blob: 0e87daef6fa575fc4ca0b2f4eeb824878676c1cc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
---
- name: Set vault_addr
include_tasks: set_vault_addr.yml
- name: Load vault keys
include_vars:
file: "{{ vault_file }}"
- name: Get AWX admin password
include_vars:
file: "{{ admin_password_file }}"
- name: Create a HashiCorp Vault Credential
awx.awx.credential:
credential_type: HashiCorp Vault Secret Lookup
name: Vault Lookup Cred
organization: Default
controller_host: "{{ awx_host }}"
controller_username: admin
controller_password: "{{ admin_password }}"
validate_certs: false
inputs:
api_version: "v1"
cacert: "{{ lookup('ansible.builtin.file', '{{ vault_server_cert }}', errors='ignore') }}"
default_auth_path: "cert"
kubernetes_role: ""
namespace: ""
client_cert_public: "{{ lookup('ansible.builtin.file', '{{ vault_client_cert }}', errors='ignore') }}"
client_cert_private: "{{ lookup('ansible.builtin.file', '{{ vault_client_key }}', errors='ignore') }}"
token: "{{ Initial_Root_Token }}"
url: "{{ vault_addr_from_container }}"
register: vault_cred
- name: Create a custom credential type
awx.awx.credential_type:
name: Vault Custom Cred Type
kind: cloud
controller_host: "{{ awx_host }}"
controller_username: admin
controller_password: "{{ admin_password }}"
validate_certs: false
injectors:
extra_vars:
the_secret_from_vault: "{{ '{{' }} password {{ '}}' }}"
inputs:
fields:
- type: "string"
id: "password"
label: "Password"
secret: true
register: custom_vault_cred_type
- name: Create a credential of the custom type for token auth
awx.awx.credential:
credential_type: "{{ custom_vault_cred_type.id }}"
controller_host: "{{ awx_host }}"
controller_username: admin
controller_password: "{{ admin_password }}"
validate_certs: false
name: Credential From HashiCorp Vault via Token Auth
inputs: {}
organization: Default
register: custom_credential_via_token
- name: Use the Token Vault Credential For the new credential
awx.awx.credential_input_source:
input_field_name: password
target_credential: "{{ custom_credential_via_token.id }}"
source_credential: "{{ vault_cred.id }}"
controller_host: "{{ awx_host }}"
controller_username: admin
controller_password: "{{ admin_password }}"
validate_certs: false
metadata:
auth_path: ""
secret_backend: "my_engine"
secret_key: "my_key"
secret_path: "/my_root/my_folder"
secret_version: ""
- name: Create a HashiCorp Vault Credential for LDAP
awx.awx.credential:
credential_type: HashiCorp Vault Secret Lookup
name: Vault LDAP Lookup Cred
organization: Default
controller_host: "{{ awx_host }}"
controller_username: admin
controller_password: "{{ admin_password }}"
validate_certs: false
inputs:
api_version: "v1"
default_auth_path: "ldap"
kubernetes_role: ""
namespace: ""
url: "{{ vault_addr_from_container }}"
username: "{{ vault_ldap_username }}"
password: "{{ vault_ldap_password }}"
register: vault_ldap_cred
when: enable_ldap | bool
- name: Create a credential from the Vault LDAP Custom Cred Type
awx.awx.credential:
credential_type: "{{ custom_vault_cred_type.id }}"
controller_host: "{{ awx_host }}"
controller_username: admin
controller_password: "{{ admin_password }}"
validate_certs: false
name: Credential From HashiCorp Vault via LDAP Auth
inputs: {}
organization: Default
register: custom_credential_via_ldap
when: enable_ldap | bool
- name: Use the Vault LDAP Credential the new credential
awx.awx.credential_input_source:
input_field_name: password
target_credential: "{{ custom_credential_via_ldap.id }}"
source_credential: "{{ vault_ldap_cred.id }}"
controller_host: "{{ awx_host }}"
controller_username: admin
controller_password: "{{ admin_password }}"
validate_certs: false
metadata:
auth_path: ""
secret_backend: "ldap_engine"
secret_key: "my_key"
secret_path: "ldaps_root/ldap_secret"
secret_version: ""
when: enable_ldap | bool
- name: Create a HashiCorp Vault Credential for UserPass
awx.awx.credential:
credential_type: HashiCorp Vault Secret Lookup
name: Vault UserPass Lookup Cred
organization: Default
controller_host: "{{ awx_host }}"
controller_username: admin
controller_password: "{{ admin_password }}"
validate_certs: false
inputs:
api_version: "v1"
default_auth_path: "userpass"
kubernetes_role: ""
namespace: ""
url: "{{ vault_addr_from_container }}"
username: "{{ vault_userpass_username }}"
password: "{{ vault_userpass_password }}"
register: vault_userpass_cred
- name: Create a credential from the Vault UserPass Custom Cred Type
awx.awx.credential:
credential_type: "{{ custom_vault_cred_type.id }}"
controller_host: "{{ awx_host }}"
controller_username: admin
controller_password: "{{ admin_password }}"
validate_certs: false
name: Credential From HashiCorp Vault via UserPass Auth
inputs: {}
organization: Default
register: custom_credential_via_userpass
- name: Use the Vault UserPass Credential the new credential
awx.awx.credential_input_source:
input_field_name: password
target_credential: "{{ custom_credential_via_userpass.id }}"
source_credential: "{{ vault_userpass_cred.id }}"
controller_host: "{{ awx_host }}"
controller_username: admin
controller_password: "{{ admin_password }}"
validate_certs: false
metadata:
auth_path: ""
secret_backend: "userpass_engine"
secret_key: "my_key"
secret_path: "userpass_root/userpass_secret"
secret_version: ""
|
