awx.awx.tower_credential – create, update, or destroy Ansible Tower credential.
awx.awx.tower_credential – create, update, or destroy Ansible Tower credential.
Note
This plugin is part of the awx.awx collection (version 17.0.1).
To install it use: ansible-galaxy collection install awx.awx
.
To use it in a playbook, specify: awx.awx.tower_credential
.
Synopsis
- Create, update, or destroy Ansible Tower credentials. See https://www.ansible.com/tower for an overview.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
authorize boolean |
|
Should use authorize for net type. Deprecated, please use inputs |
authorize_password string |
Password for net credentials that require authorize. Deprecated, please use inputs | |
become_method string |
Become method to use for privilege escalation. Some examples are "None", "sudo", "su", "pbrun" Due to become plugins, these can be arbitrary Deprecated, please use inputs | |
become_password string |
Become password. Use "ASK" and launch in Tower to be prompted. Deprecated, please use inputs | |
become_username string |
Become username. Use "ASK" and launch in Tower to be prompted. Deprecated, please use inputs | |
client string |
Client or application ID for azure_rm type. Deprecated, please use inputs | |
credential_type string |
Name of credential type. Will be preferred over kind | |
description string |
The description to use for the credential. | |
domain string |
Domain for openstack type. Deprecated, please use inputs | |
host string |
Host for this credential. Deprecated, will be removed in a future release | |
inputs dictionary |
Credential inputs where the keys are var names used in templating. Refer to the Ansible Tower documentation for example syntax. Any fields in this dict will take prescedence over any fields mentioned below (i.e. host, username, etc) | |
kind string |
|
Type of credential being added. The ssh choice refers to a Tower Machine credential. Deprecated, please use credential_type |
name string / required |
The name to use for the credential. | |
new_name string |
Setting this option will change the existing name (looked up via the name field. | |
organization string |
Organization that should own the credential. | |
password string |
Password for this credential. ``secret_key`` for AWS. ``api_key`` for RAX. Use "ASK" and launch in Tower to be prompted. Deprecated, please use inputs | |
project string |
Project that should use this credential for GCP. Deprecated, will be removed in a future release | |
secret string |
Secret token for azure_rm type. Deprecated, please use inputs | |
security_token string |
STS token for aws type. Deprecated, please use inputs | |
ssh_key_data string |
SSH private key content. To extract the content from a file path, use the lookup function (see examples). Deprecated, please use inputs | |
ssh_key_unlock string |
Unlock password for ssh_key. Use "ASK" and launch in Tower to be prompted. Deprecated, please use inputs | |
state string |
|
Desired state of the resource. |
subscription string |
Subscription ID for azure_rm type. Deprecated, please use inputs | |
team string |
Team that should own this credential. | |
tenant string |
Tenant ID for azure_rm type. Deprecated, please use inputs | |
tower_config_file path |
Path to the Tower or AWX config file. If provided, the other locations for config files will not be considered. | |
tower_host string |
URL to your Tower or AWX instance. If value not set, will try environment variable If value not specified by any means, the value of | |
tower_oauthtoken raw added in 3.7 of awx.awx |
The Tower OAuth token to use. This value can be in one of two formats. A string which is the token itself. (i.e. bqV5txm97wqJqtkxlMkhQz0pKhRMMX) A dictionary structure as returned by the tower_token module. If value not set, will try environment variable | |
tower_password string |
Password for your Tower or AWX instance. If value not set, will try environment variable | |
tower_username string |
Username for your Tower or AWX instance. If value not set, will try environment variable | |
update_secrets boolean |
|
|
user string |
User that should own this credential. | |
username string |
Username for this credential. ``access_key`` for AWS. Deprecated, please use inputs | |
validate_certs boolean |
|
Whether to allow insecure connections to Tower or AWX. If This should only be used on personally controlled sites using self-signed certificates. If value not set, will try environment variable
|
vault_id string |
Vault identifier. This parameter is only valid if Deprecated, please use inputs | |
vault_password string |
Vault password. Use "ASK" and launch in Tower to be prompted. Deprecated, please use inputs |
Notes
Note
- Values
inputs
and the other deprecated fields (such astenant
) are replacements of existing values. See the last 4 examples for details. - If no config_file is provided we will attempt to use the tower-cli library defaults to find your Tower host information.
- config_file should contain Tower configuration in the following format host=hostname username=username password=password
Examples
- name: Add tower machine credential
tower_credential:
name: Team Name
description: Team Description
organization: test-org
credential_type: Machine
state: present
tower_config_file: "~/tower_cli.cfg"
- name: Create a valid SCM credential from a private_key file
tower_credential:
name: SCM Credential
organization: Default
state: present
credential_type: Source Control
inputs:
username: joe
password: secret
ssh_key_data: "{{ lookup('file', '/tmp/id_rsa') }}"
ssh_key_unlock: "passphrase"
- name: Fetch private key
slurp:
src: '$HOME/.ssh/aws-private.pem'
register: aws_ssh_key
- name: Add Credential Into Tower
tower_credential:
name: Workshop Credential
credential_type: Machine
organization: Default
inputs:
ssh_key_data: "{{ aws_ssh_key['content'] | b64decode }}"
run_once: true
delegate_to: localhost
- name: Add Credential with Custom Credential Type
tower_credential:
name: Workshop Credential
credential_type: MyCloudCredential
organization: Default
tower_username: admin
tower_password: ansible
tower_host: https://localhost
- name: Create a Vaiult credential (example for notes)
tower_credential:
name: Example password
credential_type: Vault
organization: Default
inputs:
vault_password: 'hello'
vault_id: 'My ID'
- name: Bad password update (will replace vault_id)
tower_credential:
name: Example password
credential_type: Vault
organization: Default
inputs:
vault_password: 'new_password'
- name: Another bad password update (will replace vault_id)
tower_credential:
name: Example password
credential_type: Vault
organization: Default
vault_password: 'new_password'
- name: A safe way to update a password and keep vault_id
tower_credential:
name: Example password
credential_type: Vault
organization: Default
inputs:
vault_password: 'new_password'
vault_id: 'My ID'
Authors
- Wayne Witzel III (@wwitzel3)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/awx/awx/tower_credential_module.html