community / community.okd / 0.2.0 / module / openshift_auth Authenticate to OpenShift clusters which require an explicit login step | "added in version" 0.2.0 of community.okd" Authors: KubeVirt Team (@kubevirt), Fabian von Feilitzsch (@fabianvf)community.okd.openshift_auth (0.2.0) — module
Install with ansible-galaxy collection install community.okd:==0.2.0
collections: - name: community.okd version: 0.2.0
This module handles authenticating to OpenShift clusters requiring I(explicit) authentication procedures, meaning ones where a client logs in (obtains an authentication token), performs API operations using said token and then logs out (revokes the token).
On the other hand a popular configuration for username+password authentication is one utilizing HTTP Basic Auth, which does not involve any additional login/logout steps (instead login credentials can be attached to each and every API call performed) and as such is handled directly by the C(k8s) module (and other resource–specific modules) by utilizing the C(host), C(username) and C(password) parameters. Please consult your preferred module's documentation for more details.
- hosts: localhost module_defaults: group/k8s: host: https://k8s.example.com/ ca_cert: ca.pem tasks: - block: # It's good practice to store login credentials in a secure vault and not # directly in playbooks. - include_vars: openshift_passwords.yml - name: Log in (obtain access token) community.okd.openshift_auth: username: admin password: "{{ openshift_admin_password }}" register: openshift_auth_results # Previous task provides the token/api_key, while all other parameters # are taken from module_defaults - name: Get a list of all pods from any namespace community.kubernetes.k8s_info: api_key: "{{ openshift_auth_results.openshift_auth.api_key }}" kind: Pod register: pod_list always: - name: If login succeeded, try to log out (revoke access token) when: openshift_auth_results.openshift_auth.api_key is defined community.okd.openshift_auth: state: absent api_key: "{{ openshift_auth_results.openshift_auth.api_key }}"
host: description: - Provide a URL for accessing the API server. required: true type: str state: choices: - present - absent default: present description: - If set to I(present) connect to the API server using the URL specified in C(host) and attempt to log in. - If set to I(absent) attempt to log out by revoking the authentication token specified in C(api_key). type: str api_key: description: - When C(state) is set to I(absent), this specifies the token to revoke. type: str ca_cert: aliases: - ssl_ca_cert description: - Path to a CA certificate file used to verify connection to the API server. The full certificate chain must be provided to avoid certificate validation errors. type: path password: description: - Provide a password for authenticating with the API server. type: str username: description: - Provide a username for authenticating with the API server. type: str validate_certs: aliases: - verify_ssl default: true description: - Whether or not to verify the API server's SSL certificates. type: bool
k8s_auth: contains: api_key: description: Authentication token. returned: success type: str ca_cert: description: Path to a CA certificate file used to verify connection to the API server. returned: success type: str host: description: URL for accessing the API server. returned: success type: str username: description: Username for authenticating with the API server. returned: success type: str validate_certs: description: Whether or not to verify the API server's SSL certificates. returned: success type: bool description: Same as returned openshift_auth. Kept only for backwards compatibility returned: success type: complex openshift_auth: contains: api_key: description: Authentication token. returned: success type: str ca_cert: description: Path to a CA certificate file used to verify connection to the API server. returned: success type: str host: description: URL for accessing the API server. returned: success type: str username: description: Username for authenticating with the API server. returned: success type: str validate_certs: description: Whether or not to verify the API server's SSL certificates. returned: success type: bool description: OpenShift authentication facts. returned: success type: complex