[ansible_runner] Add VaultCredential #19002
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds
Ansible::Runner::VaultCredential
.NOTE: The
--vault-password-file
is used instead of populating theenv/passwords
file here in case multiple credentials were used at the same time. This differs from howawx
does things:https://github.com/ansible/awx/blob/1242ee2b/awx/main/tasks.py#L1554
Where the
env/passwords
file (/usr/bin/expect
style) is used, but there is also contextual awareness of all of the passwords being added inawx
at the time of writing the file allowing this to work without adding conflicts. In the current case of MIQ, this is done for each credential type but overall scope of the play is missing, so we don't have the context available at when writing the files to ensure there aren't conflicts.Steps for Testing/QA
Still working on wiring things up in MIQ to provide a way of testing this (this is much easier to test than with cloud credentials), so will update this section and most likely remove the[WIP]
label once I do.Using the following playbook repo:
https://github.com/NickLaMuro/ansible-tower-samples
EmbeddedAnsible
Automation -> Ansible -> Repositories
, add the above repo's master branchAutomation -> Ansible -> Credentials
, add a vault credential with a password of "vault"hello_world_vault_encrypted.yml
playbook