quico-ansible/role_include_vault-check
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs(role): Consistently single-quote variables

Browse Source
This commit is contained in:
hygienic-books 2022-07-23 22:44:05 +02:00
parent 26cee49e98
commit dbe3c66a13
2 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -19,11 +19,11 @@ role
In `requirements.yml` add: In `requirements.yml` add:
``` ```
- src: "https://quico.space/quico-ansible/role_include_vault-check.git" - src: 'https://quico.space/quico-ansible/role_include_vault-check.git'
version: "master" version: 'master'
``` ```
Now whenver you import `role` for example via `ansible-galaxy install ...` you'll automatically get this one downloaded as well. You can optionally leave out `version: "master"` since this is the default version anyways, meaning the `role_include_vault-check` newest master commit. The `version:` attribute helps you pin a version, for example as `version: "v1.0.0"` which will instead pull `role_include_vault-check` Git tag `v1.0.0`. Side note, this role follows the [Semantic Versioning](https://semver.org/) standard. A Git tag name `v1.0.0` refers to Semantic Version `1.0.0`. Now whenver you import `role` for example via `ansible-galaxy install ...` you'll automatically get this one downloaded as well. You can optionally leave out `version: 'master'` since this is the default version anyways, meaning the `role_include_vault-check` newest master commit. The `version:` attribute helps you pin a version, for example as `version: 'v1.0.0'` which will instead pull `role_include_vault-check` Git tag `v1.0.0`. Side note, this role follows the [Semantic Versioning](https://semver.org/) standard. A Git tag name `v1.0.0` refers to Semantic Version `1.0.0`.
# Use it # Use it
@ -32,12 +32,12 @@ Now whenver you import `role` for example via `ansible-galaxy install ...` you'l
From your `role` call this one like so: From your `role` call this one like so:
``` ```
- name: "If a secret is missing: Fail progress" - name: 'If a secret is missing: Fail progress'
import_role: import_role:
name: "role_include_vault-check" name: 'role_include_vault-check'
vars: vars:
- vault_check_base_path: "{{ vault_check_base_path }}" - vault_check_base_path: '{{ vault_check_base_path }}'
- vault_check_inc_vault_data: "{{ vault_check_vault_data }}" - vault_check_inc_vault_data: '{{ vault_check_vault_data }}'
- vault_check_fail_checks: - vault_check_fail_checks:
- 'password', - 'password',
- 'password_salt' - 'password_salt'
@ -77,7 +77,7 @@ In a real-world use case you'll likely first query HashiCorp Vault for key-value
vault_data: '{{ vault_data | default({}) | combine (server.secret) }}' vault_data: '{{ vault_data | default({}) | combine (server.secret) }}'
``` ```
The `vault_kv2_get` lookup plug-in (see [vault_kv2_get lookup documentation](https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/vault_kv2_get_lookup.html)) iterates over variables you want loaded from Vault. For each iteration it stores the iteration's output in `loop_var: "server"`. From that output we only really care about the `server.secret` dictionary. We append that to a `vault_data` dictionary which is first initialized as an empty dictionary and then expanded per iteration. When done `vault_data` contains key-values pair for all Vault variables. The `vault_kv2_get` lookup plug-in (see [vault_kv2_get lookup documentation](https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/vault_kv2_get_lookup.html)) iterates over variables you want loaded from Vault. For each iteration it stores the iteration's output in `loop_var: 'server'`. From that output we only really care about the `server.secret` dictionary. We append that to a `vault_data` dictionary which is first initialized as an empty dictionary and then expanded per iteration. When done `vault_data` contains key-values pair for all Vault variables.
The next step can be this `role_include_vault-check` to hard-fail in case a key turned out to have an empty value. The next step can be this `role_include_vault-check` to hard-fail in case a key turned out to have an empty value.

24
meta/main.yml
View File

@ -1,17 +1,17 @@
galaxy_info: galaxy_info:
author: "hygienic-books" author: 'hygienic-books'
description: "An include-only Ansible role to check if HashiCorp Vault variables truly exist" description: 'An include-only Ansible role to check if HashiCorp Vault variables truly exist'
issue_tracker_url: "https://quico.space/quico-ansible/role_include_vault-check/issues" issue_tracker_url: 'https://quico.space/quico-ansible/role_include_vault-check/issues'
license: "MIT" license: 'MIT'
min_ansible_version: "2.12.6" min_ansible_version: '2.12.6'
platforms: platforms:
- name: "EL" - name: 'EL'
versions: versions:
- "7" - '7'
- "8" - '8'
galaxy_tags: galaxy_tags:
- "hashivault" - 'hashivault'
- "hashi_vault" - 'hashi_vault'
- "hashi" - 'hashi'
- "hashicorp" - 'hashicorp'
dependencies: [] dependencies: []