community.hashi_vault.vault_login_token filter – Extracts the Vault token from a login or token creation

Note

This filter plugin is part of the community.hashi_vault collection (version 4.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.hashi\_vault.

To use it in a playbook, specify: community.hashi_vault.vault_login_token.

New in community.hashi_vault 2.2.0

Synopsis

  • Extracts the token value from the structure returned by a Vault token creation operation.

Input

This describes the input of the filter, the value before | community.hashi_vault.vault_login_token.

Parameter

Comments

Input

dictionary / required

A dictionary matching the structure returned by a login or token creation.

Keyword parameters

This describes keyword parameters of the filter. These are the values key1=value1, key2=value2 and so on in the following example: input | community.hashi_vault.vault_login_token(key1=value1, key2=value2, ...).

Parameter

Comments

optional_field

string

If this field exists in the input dictionary, then the value of that field is used as the _input value.

The default value deals with the difference between the output of lookup plugins, and does not need to be changed in most cases.

See the examples or the Filter guide for more information.

Default: "login"

Notes

Note

  • This filter is the same as reading into the _input dictionary directly, but it provides semantic meaning and automatically works with the differing output of the modules and lookups. See the Filter guide for more information.

See Also

See also

community.hashi_vault.vault_login

The official documentation on the community.hashi_vault.vault_login module.

community.hashi_vault.vault_token_create

The official documentation on the community.hashi_vault.vault_token_create module.

community.hashi_vault.vault_login lookup plugin

The official documentation on the community.hashi_vault.vault_login lookup plugin.

community.hashi_vault.vault_token_create lookup plugin

The official documentation on the community.hashi_vault.vault_token_create lookup plugin.

Filter Guide

The community.hashi_vault Filter Guide

Examples

- name: Set defaults
  vars:
    ansible_hashi_vault_url: https://vault:9801/
    ansible_hashi_vault_auth_method: userpass
    ansible_hashi_vault_username: user
    ansible_hashi_vault_password: "{{ lookup('env', 'MY_SECRET_PASSWORD') }}"
  module_defaults:
    community.hashi_vault.vault_login:
      url: '{{ ansible_hashi_vault_url }}'
      auth_method: '{{ ansible_hashi_vault_auth_method }}'
      username: '{{ ansible_hashi_vault_username }}'
      password: '{{ ansible_hashi_vault_password }}'
  block:
    - name: Perform a login with a lookup and display the token
      vars:
        login_response: "{{ lookup('community.hashi_vault.vault_login') }}"
      debug:
        msg: "The token is {{ login_response | community.hashi_vault.vault_login_token }}"

    - name: Perform a login with a module
      community.hashi_vault.vault_login:
      register: login_response

    - name: Display the token
      debug:
        msg: "The token is {{ login_response | community.hashi_vault.vault_login_token }}"

- name: Use of optional_field
  vars:
    lookup_login_response: "{{ lookup('community.hashi_vault.vault_login') }}"
    my_data:
      something: somedata
      vault_login: "{{ lookup_login_response }}"

    token_from_param: "{{ my_data | community.hashi_vault.vault_login_token(optional_field='vault_login') }}"
    token_from_deref: "{{ my_data['vault_login'] | community.hashi_vault.vault_login_token }}"
    # if the optional field doesn't exist, the dictionary itself is still checked
    unused_optional: "{{ my_data['vault_login'] | community.hashi_vault.vault_login_token(optional_field='missing') }}"
  block:
    - name: Display the variables
      ansible.builtin.debug:
        var: '{{ item }}'
      loop:
        - my_data
        - token_from_param
        - token_from_deref
        - unused_optional

Return Value

Key

Description

Return value

string

The token value.

Returned: always

Sample: "s.nnrpog4i5gjizr6b8g1inwj3"

Authors

  • Brian Scholer (@briantist)

Hint

Configuration entries for each entry type have a low to high priority order. For example, a variable that is lower in the list will override a variable that is higher up.