controller_credential_types.yml

In these files we configure the credential types for automation controller.
we will probably do this on the global configuration (ALL).

variables

The api understands the following structure:

{
    "name": "",
    "description": "",
    "kind": null,
    "inputs": {},
    "injectors": {}
}

Below you can see examples of how this is used.

group_vars/all/controller_credential_types.yml

Here we see an example of the configuration for a credential type to pull items from automation hub.

---
controller_credential_types_all:

  - name: automation_hub
    description: automation hub
    kind: cloud
    inputs:
      fields:
        - id: verify_ssl
          type: boolean
          label: Verify SSL
        - id: hostname
          type: string
          label: Hostname
        - id: username
          type: string
          label: Username
        - id: password
          type: string
          label: Password
          secret: true
        - id: token
          type: string
          label: Token
          secret: true
      required:
        - hostname
    injectors:
      env:
        AH_PASSWORD: !unsafe "{{ password }}"
        AH_USERNAME: !unsafe "{{ username }}"
        AH_HOST: !unsafe "{{ hostname }}"
        AH_API_TOKEN: !unsafe "{{ token }}"
        AH_VERIFY_SSL: !unsafe "{{ verify_ssl }}"
      extra_vars:
        ah_password: !unsafe "{{ password }}"
        ah_username: !unsafe "{{ username }}"
        ah_host: !unsafe "{{ hostname }}"
        ah_token: !unsafe "{{ token }}"
        ah_validate_certs: !unsafe "{{ verify_ssl }}"
...

But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.

group_vars/dev/controller_credential_types.yml

As we do not configure extra credential_types in development, this file is an empty set.

---
controller_credential_types_dev: []
  # No extra config exists
...

Here the variable has the "_dev" extension, so the variable will not be overridden.

group_vars/prod/controller_credential_types.yml

As we do not configure extra credential_types in prod, this file is an empty set.

---
controller_credential_types_prod: []
  # No extra config exists
...

Here the variable has the "_prod" extension, so the variable will not be overridden.

When we run a pipeline for a certain environment, the inventory structure will provide us with 2 variables: - controller_credential_types_all
- controller_credential_types_

We will merge these 2 variables into 1: controller_credential_types and feed this to the infra.aap_configuration.controller_credential_types role.
In main.yml the merge of the variables is done by this piece of code:

    - name: Set the controller vars
      ansible.builtin.set_fact:
        controller_credential_types: >
          {{ controller_credential_types_all |
          community.general.lists_mergeby(vars['controller_credential_types_' + branch_name],
          'name', recursive=true, list_merge='append') }}

This results in the controller_credential_types variable the collection needs.

Back