
    pip install pip --upgrade   
-   pip install ansible apache-libcloud pycrypto
+   pip install ansible apache-libcloud pycrypto requests google-auth
    ```
 
 
@@ -103,7 +103,7 @@ This node must be able to connect to the cluster nodes via SSH and to the Google
    ```
    pip install setuptools --upgrade
    pip install pip --upgrade
-   pip install ansible apache-libcloud pycrypto
+   pip install ansible apache-libcloud pycrypto requests google-auth
    ```
 
 
@@ -122,15 +122,15 @@ More details about how authentication to the Google Cloud Platform works is on t
 
 1. Create a Google Cloud Platform Service Account
 
-   1. Go to the [Service accounts page](https://console.developers.google.com/permissions/serviceaccounts) and login with your Google account.
+   1. Go to the [Service accounts page](https://console.developers.google.com/iam-admin/serviceaccounts) and login with your Google account.
     
-   2. Decide on a project you want to use for the purpose of these scripts or create a new project in the `All projects` page.
+   2. Decide on a project you want to use for the purpose of these scripts or create a new project using the `CREATE` button.
    
-   3. Once the project has been selected, click on the `CREATE SERVICE ACCOUNT` link.
+   3. Once the project has been selected or created, click on the `CREATE SERVICE ACCOUNT` link.
    
    4. Give the Service account a name and a Role (recommended Role is `Project` -> `Editor`).
    
-   5. Also select the `Furnish a new private key` option and `JSON` as the Key type. This will also initiate a download of the JSON file holding the service account's credentials. Save this file.
+   5. On the next page, use the `CREATE KEY` button under `Create key (optional)` section and set `JSON` as the Key type. This will also initiate a download of the JSON file holding the service account's credentials. Save this file.
    
    6. If this is a new project, you'll also need to [associate a Billing Account](https://console.cloud.google.com/billing/projects) with the project (and create a [new Billing Account](https://console.cloud.google.com/billing) if none exists). If this was done, confirm that everything works by going to the [main Compute Engine page](https://console.cloud.google.com/compute/instances).
 
@@ -153,18 +153,19 @@ More details about how authentication to the Google Cloud Platform works is on t
 
    There are different ways to provide the credentials to the Ansible modules, each with its own advantages and disadvantages:
    * set variables directly inside the Ansible playbooks
-   * populate a `secrets.py` file
    * setting environment variables
 
-   All of these are explained in greater details on the [Ansible Guide](https://docs.ansible.com/ansible/latest/scenario_guides/guide_gce.html) but for the purpose of this guide we'll use the following environment variables:
-  
-   * **GCE_EMAIL**: the email account associated with the project (can be found on the [Service accounts](https://console.cloud.google.com/iam-admin/serviceaccounts) page -> `Service account ID` column)
+   All of these are explained in greater details on the [Ansible Guide](https://docs.ansible.com/ansible/latest/scenario_guides/guide_gce.html#providing-credentials-as-module-parameters) but for the purpose of this guide we'll use the following environment variables:
+
+   * **GCP_AUTH_KIND**: type of authentication being used (choices: machineaccount, serviceaccount, application)
    * **GCE_PROJECT**: the id of the project (can be found on the [All projects](https://console.cloud.google.com/iam-admin/projects) page)
+   * **GCE_EMAIL**: the email account associated with the project (can be found on the [Service accounts](https://console.cloud.google.com/iam-admin/serviceaccounts) page -> `Service account ID` column)
    * **GCE_CREDENTIALS_FILE_PATH**: the local path to the JSON credentials file
 
    ```
-   export GCE_EMAIL=hadoop-test@hadoop-123456.iam.gserviceaccount.com
+   export GCP_AUTH_KIND=serviceaccount
    export GCE_PROJECT=hadoop-123456
+   export GCE_EMAIL=hadoop-test@hadoop-123456.iam.gserviceaccount.com
    export GCE_CREDENTIALS_FILE_PATH=~/Hadoop-12345cb6789d.json
    ```
 
@@ -190,7 +191,7 @@ This is based on Google's [guide](https://cloud.google.com/compute/docs/instance
 
    Go to the [METADATA PAGE](https://console.cloud.google.com/compute/metadata) and click on the `SSH Keys` tab.
    
