infra.aap_configuration.eda_credential_input_sources
Description
An Ansible Role to create Credential Input Sources in EDA Controller.
Requirements
This role requires ansible.eda >= 2.9.0
Variables
| Variable Name | Default Value | Required | Description | Example |
platform_state | “present” | no | The state all objects will take unless overridden by object default | ‘absent’ |
aap_hostname | ”” | yes | URL to the Ansible Automation Platform Server. | 127.0.0.1 |
aap_validate_certs | true | no | Whether or not to validate the Ansible Automation Platform Server’s SSL certificate. | |
aap_username | ”” | no | Admin User on the Ansible Automation Platform Server. Either username / password or oauthtoken need to be specified. | |
aap_password | ”” | no | Platform Admin User’s password on the Server. This should be stored in an Ansible Vault at vars/platform-secrets.yml or elsewhere and called from a parent playbook. | |
aap_token | ”” | no | Controller Admin User’s token on the Ansible Automation Platform Server. This should be stored in an Ansible Vault at or elsewhere and called from a parent playbook. Either username / password or oauthtoken need to be specified. | |
aap_request_timeout | 10 | no | Specify the timeout in seconds Ansible should use in requests to the controller host. | |
aap_configuration_collect_logs | false | no | Specify whether to collect async results and continue for all failed async tasks instead of failing on the first error. Collected results are available in the aap_configuration_role_errors variable. | |
aap_configuration_register | ”” | no | Specify a variable to register the values of all aap_configuration tasks. This will create an object with each aap object as an element containing a list of each item created. | |
eda_credential_input_sources | see below | yes | Data structure describing your credential input sources. Described below. |
Enforcing defaults
The following Variables complement each other. If Both variables are not set, enforcing default values is not done. Enabling these variables enforce default values on options that are optional in the EDA API. This should be enabled to enforce configuration and prevent configuration drift. It is recommended to be enabled, however it is not enforced by default.
Enabling this will enforce configuration without specifying every option in the configuration files.
‘eda_configuration_credential_input_sources_enforce_defaults’ defaults to the value of ‘aap_configuration_enforce_defaults’ if it is not explicitly called. This allows for enforced defaults to be toggled for the entire suite of AAP configuration roles with a single variable, or for the user to selectively use it.
| Variable Name | Default Value | Required | Description |
eda_configuration_credential_input_sources_enforce_defaults | false | no | Whether or not to enforce default option values on only the credential input sources role |
aap_configuration_enforce_defaults | false | no | This variable enables enforced default values as well, but is shared across multiple roles, see above. |
Secure Logging Variables
The following Variables complement each other. If Both variables are not set, secure logging defaults to false. The role defaults to false as normally the add group_roles task does not include sensitive information. eda_configuration_credential_input_sources_secure_logging defaults to the value of aap_configuration_secure_logging if it is not explicitly called. This allows for secure logging to be toggled for the entire suite of automation hub configuration roles with a single variable, or for the user to selectively use it.
| Variable Name | Default Value | Required | Description |
eda_configuration_credential_input_sources_secure_logging | true | no | Whether or not to include the sensitive Registry role tasks in the log. Set this value to true if you will be providing your sensitive values from elsewhere. |
aap_configuration_secure_logging | false | no | Whether or not to include the sensitive Registry role tasks in the log. Set this value to true if you will be providing your sensitive values from elsewhere. |
Asynchronous Retry Variables
The following Variables set asynchronous retries for the role. If neither of the retries or delay or retries are set, they will default to their respective defaults. This allows for all items to be created, then checked that the task finishes successfully. This also speeds up the overall role.
| Variable Name | Default Value | Required | Description |
aap_configuration_async_retries | 50 | no | This variable sets the number of retries to attempt for the role globally. |
eda_configuration_credential_input_sources_async_retries | aap_configuration_async_retries | no | This variable sets the number of retries to attempt for the role. |
aap_configuration_async_delay | 1 | no | This sets the delay between retries for the role globally. |
eda_configuration_credential_input_sources_async_delay | aap_configuration_async_delay | no | This sets the delay between retries for the role. |
aap_configuration_loop_delay | 1000 | no | This variable sets the loop_delay for the role globally. |
eda_configuration_credential_input_sources_async_delay | aap_configuration_loop_delay | no | This variable sets the loop_delay for the role. |
aap_configuration_async_dir | null | no | Sets the directory to write the results file for async tasks. The default value is set to null which uses the Ansible Default of /root/.ansible_async/. |
Data Structure
Credential Input Source Variables
| Variable Name | Default Value | Required | Type | Description |
target_credential | ”” | yes | str | Target Credential name (the credential receiving the lookup value.) |
source_credential | ”” | yes | str | Source Credential name (the credential the lookup value will be retrieved from.) |
description | ”” | no | str | Description to use for the credential input source. |
organization | ”” | yes | str | Organization this Credential Input Source belongs to. |
input_field_name | ”” | yes | str | The name of the Credential input field which will be set from the lookup value. |
metadata | {} | no | dict | Metadata provided to the target credential for the lookup. |
state | present | no | str | Desired state of the credential. |
Standard Credential Input Source Data Structure
Yaml Example
eda_credential_input_sources:
- target_credential: hashivault_lookup
source_credential: github_hmac_secret
description: Lookup the GitHub HMAC Secret in Hashi Vault
organization: "Default"
input_field_name: "secret"
metadata:
secret_key: "hmac"
secret_path: "my/path/to/github/secrets/"
state: present
Playbook Examples
Standard Role Usage
- name: Add credential input source to EDA Controller
hosts: localhost
connection: local
gather_facts: false
vars:
eda_validate_certs: false
# Define following vars here, or in eda_configs/eda_auth.yml
# controller_host: ansible-eda-web-svc-test-credential.example.com
# eda_token: changeme
pre_tasks:
- name: Include vars from eda_configs directory
ansible.builtin.include_vars:
dir: ./vars
extensions: ["yml"]
tags:
- always
roles:
- infra.aap_configuration.eda_credential_input_sources