herve4m / herve4m.quay / 1.2.0 / module / quay_docker_token Manage tokens for accessing Quay Container Registry repositories | "added in version" 0.0.11 of herve4m.quay" Authors: Herve Quatremain (@herve4m)herve4m.quay.quay_docker_token (1.2.0) — module
Install with ansible-galaxy collection install herve4m.quay:==1.2.0
collections: - name: herve4m.quay version: 1.2.0
Create or delete tokens for client tools to access repositories.
For example, the C(docker), C(podman), and C(skopeo) command-line tools can use such tokens.
Kubernetes can also use those tokens, declared is Kubernetes secret objects, to pull images and deploy pods.
Using tokens is an alternative to using your user login and password.
The tokens you create are for the user account you are logged in. You cannot create tokens for other users, even if you are logged in with a super user account.
- name: Ensure the token exists for my account herve4m.quay.quay_docker_token: name: token_for_pull state: present quay_host: https://quay.example.com quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7 register: token_details
- name: Ensure the image is pulled containers.podman.podman_image: name: quay.example.com/production/smallimage:v1.0.0 username: "{{ token_details['username'] }}" password: "{{ token_details['token_code'] }}"
- name: Ensure the token does not exist herve4m.quay.quay_docker_token: name: token_for_pull state: absent quay_host: https://quay.example.com quay_token: vgfH9zH5q6eV16Con7SvDQYSr0KPYQimMHVehZv7
name: description: - Name of the token to create or delete. required: true type: str state: choices: - absent - present default: present description: - If C(absent), then the module deletes the token. - The module does not fail if the token does not exist, because the state is already as expected. - If C(present), then the module creates the token if it does not already exist. - If the token already exists, then the module returns its details. type: str quay_host: default: http://127.0.0.1 description: - URL for accessing the API. U(https://quay.example.com:8443) for example. - If you do not set the parameter, then the module uses the C(QUAY_HOST) environment variable. - If you do no set the environment variable either, then the module uses the U(http://127.0.0.1) URL. type: str quay_token: description: - OAuth access token for authenticating against the API. - If you do not set the parameter, then the module tries the C(QUAY_TOKEN) environment variable. - Mutually exclusive with I(quay_username) and I(quay_password). type: str quay_password: description: - The password to use for authenticating against the API. - If you do not set the parameter, then the module tries the C(QUAY_PASSWORD) environment variable. - If you set I(quay_password), then you also need to set I(quay_username). - Mutually exclusive with I(quay_token). type: str quay_username: description: - The username to use for authenticating against the API. - If you do not set the parameter, then the module tries the C(QUAY_USERNAME) environment variable. - If you set I(quay_username), then you also need to set I(quay_password). - Mutually exclusive with I(quay_token). type: str validate_certs: aliases: - verify_ssl default: true description: - Whether to allow insecure connections to the API. - If C(no), then the module does not validate SSL certificates. - If you do not set the parameter, then the module tries the C(QUAY_VERIFY_SSL) environment variable (C(yes), C(1), and C(True) mean yes, and C(no), C(0), C(False), and no value mean no). type: bool
auth_b64: description: - Base 64 encoding of the username and the token (C(I(username):I(token_code))) - Some client configuration files, such as the C(~/.docker/config.json) Docker configuration file, require that you provide the username and the token in that format. - You can decode the string by using the C(base64 --decode) command. See the C(base64)(1) man page. returned: always sample: JGFw...NzBK type: str created: description: Token creation date and time. returned: always sample: Wed, 25 May 2022 12:46:41 -0000 type: str dockerconfigjson_b64: description: - Base 64 encoding of the C(~/.docker/config.json) configuration file. - The C(containers-auth.json)(5) man page describe the format of the file. returned: always sample: ewog...Cn0= type: str expiration: description: - Expiration date and time of the token. - By default, tokens do not expire. In that case I(expiration) is C(null). - Your Quay administrator might have activated expiration by setting the C(APP_SPECIFIC_TOKEN_EXPIRATION) directive in the C(config.yaml) configuration file. returned: always sample: Fri, 29 Apr 2023 13:31:05 -0000 type: str last_accessed: description: - Last date and time the token was used. - If the token has not been used yet, then I(last_accessed) is C(null). returned: always sample: Wed, 25 May 2022 12:49:45 -0000 type: str name: description: Name of the application token. returned: always sample: my_push_token type: str token_code: description: Token to use as the password. returned: always sample: OVKFT8YJBTQYG4Z30YHDOPJBU4M2VPMCQJ5IYW4BAQGZD8T5V70JORLJBJHFYVVFQ89K7 type: str username: description: - Username to use with client commands such as C(docker) or C(podman). - When you use a token with those commands, do not use your login name but use this username instead. - For Quay, that username is always C($app). - Because the C($) character is a special shell character, you might have to protect it with a backslash or by using single quotation marks. returned: always sample: $app type: str uuid: description: Internal ID of the application token. returned: always sample: 31b32343-e974-4f8c-bd9c-db5a0406f211 type: str