eda_credential.yml

In these files we configure the credentials for eda controller.
we will probably do this on a per environment basis , as it is a security risk to use the same credentials on multiple environments.

As the infra.aap_configuration collection doesn't support external credentials correctly, we wil not yet discuss the configuration here.
When support is tested and verified, you will find it here.

variables

The api understands the following structure:

{
    "name": "",
    "description": "",
    "credential_type": "",
    "organization": "",
    "inputs": {}
}

Below you can see examples of how this is used.

group_vars/all/eda_credential.yml

Here we see an example of the configuration for a credential type to pull items from automation hub.

---
eda_credentials_all:

  - name: EDA_gitlab
    description: Gitlab credential
    credential_type: Source Control
    organization: ORG_EDA
    inputs:
      ssh_key_data: |
            -----BEGIN OPENSSH PRIVATE KEY-----
            -----END OPENSSH PRIVATE KEY-----
      username: AAP_user


...

But you can already see that the variable name used here has the "_all" extension, so the variable will not be overridden as this is not quite a inventory.
Why we do this, will become clear in a moment.

group_vars/dev/eda_credential.yml

As we do not configure extra credential in development, this file is an empty set.

---
eda_credentials_dev:


  - name: EDA_controller
    description: Dev controller credential
    credential_type: Red Hat Ansible Automation Platform
    organization: ORG_EDA
    inputs:
      username: <user>
      password: <passwd>
      request_timeout: '10'
      host: 'https://rhaap26.homelab/api/controller/'
      verify_ssl: false

  - name: EDA_de_image_pull_secret
    description: Image pull secret
    credential_type: Container Registry
    organization: ORG_EDA
    inputs:
      host: rhaap26.homelab
      username: <user>
      password: <passwd>
      verify_ssl: false

...

Here the variable has the "_dev" extension, so the variable will not be overridden.

group_vars/prod/eda_credential.yml

As we do not configure extra credential in prod, this file is an empty set.

---
eda_credentials_prod:

  - name: EDA_controller
    description: Prod controller credential
    credential_type: Red Hat Ansible Automation Platform
    organization: ORG_EDA
    inputs:
      username: <user>
      password: <passwd>
      request_timeout: '10'
      host: 'https://rhaap26-p.homelab/api/controller/'
      verify_ssl: false

  - name: EDA_de_image_pull_secret
    description: Image pull secret
    credential_type: Container Registry
    organization: ORG_EDA
    inputs:
      host: rhaap26-p.homelab
      username: <user>
      password: <paswd>
      verify_ssl: false

...

Here the variable has the "_prod" extension, so the variable will not be overridden.

When we run a pipeline for a certain environment, the inventory structure will provide us with 2 variables: - eda_credential_all
- eda_credential_

We will merge these 2 variables into 1: eda_credential and feed this to the infra.aap_configuration.eda_credential role.

Back