From f3504a3d50667e8856b2fd2ba9d62709d3421106 Mon Sep 17 00:00:00 2001 From: Maksim Bolshakov Date: Mon, 18 Jul 2022 16:59:23 +0300 Subject: [PATCH 1/8] Add new file --- examples/vins_connect.yaml | 42 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 examples/vins_connect.yaml diff --git a/examples/vins_connect.yaml b/examples/vins_connect.yaml new file mode 100644 index 0000000..72fd9b5 --- /dev/null +++ b/examples/vins_connect.yaml @@ -0,0 +1,42 @@ +--- +# +# DECORT vins module example +# + +- hosts: localhost + tasks: + - name: obtain JWT + decort_jwt: + oauth2_url: "https://sso.digitalenergy.online" + validity: 1200 + register: my_jwt + delegate_to: localhost + + - name: print out JWT + debug: + var: my_jwt.jwt + delegate_to: localhost + + - name: Manage ViNS at resource group level + decort_vins: + authenticator: jwt + jwt: "{{ my_jwt.jwt }}" + controller_url: "https://cloud.digitalenergy.online" + vins_name: "vins_connected_by_decort_vins_module" + state: present + rg_id: 98 + connect_to: + - type: VINS + id: 864 + ipaddr: 192.168.5.66 + netmask: 24 + - type: VINS + id: 196 + ipaddr: 192.168.9.133 + netmask: 24 + register: managed_vins + + - name: print VINS facter + debug: + msg: "{{managed_vins.facts.password}}" + when: managed_vins.facts.password is defined From ebfb4655312ff3d0aa98a4404cea0651173d4153 Mon Sep 17 00:00:00 2001 From: Maksim Bolshakov Date: Tue, 2 Aug 2022 15:00:02 +0300 Subject: [PATCH 2/8] Add new file --- examples/hashivault_create_engine.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 examples/hashivault_create_engine.yaml diff --git a/examples/hashivault_create_engine.yaml b/examples/hashivault_create_engine.yaml new file mode 100644 index 0000000..8fa4580 --- /dev/null +++ b/examples/hashivault_create_engine.yaml @@ -0,0 +1,14 @@ +--- +# +# This playbook create engine "test". +# +- hosts: localhost + tasks: + - hashivault_secret_engine: + url: "https://vault.domain.local" + authtype: ldap + username: "user" + password: "p@ssword" + state: present + name: test + backend: generic From 8d51555db1c399a0cbd6251e40661d13e561d3e7 Mon Sep 17 00:00:00 2001 From: Maksim Bolshakov Date: Tue, 2 Aug 2022 15:00:52 +0300 Subject: [PATCH 3/8] Add new file --- examples/hashivault_create_secret.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 examples/hashivault_create_secret.yaml diff --git a/examples/hashivault_create_secret.yaml b/examples/hashivault_create_secret.yaml new file mode 100644 index 0000000..84235ad --- /dev/null +++ b/examples/hashivault_create_secret.yaml @@ -0,0 +1,17 @@ +--- +# +# This playbook create secret "secret" with data foo:foe. If secret "secret" exists - add data foo:foe. +# +- hosts: localhost + tasks: + - hashivault_secret: + url: "https://vault.domain.local" + authtype: ldap + username: "user" + password: "p@ssword" + mount_point: "kv" + state: present + permanent: true + secret: secret + data: + foo: foe From 4c7922cb55e424ff198bb020e5d19abf5c2cac6e Mon Sep 17 00:00:00 2001 From: Maksim Bolshakov Date: Tue, 2 Aug 2022 15:01:45 +0300 Subject: [PATCH 4/8] Add new file --- examples/hashivault_example.yaml | 35 ++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 examples/hashivault_example.yaml diff --git a/examples/hashivault_example.yaml b/examples/hashivault_example.yaml new file mode 100644 index 0000000..7caba86 --- /dev/null +++ b/examples/hashivault_example.yaml @@ -0,0 +1,35 @@ +--- + +- hosts: localhost + tasks: + - hashivault_read: + url: "https://vault.domain.local" + authtype: ldap + username: "user" + password: "p@ssword" + mount_point: kv + secret: secrets/myaccount + key: app_secret + version: 2 + register: key + + - name: create a VM using app_secret from hashicorp vault + decort_kvmvm: + annotation: "VM managed by decort_kvmvm module" + authenticator: oauth2 + app_id: "" # Application id from SSO Digital Energy + app_secret: "{{ key }}" # API key from SSO Digital Energy + controller_url: "https://cloud.digitalenergy.online" + name: hashivault_read_example + cpu: 2 + ram: 2048 + boot_disk: 10 + image_name: "DECS Ubuntu 18.04 v1.2.3" #Name of OS image + networks: + - type: VINS + id: 99 #VINS id + tags: "Ansible hashivault_read example" + state: present + rg_id: 99 #Resource group id + delegate_to: localhost + register: simple_vm \ No newline at end of file From 6148e67dd121976bb2bc4b52f3f1d123a6b74388 Mon Sep 17 00:00:00 2001 From: Maksim Bolshakov Date: Tue, 2 Aug 2022 15:02:18 +0300 Subject: [PATCH 5/8] Add new file --- examples/hashivault_read_secret.