gcloud.toml raw

   1  Name = "Google Cloud"
   2  Description = ''''''
   3  URL = "https://cloud.google.com"
   4  Code = "gcloud"
   5  Since = "v0.3.0"
   6  
   7  Example = '''
   8  # Using a service account file
   9  GCE_PROJECT="gc-project-id" \
  10  GCE_SERVICE_ACCOUNT_FILE="/path/to/svc/account/file.json" \
  11  lego --dns gcloud -d '*.example.com' -d example.com run
  12  
  13  # Using default credentials with impersonation
  14  GCE_PROJECT="gc-project-id" \
  15  GCE_IMPERSONATE_SERVICE_ACCOUNT="target-sa@gc-project-id.iam.gserviceaccount.com" \
  16  lego --dns gcloud -d '*.example.com' -d example.com run
  17  
  18  # Using service account key with impersonation
  19  GCE_PROJECT="gc-project-id" \
  20  GCE_SERVICE_ACCOUNT_FILE="/path/to/svc/account/file.json" \
  21  GCE_IMPERSONATE_SERVICE_ACCOUNT="target-sa@gc-project-id.iam.gserviceaccount.com" \
  22  lego --dns gcloud -d '*.example.com' -d example.com run
  23  '''
  24  
  25  Additional = '''
  26  Supports service account impersonation to access Google Cloud DNS resources across different projects or with restricted permissions.
  27  
  28  When using impersonation, the source service account must have:
  29  1. The "Service Account Token Creator" role on the source service account
  30  2. The "https://www.googleapis.com/auth/cloud-platform" scope
  31  '''
  32  
  33  [Configuration]
  34    [Configuration.Credentials]
  35      GCE_PROJECT = "Project name (by default, the project name is auto-detected by using the metadata service)"
  36      'Application Default Credentials' = "[Documentation](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application)"
  37      GCE_SERVICE_ACCOUNT_FILE = "Account file path"
  38      GCE_SERVICE_ACCOUNT = "Account"
  39    [Configuration.Additional]
  40      GCE_ALLOW_PRIVATE_ZONE = "Allows requested domain to be in private DNS zone, works only with a private ACME server (by default: false)"
  41      GCE_ZONE_ID = "Allows to skip the automatic detection of the zone"
  42      GCE_IMPERSONATE_SERVICE_ACCOUNT = "Service account email to impersonate"
  43      GCE_POLLING_INTERVAL = "Time between DNS propagation check in seconds (Default: 5)"
  44      GCE_PROPAGATION_TIMEOUT = "Maximum waiting time for DNS propagation in seconds (Default: 180)"
  45      GCE_TTL = "The TTL of the TXT record used for the DNS challenge in seconds (Default: 120)"
  46  
  47  [Links]
  48    API = "https://cloud.google.com/dns/api/v1/"
  49    GoClient = "https://github.com/googleapis/google-api-go-client"
  50