Try Spottercreate, update, or destroy Ansible Tower credential.
| "added in version" 2.3 of alancoding.awx"
Authors: Wayne Witzel III (@wwitzel3)
preview | supported by community
Install with ansible-galaxy collection install alancoding.awx:==11.2.0
collections:
- name: alancoding.awx
version: 11.2.0Create, update, or destroy Ansible Tower credentials. See U(https://www.ansible.com/tower) for an overview.
- name: Add tower machine credential
tower_credential:
name: Team Name
description: Team Description
organization: test-org
credential_type: Machine
state: present
tower_config_file: "~/tower_cli.cfg"
- name: Create a valid SCM credential from a private_key file
tower_credential:
name: SCM Credential
organization: Default
state: present
credential_type: Source Control
inputs:
username: joe
password: secret
ssh_key_data: "{{ lookup('file', '/tmp/id_rsa') }}"
ssh_key_unlock: "passphrase"
- name: Fetch private key
slurp:
src: '$HOME/.ssh/aws-private.pem'
register: aws_ssh_key
- name: Add Credential Into Tower
tower_credential:
name: Workshop Credential
credential_type: Machine
organization: Default
inputs:
ssh_key_data: "{{ aws_ssh_key['content'] | b64decode }}"
run_once: true
delegate_to: localhost
- name: Add Credential with Custom Credential Type
tower_credential:
name: Workshop Credential
credential_type: MyCloudCredential
organization: Default
tower_username: admin
tower_password: ansible
tower_host: https://localhost
- name: Create a Vaiult credential (example for notes)
tower_credential:
name: Example password
credential_type: Vault
organization: Default
inputs:
vault_password: 'hello'
vault_id: 'My ID'
- name: Bad password update (will replace vault_id)
tower_credential:
name: Example password
credential_type: Vault
organization: Default
inputs:
vault_password: 'new_password'
- name: Another bad password update (will replace vault_id)
tower_credential:
name: Example password
credential_type: Vault
organization: Default
vault_password: 'new_password'
- name: A safe way to update a password and keep vault_id
tower_credential:
name: Example password
credential_type: Vault
organization: Default
inputs:
vault_password: 'new_password'
vault_id: 'My ID'
host:
description:
- Host for this credential.
- Deprecated, will be removed in a future release
type: str
kind:
choices:
- ssh
- vault
- net
- scm
- aws
- vmware
- satellite6
- cloudforms
- gce
- azure_rm
- openstack
- rhv
- insights
- tower
description:
- Type of credential being added.
- The ssh choice refers to a Tower Machine credential.
- Deprecated, please use credential_type
required: false
type: str
name:
description:
- The name to use for the credential.
required: true
type: str
team:
description:
- Team that should own this credential.
type: str
user:
description:
- User that should own this credential.
type: str
state:
choices:
- present
- absent
default: present
description:
- Desired state of the resource.
type: str
client:
description:
- Client or application ID for azure_rm type.
- Deprecated, please use inputs
type: str
domain:
description:
- Domain for openstack type.
- Deprecated, please use inputs
type: str
inputs:
description:
- Credential inputs where the keys are var names used in templating. Refer to the
Ansible Tower documentation for example syntax.
- Any fields in this dict will take prescedence over any fields mentioned below (i.e.
host, username, etc)
type: dict
version_added: '2.9'
version_added_collection: alancoding.awx
secret:
description:
- Secret token for azure_rm type.
- Deprecated, please use inputs
type: str
tenant:
description:
- Tenant ID for azure_rm type.
- Deprecated, please use inputs
type: str
project:
description:
- Project that should use this credential for GCP.
- Deprecated, will be removed in a future release
type: str
new_name:
description:
- Setting this option will change the existing name (looked up via the name field.
required: false
type: str
password:
description:
- Password for this credential. ``secret_key`` for AWS. ``api_key`` for RAX.
- Use "ASK" and launch in Tower to be prompted.
- Deprecated, please use inputs
type: str
username:
description:
- Username for this credential. ``access_key`` for AWS.
- Deprecated, please use inputs
type: str
vault_id:
description:
- Vault identifier.
- This parameter is only valid if C(kind) is specified as C(vault).
- Deprecated, please use inputs
type: str
version_added: '2.8'
version_added_collection: alancoding.awx
authorize:
default: 'no'
description:
- Should use authorize for net type.
- Deprecated, please use inputs
type: bool
tower_host:
description:
- URL to your Tower or AWX instance.
- If value not set, will try environment variable C(TOWER_HOST) and then config files
- If value not specified by any means, the value of C(127.0.0.1) will be used
type: str
description:
description:
- The description to use for the credential.
type: str
organization:
description:
- Organization that should own the credential.
type: str
ssh_key_data:
description:
- SSH private key content. To extract the content from a file path, use the lookup
function (see examples).
- Deprecated, please use inputs
type: str
subscription:
description:
- Subscription ID for azure_rm type.
- Deprecated, please use inputs
type: str
become_method:
description:
- Become method to use for privilege escalation.
- Some examples are "None", "sudo", "su", "pbrun"
- Due to become plugins, these can be arbitrary
- Deprecated, please use inputs
type: str
security_token:
description:
- STS token for aws type.
- Deprecated, please use inputs
type: str
version_added: '2.6'
version_added_collection: alancoding.awx
ssh_key_unlock:
description:
- Unlock password for ssh_key.
- Use "ASK" and launch in Tower to be prompted.
- Deprecated, please use inputs
type: str
tower_password:
description:
- Password for your Tower or AWX instance.
- If value not set, will try environment variable C(TOWER_PASSWORD) and then config
files
type: str
tower_username:
description:
- Username for your Tower or AWX instance.
- If value not set, will try environment variable C(TOWER_USERNAME) and then config
files
type: str
validate_certs:
aliases:
- tower_verify_ssl
description:
- Whether to allow insecure connections to Tower or AWX.
- If C(no), SSL certificates will not be validated.
- This should only be used on personally controlled sites using self-signed certificates.
- If value not set, will try environment variable C(TOWER_VERIFY_SSL) and then config
files
type: bool
vault_password:
description:
- Vault password.
- Use "ASK" and launch in Tower to be prompted.
- Deprecated, please use inputs
type: str
become_password:
description:
- Become password.
- Use "ASK" and launch in Tower to be prompted.
- Deprecated, please use inputs
type: str
become_username:
description:
- Become username.
- Use "ASK" and launch in Tower to be prompted.
- Deprecated, please use inputs
type: str
credential_type:
description:
- Name of credential type.
- Will be preferred over kind
type: str
version_added: '2.10'
version_added_collection: alancoding.awx
tower_oauthtoken:
description:
- The Tower OAuth token to use.
- If value not set, will try environment variable C(TOWER_OAUTH_TOKEN) and then config
files
required: false
type: str
version_added: '3.7'
version_added_collection: alancoding.awx
tower_config_file:
description:
- Path to the Tower or AWX config file.
type: path
authorize_password:
description:
- Password for net credentials that require authorize.
- Deprecated, please use inputs
type: str