sgratias/semaphore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Add vacku + vault]

Browse Source
This commit is contained in:
sgratias
2025-06-03 23:09:19 +02:00
parent 0fcc70f430
commit 146d4fbd77
4 changed files with 115 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
test-vault.yml
View File

@@ -1,8 +1,8 @@
---
- name: Swarm
hosts: testswarm
become: true
- name: Vault
hosts: localhost
# become: true
gather_facts: false
@@ -28,16 +28,78 @@
# vault token create -explicit-max-ttl=8760h -policy=test -ttl=720h -renewable=true -display-name=test
# - ansible.builtin.debug:
# msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=/apps/my-app:test token=hvs.CAESIB4eVBWqRNDgcGXJpmvBe9nCpvCJ9-kM-OXq2p1WGlfBGh4KHGh2cy4xdFBYNnNMUEROOVlxOWFad3hERHI5Ulc url=http://myvault:8200') }}"
# msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=/apps/my-app:test token= url=http://myvault:8200') }}"
- name: Return all secrets from a path
delegate_to: localhost
# - name: Return all secrets from a path
# delegate_to: localhost
# vars:
# # ansible_hashi_vault_url: 'https://myvault:8282'
# # ansible_hashi_vault_auth_method: ldap
# ansible.builtin.debug:
# msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=/kv/data/test token= url=https://pwd.jingoh.fr') }}"
# - name: Vault that requires authentication via LDAP
# vars:
# ansible_hashi_vault_url: 'https://myvault:8282'
# ansible_hashi_vault_auth_method: ldap
# ansible_hashi_vault_mount_point: ldap
# ansible_hashi_vault_username: lbouvier@jingoh.fr
# ansible_hashi_vault_password: ptoto
# ansible.builtin.debug:
# msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=/kv/data/test url=https://pwd.jingoh.fr auth_method=ldap mount_point=ldap username=lbouvier@jingoh.fr password=ptoto') }}"
# ! local mac os : export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
# - name: Vault that requires authentication via LDAP
# vars:
# ansible_hashi_vault_url: 'https://pwd.jingoh.fr'
# ansible_hashi_vault_auth_method: ldap
# ansible_hashi_vault_mount_point: ldap
# ansible_hashi_vault_username: lbouvier@jingoh.fr
# ansible_hashi_vault_password: ptoto
# ansible.builtin.debug:
# msg: "{{ lookup('community.hashi_vault.vault_list', 'secret=/kv/test') }}"
- name: Login and use the resulting token
community.hashi_vault.vault_login:
url: https://pwd.jingoh.fr
auth_method: userpass
username: lbouvier@jingoh.fr
password: ptoto
register: login_data
- name: Vault that requires authentication via LDAP
ansible.builtin.debug:
msg: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=apps/data/postgres token=prout url=https://hash.jingoh.fr') }}"
msg: "{{ lookup('community.hashi_vault.hashi_vault', '/kv/data/test auth_method=ldap mount_point=ldap username=lbouvier@jingoh.fr password=ptoto url=https://pwd.jingoh.fr') }}"
- name: List kv2 secrets from Vault via the remote host with userpass auth
community.hashi_vault.vault_list:
url: 'https://pwd.jingoh.fr'
path: /kv/data/test
# For kv2, the path needs to follow the pattern 'mount_point/metadata' or 'mount_point/metadata/path' to list all secrets in that path
auth_method: ldap
username: lbouvier@jingoh.fr
password: ptoto
register: secret
- name: Display the secrets found at the path provided above
ansible.builtin.debug:
msg: "{{ secret.data.data['keys'] }}"
# Note that secret.data.data.keys won't work as 'keys' is a built-in method
- name: List access policies from Vault via the remote host
community.hashi_vault.vault_list:
url: 'https://pwd.jingoh.fr'
path: sys/policies/acl
register: policies
- name: Display the policy names
ansible.builtin.debug:
msg: "{{ policies.data.data['keys'] }}"
# Note that secret.data.data.keys won't work as 'keys' is a built-in method
# url=https://pwd.jingoh.fr auth_method=ldap mount_point=ldap username=lbouvier@jingoh.fr password=ptoto