awx.awx.credential – create, update, or destroy Automation Platform Controller credential.

Note

This plugin is part of the awx.awx collection (version 19.2.2).

To install it use: ansible-galaxy collection install awx.awx.

To use it in a playbook, specify: awx.awx.credential.

Synopsis

Parameters

Parameter Choices/Defaults Comments
authorize
boolean
    Choices:
  • no
  • yes
Should use authorize for net type.
Deprecated, please use inputs
authorize_password
string
Password for net credentials that require authorize.
Deprecated, please use inputs
become_method
string
Become method to use for privilege escalation.
Some examples are "None", "sudo", "su", "pbrun"
Due to become plugins, these can be arbitrary
Deprecated, please use inputs
become_password
string
Become password.
Use "ASK" and launch job to be prompted.
Deprecated, please use inputs
become_username
string
Become username.
Use "ASK" and launch job to be prompted.
Deprecated, please use inputs
client
string
Client or application ID for azure_rm type.
Deprecated, please use inputs
controller_config_file
path
Path to the controller config file.
If provided, the other locations for config files will not be considered.

aliases: tower_config_file
controller_host
string
URL to your Automation Platform Controller instance.
If value not set, will try environment variable CONTROLLER_HOST and then config files
If value not specified by any means, the value of 127.0.0.1 will be used

aliases: tower_host
controller_oauthtoken
raw
added in 3.7.0 of awx.awx
The OAuth token to use.
This value can be in one of two formats.
A string which is the token itself. (i.e. bqV5txm97wqJqtkxlMkhQz0pKhRMMX)
A dictionary structure as returned by the token module.
If value not set, will try environment variable CONTROLLER_OAUTH_TOKEN and then config files

aliases: tower_oauthtoken
controller_password
string
Password for your controller instance.
If value not set, will try environment variable CONTROLLER_PASSWORD and then config files

aliases: tower_password
controller_username
string
Username for your controller instance.
If value not set, will try environment variable CONTROLLER_USERNAME and then config files

aliases: tower_username
copy_from
string
Name or id to copy the credential from.
This will copy an existing credential and change any parameters supplied.
The new credential name will be the one provided in the name parameter.
The organization parameter is not used in this, to facilitate copy from one organization to another.
Provide the id or use the lookup plugin to provide the id if multiple credentials share the same name.
credential_type
string
Name of credential type.
Will be preferred over kind
description
string
The description to use for the credential.
domain
string
Domain for openstack type.
Deprecated, please use inputs
host
string
Host for this credential.
Deprecated, will be removed in a future release
inputs
dictionary
Credential inputs where the keys are var names used in templating. Refer to the Automation Platform Controller documentation for example syntax.
Any fields in this dict will take prescedence over any fields mentioned below (i.e. host, username, etc)
kind
string
    Choices:
  • aws
  • controller
  • gce
  • azure_rm
  • openstack
  • satellite6
  • rhv
  • vmware
  • aim
  • conjur
  • hashivault_kv
  • hashivault_ssh
  • azure_kv
  • insights
  • kubernetes_bearer_token
  • net
  • scm
  • ssh
  • github_token
  • gitlab_token
  • vault
Type of credential being added.
The ssh choice refers to a Tower Machine credential.
Deprecated, please use credential_type
name
string / required
The name to use for the credential.
new_name
string
Setting this option will change the existing name (looked up via the name field.
organization
string
Organization that should own the credential.
password
string
Password for this credential. ``secret_key`` for AWS. ``api_key`` for RAX.
Use "ASK" and launch job to be prompted.
Deprecated, please use inputs
project
string
Project that should use this credential for GCP.
Deprecated, will be removed in a future release
secret
string
Secret token for azure_rm type.
Deprecated, please use inputs
security_token
string
STS token for aws type.
Deprecated, please use inputs
ssh_key_data
string
SSH private key content. To extract the content from a file path, use the lookup function (see examples).
Deprecated, please use inputs
ssh_key_unlock
string
Unlock password for ssh_key.
Use "ASK" and launch job to be prompted.
Deprecated, please use inputs
state
string
    Choices:
  • present ←
  • absent
Desired state of the resource.
subscription
string
Subscription ID for azure_rm type.
Deprecated, please use inputs
team
string
Team that should own this credential.
tenant
string
Tenant ID for azure_rm type.
Deprecated, please use inputs
update_secrets
boolean
    Choices:
  • no
  • yes ←
true will always update encrypted values.
false will only updated encrypted values if a change is absolutely known to be needed.
user
string
User that should own this credential.
username
string
Username for this credential. ``access_key`` for AWS.
Deprecated, please use inputs
validate_certs
boolean
    Choices:
  • no
  • yes
Whether to allow insecure connections to AWX.
If no, SSL certificates will not be validated.
This should only be used on personally controlled sites using self-signed certificates.
If value not set, will try environment variable CONTROLLER_VERIFY_SSL and then config files

aliases: tower_verify_ssl
vault_id
string
Vault identifier.
This parameter is only valid if kind is specified as vault.
Deprecated, please use inputs
vault_password
string
Vault password.
Use "ASK" and launch job to be prompted.
Deprecated, please use inputs

Notes

Note

  • Values inputs and the other deprecated fields (such as tenant) are replacements of existing values. See the last 4 examples for details.

  • If no config_file is provided we will attempt to use the tower-cli library defaults to find your host information.

  • config_file should be in the following format host=hostname username=username password=password

Examples

- name: Add machine credential
  credential:
    name: Team Name
    description: Team Description
    organization: test-org
    credential_type: Machine
    state: present
    controller_config_file: "~/tower_cli.cfg"

- name: Create a valid SCM credential from a private_key file
  credential:
    name: SCM Credential
    organization: Default
    state: present
    credential_type: Source Control
    inputs:
      username: joe
      password: secret
      ssh_key_data: "{{ lookup('file', '/tmp/id_rsa') }}"
      ssh_key_unlock: "passphrase"

- name: Fetch private key
  slurp:
    src: '$HOME/.ssh/aws-private.pem'
  register: aws_ssh_key

- name: Add Credential
  credential:
    name: Workshop Credential
    credential_type: Machine
    organization: Default
    inputs:
      ssh_key_data: "{{ aws_ssh_key['content'] | b64decode }}"
  run_once: true
  delegate_to: localhost

- name: Add Credential with Custom Credential Type
  credential:
    name: Workshop Credential
    credential_type: MyCloudCredential
    organization: Default
    controller_username: admin
    controller_password: ansible
    controller_host: https://localhost

- name: Create a Vaiult credential (example for notes)
  credential:
    name: Example password
    credential_type: Vault
    organization: Default
    inputs:
      vault_password: 'hello'
      vault_id: 'My ID'

- name: Bad password update (will replace vault_id)
  credential:
    name: Example password
    credential_type: Vault
    organization: Default
    inputs:
      vault_password: 'new_password'

- name: Another bad password update (will replace vault_id)
  credential:
    name: Example password
    credential_type: Vault
    organization: Default
    vault_password: 'new_password'

- name: A safe way to update a password and keep vault_id
  credential:
    name: Example password
    credential_type: Vault
    organization: Default
    inputs:
      vault_password: 'new_password'
      vault_id: 'My ID'

- name: Copy Credential
  credential:
    name: Copy password
    copy_from: Example password
    credential_type: Vault
    organization: Foo

Authors

  • Wayne Witzel III (@wwitzel3)