community.okd.openshift_auth – Authenticate to OpenShift clusters which require an explicit login step¶
Note
This plugin is part of the community.okd collection (version 1.0.0).
To install it use: ansible-galaxy collection install community.okd
.
To use it in a playbook, specify: community.okd.openshift_auth
.
New in version 0.2.0: of community.okd
Synopsis¶
This module handles authenticating to OpenShift clusters requiring explicit authentication procedures, meaning ones where a client logs in (obtains an authentication token), performs API operations using said token and then logs out (revokes the token).
On the other hand a popular configuration for username+password authentication is one utilizing HTTP Basic Auth, which does not involve any additional login/logout steps (instead login credentials can be attached to each and every API call performed) and as such is handled directly by the
k8s
module (and other resource–specific modules) by utilizing thehost
,username
andpassword
parameters. Please consult your preferred module’s documentation for more details.
Requirements¶
The below requirements are needed on the host that executes this module.
python >= 2.7
urllib3
requests
requests-oauthlib
Parameters¶
Examples¶
- hosts: localhost
module_defaults:
group/k8s:
host: https://k8s.example.com/
ca_cert: ca.pem
tasks:
- block:
# It's good practice to store login credentials in a secure vault and not
# directly in playbooks.
- include_vars: openshift_passwords.yml
- name: Log in (obtain access token)
community.okd.openshift_auth:
username: admin
password: "{{ openshift_admin_password }}"
register: openshift_auth_results
# Previous task provides the token/api_key, while all other parameters
# are taken from module_defaults
- name: Get a list of all pods from any namespace
community.kubernetes.k8s_info:
api_key: "{{ openshift_auth_results.openshift_auth.api_key }}"
kind: Pod
register: pod_list
always:
- name: If login succeeded, try to log out (revoke access token)
when: openshift_auth_results.openshift_auth.api_key is defined
community.okd.openshift_auth:
state: absent
api_key: "{{ openshift_auth_results.openshift_auth.api_key }}"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Authors¶
KubeVirt Team (@kubevirt)
Fabian von Feilitzsch (@fabianvf)