-   Click `Edit` and add the new key. When you paste the contents of the public key file obtained at the previous step, Google Compute Engine will automatically generate the Username, which is the non-root administrative user that is used to login to the cluster nodes.
+   Click on `Add SSH Keys` and paste the new key. When you paste the contents of the public key file obtained at the previous step, Google Compute Engine will automatically generate the Username, which is the non-root administrative user that is used to login to the cluster nodes.
    
    If you've used a different key than the one generated as part of the Build Setup, step 4, or you want to use a different user to login to the cluster nodes, replace the last bit of the key with the desired username.
    
diff --git a/inventory/gce/gce.py b/inventory/gce/gce.py
index e72f343e..0a7df3f5 100755
--- a/inventory/gce/gce.py
+++ b/inventory/gce/gce.py
@@ -1,20 +1,7 @@
 #!/usr/bin/env python
-# Copyright 2013 Google Inc.
-#
-# This file is part of Ansible
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# Copyright: (c) 2013, Google Inc.
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 '''
 GCE external inventory script
@@ -93,24 +80,18 @@
 
 from time import time
 
-if sys.version_info >= (3, 0):
-    import configparser
-else:
-    import ConfigParser as configparser
+from ansible.module_utils.six.moves import configparser
 
 import logging
 logging.getLogger('libcloud.common.google').addHandler(logging.NullHandler())
 
-try:
-    import json
-except ImportError:
-    import simplejson as json
+import json
 
 try:
     from libcloud.compute.types import Provider
     from libcloud.compute.providers import get_driver
     _ = Provider.GCE
-except:
+except Exception:
     sys.exit("GCE inventory script requires libcloud >= 0.13")
 
 
@@ -203,7 +184,7 @@ def get_config(self):
         """
         Reads the settings from the gce.ini file.
 
-        Populates a SafeConfigParser object with defaults and
+        Populates a ConfigParser object with defaults and
         attempts to read an .ini-style configuration from the filename
         specified in GCE_INI_PATH. If the environment variable is
         not present, the filename defaults to gce.ini in the current
@@ -217,7 +198,7 @@ def get_config(self):
         # This provides empty defaults to each key, so that environment
         # variable configuration (as opposed to INI configuration) is able
         # to work.
-        config = configparser.SafeConfigParser(defaults={
+        config = configparser.ConfigParser(defaults={
             'gce_service_account_email_address': '',
             'gce_service_account_pem_file_path': '',
             'gce_project_id': '',
@@ -292,7 +273,7 @@ def get_gce_drivers(self):
             args = list(secrets.GCE_PARAMS)
             kwargs = secrets.GCE_KEYWORD_PARAMS
             secrets_found = True
-        except:
+        except Exception:
             pass
 
         if not secrets_found and secrets_path:
@@ -306,7 +287,7 @@ def get_gce_drivers(self):
                 args = list(getattr(secrets, 'GCE_PARAMS', []))
                 kwargs = getattr(secrets, 'GCE_KEYWORD_PARAMS', {})
                 secrets_found = True
-            except:
+            except Exception:
                 pass
 
         if not secrets_found:
@@ -501,7 +482,7 @@ def group_instances(self, zones=None):
             else:
                 groups[machine_type] = [name]
 
-            image = node.image and node.image or 'persistent_disk'
+            image = node.image or 'persistent_disk'
             if image in groups:
                 groups[image].append(name)
             else:
@@ -534,6 +515,7 @@ def json_format_dict(self, data, pretty=False):
         else:
             return json.dumps(data)
 
+
 # Run the script
 if __name__ == '__main__':
     GceInventory()