0

In my Ansible Tower, I have a custom credential by the name of Token wherein we store atoken so that using this credential we do not have to log in and can use this credential in various jobs.

Below are the fields required -

Name:

Credential Type: (where we select this custom credential type)

API Token Value: (where the token is entered and is also denoted as an extra variable my_token)

Below is the yml file I am using to do the needful - 

—-

   Required info

   tasks:

      - name: Create credential

         uri:

             url: “https://ans........../api/v1/credentials/“

             method: “POST”

             kind: SecureCloud

             name: Token

             body:

                  extra_vars:

                      my_token: “{ key }”

             body_format: json

I am confused as to how to enter the field values Name and Credential Types in the above playbook. Do I also require any other field(s) while doing so? Also is the url in the uri module correct?

newtocoding
  • 77
  • 1
  • 11
  • Why are you using `uri` module and not `tower_credential`? – imjoseangel Nov 16 '18 at 05:55
  • @imjoseangel I am running this job from Tower only. The uri module is used to make use of the Ansible Tower API’s. – newtocoding Nov 16 '18 at 06:01
  • I know but you can run it also with already prepared modules like that one. I ensure you that it will be easier to maintain. I use the API only when a module doesn’t exist or tower-cli doesn’t support it. – imjoseangel Nov 16 '18 at 06:25
  • @imjoseangel Yes, I can. But this is a custom credential type we have created specifically for using Token. And I’m trying to create a credential for saving the token. This only reduces the manual effort of actually typing out the token value in this credential type each time. – newtocoding Nov 16 '18 at 06:35
  • @imjoseangel Yes, I know. But this is a custom credential type that has been created specifically for storing tokens. I am only trying to reduce the manual effort as I am now fetching the token automatically, storing it in a variable and now just need to enter its value in the API Token Value field. We use this custom credential type in a lot of our jobs. – newtocoding Nov 16 '18 at 06:42

1 Answers1

1

There are two ways of creating a custom credential (I prefer the second one):

First Option: Your Approach - URI Module

- name: Create Custom Credential
  uri:
    url: "https://endpoint/api/v2/credentials/"
    method: POST
    user: admin
    password: password
    headers:
      Content-Type: "application/json"
    body: '{"name":"myfirsttoken","description":"","organization":34,"credential_type":34,"inputs":{"token":"MyToken"}}'
    force_basic_auth: true
    validate_certs: false
    status_code: 200, 201
  no_log: false

But, be careful because this is not idempotent and you should do a GET Credentials First with the method: GET, register your results and find your credential in your register.json.results variable.

Second Option: My Preferred Approach - tower-cli

You can do exactly the same, easier and idempotent with:

- name: Add Custom Credential
  command: tower-cli credential create --name="{{ item }}" --credential-type "{{ credential_type }}" --inputs "{'token':'123456'}" -h endpoint -u admin -p password --organization Default
  no_log: true
  with_items:
    - MyCustomToken

You will get something like:

== ============= =============== 
id name          credential_type 
== ============= =============== 
46 MyCustomToken              34
== ============= ===============

The cool stuff is that you can fully automate your tokens and even autogenerate them with:

token: "{{ lookup('password', '/dev/null length=20 chars=ascii_letters,digits') }}"

And then:

---
- name: Create Custom Credential Token
  hosts: localhost
  connection: local
  gather_facts: false

  vars:

    token: "{{ lookup('password', '/dev/null length=20 chars=ascii_letters,digits') }}"
    credential_type: MyCustom

  tasks:

    - name: Create Credential Type
      tower_credential_type:
        name: "{{ credential_type }}"
        description: Custom Credentials type
        kind: cloud
        inputs: {"fields":[{"secret":true,"type":"string","id":"token","label":"token"}],"required":["token"]}
        state: present
        tower_verify_ssl: false
        tower_host: endpoint
        tower_username: admin
        tower_password: password

    - name: Add Custom Credential
      command: tower-cli credential create --name="{{ item }}" --credential-type "{{ credential_type }}" --inputs "{'token':'{{ token }}'}" -h endpoint -u admin -p password --organization Default
      no_log: true
      with_items:
        - MyCustomToken
imjoseangel
  • 3,543
  • 3
  • 22
  • 30