Try SpotterCreates/updates/deletes GitLab Projects Variables
Authors: Markus Bergholz (@markuman)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0When a project variable does not exist, it will be created.
When a project variable does exist, its value will be updated when the values are different.
Variables which are untouched in the playbook, but are not untouched in the GitLab project, they stay untouched (O(purge=false)) or will be deleted (O(purge=true)).
- name: Set or update some CI/CD variables
community.general.gitlab_project_variable:
api_url: https://gitlab.com
api_token: secret_access_token
project: markuman/dotfiles
purge: false
variables:
- name: ACCESS_KEY_ID
value: abc123
- name: SECRET_ACCESS_KEY
value: dassgrfaeui8989
masked: true
protected: true
environment_scope: production
- name: Set or update some CI/CD variables
community.general.gitlab_project_variable:
api_url: https://gitlab.com
api_token: secret_access_token
project: markuman/dotfiles
purge: false
vars:
ACCESS_KEY_ID: abc123
SECRET_ACCESS_KEY:
value: 3214cbad
masked: true
protected: true
variable_type: env_var
environment_scope: '*'
- name: Set or update some CI/CD variables with raw value
community.general.gitlab_project_variable:
api_url: https://gitlab.com
api_token: secret_access_token
project: markuman/dotfiles
purge: false
vars:
ACCESS_KEY_ID: abc123
SECRET_ACCESS_KEY:
value: 3214cbad
masked: true
protected: true
raw: true
variable_type: env_var
environment_scope: '*'
- name: Set or update some CI/CD variables with expandable value
community.general.gitlab_project_variable:
api_url: https://gitlab.com
api_token: secret_access_token
project: markuman/dotfiles
purge: false
vars:
ACCESS_KEY_ID: abc123
SECRET_ACCESS_KEY:
value: '$MY_OTHER_VARIABLE'
masked: true
protected: true
raw: false
variable_type: env_var
environment_scope: '*'
- name: Delete one variable
community.general.gitlab_project_variable:
api_url: https://gitlab.com
api_token: secret_access_token
project: markuman/dotfiles
state: absent
vars:
ACCESS_KEY_ID: abc123
vars:
default: {}
description:
- When the list element is a simple key-value pair, masked, raw and protected will
be set to false.
- When the list element is a dict with the keys C(value), C(masked), C(raw) and C(protected),
the user can have full control about whether a value should be masked, raw, protected
or both.
- Support for protected values requires GitLab >= 9.3.
- Support for masked values requires GitLab >= 11.10.
- Support for raw values requires GitLab >= 15.7.
- Support for environment_scope requires GitLab Premium >= 13.11.
- Support for variable_type requires GitLab >= 11.11.
- A C(value) must be a string or a number.
- Field C(variable_type) must be a string with either V(env_var), which is the default,
or V(file).
- Field C(environment_scope) must be a string defined by scope environment.
- When a value is masked, it must be in Base64 and have a length of at least 8 characters.
See GitLab documentation on acceptable values for a masked variable (https://docs.gitlab.com/ce/ci/variables/#masked-variables).
type: dict
purge:
default: false
description:
- When set to true, all variables which are not untouched in the task will be deleted.
type: bool
state:
choices:
- present
- absent
default: present
description:
- Create or delete project variable.
- Possible values are present and absent.
type: str
api_url:
description:
- The resolvable endpoint for the API.
type: str
ca_path:
description:
- The CA certificates bundle to use to verify GitLab server certificate.
type: str
version_added: 8.1.0
version_added_collection: community.general
project:
description:
- The path and name of the project.
required: true
type: str
api_token:
description:
- GitLab access token with API permissions.
type: str
variables:
default: []
description:
- A list of dictionaries that represents CI/CD variables.
- This module works internal with this structure, even if the older O(vars) parameter
is used.
elements: dict
suboptions:
environment_scope:
default: '*'
description:
- The scope for the variable.
- Support for O(variables[].environment_scope) requires GitLab Premium >= 13.11.
type: str
masked:
default: false
description:
- Whether variable value is masked or not.
- Support for masked values requires GitLab >= 11.10.
type: bool
name:
description:
- The name of the variable.
required: true
type: str
protected:
default: false
description:
- Whether variable value is protected or not.
- Support for protected values requires GitLab >= 9.3.
type: bool
raw:
default: false
description:
- Whether variable value is raw or not.
- Support for raw values requires GitLab >= 15.7.
type: bool
version_added: 7.4.0
version_added_collection: community.general
value:
description:
- The variable value.
- Required when O(state=present).
type: str
variable_type:
choices:
- env_var
- file
default: env_var
description:
- Whether a variable is an environment variable (V(env_var)) or a file (V(file)).
- Support for O(variables[].variable_type) requires GitLab >= 11.11.
type: str
type: list
version_added: 4.4.0
version_added_collection: community.general
api_password:
description:
- The password to use for authentication against the API.
type: str
api_username:
description:
- The username to use for authentication against the API.
type: str
api_job_token:
description:
- GitLab CI job token for logging in.
type: str
version_added: 4.2.0
version_added_collection: community.general
validate_certs:
default: true
description:
- Whether or not to validate SSL certs when supplying a HTTPS endpoint.
type: bool
api_oauth_token:
description:
- GitLab OAuth token for logging in.
type: str
version_added: 4.2.0
version_added_collection: community.general
project_variable:
contains:
added:
description: A list of variables which were created.
returned: always
sample:
- ACCESS_KEY_ID
- SECRET_ACCESS_KEY
type: list
removed:
description: A list of variables which were deleted.
returned: always
sample:
- ACCESS_KEY_ID
- SECRET_ACCESS_KEY
type: list
untouched:
description: A list of variables which exist.
returned: always
sample:
- ACCESS_KEY_ID
- SECRET_ACCESS_KEY
type: list
updated:
description: A list of variables whose values were changed.
returned: always
sample:
- ACCESS_KEY_ID
- SECRET_ACCESS_KEY
type: list
description: Four lists of the variablenames which were added, updated, removed
or exist.
returned: always
type: dict