diff --git a/README.md b/README.md index 1a569f0..c68ce43 100644 --- a/README.md +++ b/README.md @@ -19,11 +19,11 @@ role In `requirements.yml` add: ``` -- src: "https://quico.space/quico-ansible/role_include_vault-check.git" - version: "master" +- src: 'https://quico.space/quico-ansible/role_include_vault-check.git' + version: 'master' ``` -Now whenver you import `role` for example via `ansible-galaxy install ...` you'll automatically get this one downloaded as well. You can optionally leave out `version: "master"` since this is the default version anyways, meaning the `role_include_vault-check` newest master commit. The `version:` attribute helps you pin a version, for example as `version: "v1.0.0"` which will instead pull `role_include_vault-check` Git tag `v1.0.0`. Side note, this role follows the [Semantic Versioning](https://semver.org/) standard. A Git tag name `v1.0.0` refers to Semantic Version `1.0.0`. +Now whenver you import `role` for example via `ansible-galaxy install ...` you'll automatically get this one downloaded as well. You can optionally leave out `version: 'master'` since this is the default version anyways, meaning the `role_include_vault-check` newest master commit. The `version:` attribute helps you pin a version, for example as `version: 'v1.0.0'` which will instead pull `role_include_vault-check` Git tag `v1.0.0`. Side note, this role follows the [Semantic Versioning](https://semver.org/) standard. A Git tag name `v1.0.0` refers to Semantic Version `1.0.0`. # Use it @@ -32,12 +32,12 @@ Now whenver you import `role` for example via `ansible-galaxy install ...` you'l From your `role` call this one like so: ``` -- name: "If a secret is missing: Fail progress" +- name: 'If a secret is missing: Fail progress' import_role: - name: "role_include_vault-check" + name: 'role_include_vault-check' vars: - - vault_check_base_path: "{{ vault_check_base_path }}" - - vault_check_inc_vault_data: "{{ vault_check_vault_data }}" + - vault_check_base_path: '{{ vault_check_base_path }}' + - vault_check_inc_vault_data: '{{ vault_check_vault_data }}' - vault_check_fail_checks: - 'password', - 'password_salt' @@ -77,7 +77,7 @@ In a real-world use case you'll likely first query HashiCorp Vault for key-value vault_data: '{{ vault_data | default({}) | combine (server.secret) }}' ``` -The `vault_kv2_get` lookup plug-in (see [vault_kv2_get lookup documentation](https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/vault_kv2_get_lookup.html)) iterates over variables you want loaded from Vault. For each iteration it stores the iteration's output in `loop_var: "server"`. From that output we only really care about the `server.secret` dictionary. We append that to a `vault_data` dictionary which is first initialized as an empty dictionary and then expanded per iteration. When done `vault_data` contains key-values pair for all Vault variables. +The `vault_kv2_get` lookup plug-in (see [vault_kv2_get lookup documentation](https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/vault_kv2_get_lookup.html)) iterates over variables you want loaded from Vault. For each iteration it stores the iteration's output in `loop_var: 'server'`. From that output we only really care about the `server.secret` dictionary. We append that to a `vault_data` dictionary which is first initialized as an empty dictionary and then expanded per iteration. When done `vault_data` contains key-values pair for all Vault variables. The next step can be this `role_include_vault-check` to hard-fail in case a key turned out to have an empty value. diff --git a/meta/main.yml b/meta/main.yml index 0db03d6..f8dd5b5 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,17 +1,17 @@ galaxy_info: - author: "hygienic-books" - description: "An include-only Ansible role to check if HashiCorp Vault variables truly exist" - issue_tracker_url: "https://quico.space/quico-ansible/role_include_vault-check/issues" - license: "MIT" - min_ansible_version: "2.12.6" + author: 'hygienic-books' + description: 'An include-only Ansible role to check if HashiCorp Vault variables truly exist' + issue_tracker_url: 'https://quico.space/quico-ansible/role_include_vault-check/issues' + license: 'MIT' + min_ansible_version: '2.12.6' platforms: - - name: "EL" + - name: 'EL' versions: - - "7" - - "8" + - '7' + - '8' galaxy_tags: - - "hashivault" - - "hashi_vault" - - "hashi" - - "hashicorp" + - 'hashivault' + - 'hashi_vault' + - 'hashi' + - 'hashicorp' dependencies: []