From 6c6e7dcb7b7ba702bd56c59c8004701839d9b5ea Mon Sep 17 00:00:00 2001 From: hygienic-books <hygienic-books@tentic.net> Date: Mon, 25 Jul 2022 00:58:53 +0200 Subject: [PATCH] docs(role): Give example how to define defaults to make this role easier to use --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index 533baec..76a7aaa 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,20 @@ In a real-world use case you'll likely first query HashiCorp Vault for key-value The `vault_kv2_get` lookup plug-in (see [vault_kv2_get lookup documentation](https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/vault_kv2_get_lookup.html)) iterates over variables you want loaded from Vault. For each iteration it stores the iteration's output in `loop_var: 'server'`. From that output we only really care about the `server.secret` dictionary. We append that to a `vault_data` dictionary which is first initialized as an empty dictionary and then expanded per iteration. When done `vault_data` contains key-values pair for all Vault variables. +## Defining defaults + +Whereever you import this role you're most likely going to want to define the following variables in your role's `defaults/main.yml` file or at a similar location. Here `<role>` is a string you'll replace with the name of the role that imports `role_include_vault-check`. + +``` +<role>_vault_vars: ['password', 'password_salt'] +<role>_vault_base: '{{ fqdn_reverse }}/os/{{ reset_password_for_account }}' +<role>_vault_paths: '{{ [<role>_vault_base + ''/''] | product(<role>_vault_vars) | map(''join'') | list }}' +``` + +Check out [Git repo quico.space/quico-ansible/role_common_local-os-password](https://quico.space/quico-ansible/role_common_local-os-password) for a reference of how to define `defaults/main.yml` and then to import this role. + +## Vault check + The next step can be this `role_include_vault-check` to hard-fail in case a key turned out to have an empty value. ```