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 examples/hashivault_read_secret.yaml diff --git a/examples/hashivault_read_secret.yaml b/examples/hashivault_read_secret.yaml new file mode 100644 index 0000000..8c614f0 --- /dev/null +++ b/examples/hashivault_read_secret.yaml @@ -0,0 +1,13 @@ +--- +- hosts: localhost + tasks: + - hashivault_read: + url: "https://vault.domain.local" + authtype: ldap + username: "uset" + password: "p@ssword" + mount_point: kv + secret: secret + key: foo + version: 2 + register: key From 31d677447525591a86d5e348eab54dc620bb719a Mon Sep 17 00:00:00 2001 From: Maksim Bolshakov Date: Tue, 23 Aug 2022 10:06:23 +0300 Subject: [PATCH 6/8] Add new example --- examples/hashivault_plugin_example.yaml | 31 +++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 examples/hashivault_plugin_example.yaml diff --git a/examples/hashivault_plugin_example.yaml b/examples/hashivault_plugin_example.yaml new file mode 100644 index 0000000..b2e5df6 --- /dev/null +++ b/examples/hashivault_plugin_example.yaml @@ -0,0 +1,31 @@ +- hosts: localhost + tasks: + - name: Read a kv2 secret with kv mount point + vars: + ansible_hashi_vault_auth_method: ldap + ansible_hashi_vault_username: username + ansible_hashi_vault_password: pwd + ansible_hashi_vault_engine_mount_point: kv + ansible.builtin.set_fact: + response: "{{ lookup('community.hashi_vault.vault_kv2_get', 'secret', url='https://vault.domain.local') }}" + + - name: create a VM using app_secret from hashicorp vault + decort_kvmvm: + annotation: "VM managed by decort_kvmvm module" + authenticator: oauth2 + app_id: "" # Application id from SSO Digital Energy + app_secret: "{{ response.data.password }}" # API key from SSO Digital Energy + controller_url: "https://cloud.digitalenergy.online" + name: hashivault_read_example + cpu: 2 + ram: 2048 + boot_disk: 10 + image_name: "DECS Ubuntu 18.04 v1.2.3" #Name of OS image + networks: + - type: VINS + id: 99 #VINS id + tags: "Ansible hashivault_read example" + state: present + rg_id: 99 #Resource group id + delegate_to: localhost + register: simple_vm From ebdf9aa012359da7227784122f213ac84d9837b4 Mon Sep 17 00:00:00 2001 From: Maksim Bolshakov Date: Tue, 23 Aug 2022 10:07:18 +0300 Subject: [PATCH 7/8] Add new file --- examples/hashivault_plugin_login.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 examples/hashivault_plugin_login.yaml diff --git a/examples/hashivault_plugin_login.yaml b/examples/hashivault_plugin_login.yaml new file mode 100644 index 0000000..68ed502 --- /dev/null +++ b/examples/hashivault_plugin_login.yaml @@ -0,0 +1,16 @@ +- hosts: localhost + tasks: + - name: Get auth token from vault + set_fact: + login_data: "{{ lookup('community.hashi_vault.vault_login', url='https://vault.domain.local', auth_method='ldap', username='username', password='pwd') }}" + + - name: Perform multiple kv2 reads with a single Vault login, showing the secrets + vars: + ansible_hashi_vault_auth_method: token + ansible_hashi_vault_token: '{{ login_data | community.hashi_vault.vault_login_token }}' + ansible_hashi_vault_engine_mount_point: kv + paths: + - secret + - secret2 + ansible.builtin.debug: + msg: "{{ lookup('community.hashi_vault.vault_kv2_get', *paths, auth_method='token', url='https://vault.domain.local') }}" From e2c9f591b8e67bbd3fa774c4cb42ae839c331917 Mon Sep 17 00:00:00 2001 From: Maksim Bolshakov Date: Tue, 23 Aug 2022 10:07:44 +0300 Subject: [PATCH 8/8] Add new file --- examples/hashivault_plugin_read_secret.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 examples/hashivault_plugin_read_secret.yaml diff --git a/examples/hashivault_plugin_read_secret.yaml b/examples/hashivault_plugin_read_secret.yaml new file mode 100644 index 0000000..05832ab --- /dev/null +++ b/examples/hashivault_plugin_read_secret.yaml @@ -0,0 +1,18 @@ +- hosts: localhost + tasks: + - name: Read a kv2 secret with the default mount point + vars: + ansible_hashi_vault_auth_method: ldap + ansible_hashi_vault_username: username + ansible_hashi_vault_password: pwd + ansible_hashi_vault_engine_mount_point: kv + ansible.builtin.set_fact: + response: "{{ lookup('community.hashi_vault.vault_kv2_get', 'secret', url='https://vault.domain.local') }}" + + - name: Display the results + ansible.builtin.debug: + msg: + - "Secret: {{ response.secret }}" + - "Data: {{ response.data }} (contains secret data & metadata in kv2)" + - "Metadata: {{ response.metadata }}" + - "Full response: {{ response.raw }}" \ No newline at end of file