I am having a heck of a time getting a custom credential to ‘inject’ a variable into a playbook. Let’s take an example…
fields:
INJECTORS:
extra_vars:
SLACK_MESSAGE: ‘{{slack_message}}’
SLACK_TOKEN: ‘{{slack_token}}’
So in my playbook, using the slack module, I should be able to use:
token: " {{ SLACK_TOKEN }} "
When running the playbook, however, I get:
“msg”: " failed to send {"username": "Ansible", "text": " This is just a test. ", "link_names": 1, "icon_url": "https://www.ansible.com/favicon.ico\“} to https://hooks.slack.com/services/[obscured]: HTTP Error 400: Bad request”
One somewhat unique thing about the Slack token specifically, is that it has \ in there (i.e. thetoken/generatedby/slack) - maybe an escaping error??
Can anyone confirm custom credentials work with special characters or not?
If there are special characters in the obscured part and you are trying to make a URL call with it it could be an issue.
Try sending your token variable through the urlencode filter before appending it to the URL:
token: {{ SLACK_TOKEN | urlencode }}"
Depending on your / you may need to do more. Urlencode will encode a \ but not a / (thats a valid URL entity). So if you really have a / and it need to be encoded you may be able to append regex_replace(‘/’,’%2F’) to the filter (according to https://lookonmyworks.co.uk/2016/01/12/ansible-templates-and-urlencode/)
-John
I believe you have a different problem. The Slack token has forward slashes in it ‘/‘ and the should not be escaped because they become pard of the URI sent to hooks.slack.com. I haven’t seen any tokens with backslash ‘\’ in them.
It sounds like you’re trying to use a credential within a playbook and I have not seen that done. So, I can’t be much more help than that.
We store our slack tokens in regular variables. They are then applied in a playbook to the Slack module. You may also want to consider using Slack Notification in AWX. It’s a little limited, but may help.
Dave
That’s exactly why I was hoping this would be an easy answer :). The notifications within AWX are good for success/fail, but there are some intermediate (and/or tailored) notifications I’d like to push. We can do this by, like you say, adding it as a variable within the job template, but that’s not very secure. The appearance of the notifications setup looks like it’s being put into (and ultimately used from) the vault - value == $encrypted$ I figured the entire idea behind injectors was exactly this: https://docs.ansible.com/ansible-tower/latest/html/userguide/credential_types.html#create-a-new-credential-type
Anyway, I appreciate the responses - will keep playing with it!