awx.awx.tower_credential – create, update, or destroy Ansible Tower credential.
Note
This plugin is part of the awx.awx collection (version 14.1.0).
To install it use: ansible-galaxy collection install awx.awx
.
To use it in a playbook, specify: awx.awx.tower_credential
.
Synopsis
- Create, update, or destroy Ansible Tower credentials. See https://www.ansible.com/tower for an overview.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
authorize
boolean
|
|
Should use authorize for net type.
Deprecated, please use inputs
|
authorize_password
string
|
Password for net credentials that require authorize.
Deprecated, please use inputs
|
|
become_method
string
|
Become method to use for privilege escalation.
Some examples are "None", "sudo", "su", "pbrun"
Due to become plugins, these can be arbitrary
Deprecated, please use inputs
|
|
become_password
string
|
Become password.
Use "ASK" and launch in Tower to be prompted.
Deprecated, please use inputs
|
|
become_username
string
|
Become username.
Use "ASK" and launch in Tower to be prompted.
Deprecated, please use inputs
|
|
client
string
|
Client or application ID for azure_rm type.
Deprecated, please use inputs
|
|
credential_type
string
|
Name of credential type.
Will be preferred over kind
|
|
description
string
|
The description to use for the credential.
|
|
domain
string
|
Domain for openstack type.
Deprecated, please use inputs
|
|
host
string
|
Host for this credential.
Deprecated, will be removed in a future release
|
|
inputs
dictionary
|
Credential inputs where the keys are var names used in templating. Refer to the Ansible Tower documentation for example syntax.
Any fields in this dict will take prescedence over any fields mentioned below (i.e. host, username, etc)
|
|
kind
string
|
|
Type of credential being added.
The ssh choice refers to a Tower Machine credential.
Deprecated, please use credential_type
|
name
string /
required
|
The name to use for the credential.
|
|
new_name
string
|
Setting this option will change the existing name (looked up via the name field.
|
|
organization
string
|
Organization that should own the credential.
|
|
password
string
|
Password for this credential. ``secret_key`` for AWS. ``api_key`` for RAX.
Use "ASK" and launch in Tower to be prompted.
Deprecated, please use inputs
|
|
project
string
|
Project that should use this credential for GCP.
Deprecated, will be removed in a future release
|
|
secret
string
|
Secret token for azure_rm type.
Deprecated, please use inputs
|
|
security_token
string
|
STS token for aws type.
Deprecated, please use inputs
|
|
ssh_key_data
string
|
SSH private key content. To extract the content from a file path, use the lookup function (see examples).
Deprecated, please use inputs
|
|
ssh_key_unlock
string
|
Unlock password for ssh_key.
Use "ASK" and launch in Tower to be prompted.
Deprecated, please use inputs
|
|
state
string
|
|
Desired state of the resource.
|
subscription
string
|
Subscription ID for azure_rm type.
Deprecated, please use inputs
|
|
team
string
|
Team that should own this credential.
|
|
tenant
string
|
Tenant ID for azure_rm type.
Deprecated, please use inputs
|
|
tower_config_file
path
|
Path to the Tower or AWX config file.
If provided, the other locations for config files will not be considered.
|
|
tower_host
string
|
URL to your Tower or AWX instance.
If value not set, will try environment variable
TOWER_HOST and then config files
If value not specified by any means, the value of
127.0.0.1 will be used
|
|
tower_oauthtoken
raw
added in 3.7 of awx.awx
|
The Tower OAuth token to use.
This value can be in one of two formats.
A string which is the token itself. (i.e. bqV5txm97wqJqtkxlMkhQz0pKhRMMX)
A dictionary structure as returned by the tower_token module.
If value not set, will try environment variable
TOWER_OAUTH_TOKEN and then config files
|
|
tower_password
string
|
Password for your Tower or AWX instance.
If value not set, will try environment variable
TOWER_PASSWORD and then config files
|
|
tower_username
string
|
Username for your Tower or AWX instance.
If value not set, will try environment variable
TOWER_USERNAME and then config files
|
|
user
string
|
User that should own this credential.
|
|
username
string
|
Username for this credential. ``access_key`` for AWS.
Deprecated, please use inputs
|
|
validate_certs
boolean
|
|
Whether to allow insecure connections to Tower or AWX.
If
no , SSL certificates will not be validated.
This should only be used on personally controlled sites using self-signed certificates.
If value not set, will try environment variable
TOWER_VERIFY_SSL and then config files
aliases: tower_verify_ssl |
vault_id
string
|
Vault identifier.
This parameter is only valid if
kind is specified as
vault .
Deprecated, please use inputs
|
|
vault_password
string
|
Vault password.
Use "ASK" and launch in Tower to be prompted.
Deprecated, please use inputs
|
Notes
Note
- Values
inputs
and the other deprecated fields (such astenant
) are replacements of existing values. See the last 4 examples for details. - If no config_file is provided we will attempt to use the tower-cli library defaults to find your Tower host information.
- config_file should contain Tower configuration in the following format host=hostname username=username password=password
Examples
- name: Add tower machine credential tower_credential: name: Team Name description: Team Description organization: test-org credential_type: Machine state: present tower_config_file: "~/tower_cli.cfg" - name: Create a valid SCM credential from a private_key file tower_credential: name: SCM Credential organization: Default state: present credential_type: Source Control inputs: username: joe password: secret ssh_key_data: "{{ lookup('file', '/tmp/id_rsa') }}" ssh_key_unlock: "passphrase" - name: Fetch private key slurp: src: '$HOME/.ssh/aws-private.pem' register: aws_ssh_key - name: Add Credential Into Tower tower_credential: name: Workshop Credential credential_type: Machine organization: Default inputs: ssh_key_data: "{{ aws_ssh_key['content'] | b64decode }}" run_once: true delegate_to: localhost - name: Add Credential with Custom Credential Type tower_credential: name: Workshop Credential credential_type: MyCloudCredential organization: Default tower_username: admin tower_password: ansible tower_host: https://localhost - name: Create a Vaiult credential (example for notes) tower_credential: name: Example password credential_type: Vault organization: Default inputs: vault_password: 'hello' vault_id: 'My ID' - name: Bad password update (will replace vault_id) tower_credential: name: Example password credential_type: Vault organization: Default inputs: vault_password: 'new_password' - name: Another bad password update (will replace vault_id) tower_credential: name: Example password credential_type: Vault organization: Default vault_password: 'new_password' - name: A safe way to update a password and keep vault_id tower_credential: name: Example password credential_type: Vault organization: Default inputs: vault_password: 'new_password' vault_id: 'My ID'
Authors
- Wayne Witzel III (@wwitzel3)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/awx/awx/tower_credential_module.html