I would like to traverse among azure resources beyond one particular subscription. Right now the credentials are tagged to subscription, how do we create playbook independently or across subscription. To be more precise, I have a task which I need to perform on subscription 1, 2, 3. The SPN has access to all subscription but how ansible credential can go one level up?
For Microsoft Azure… I am assuming you are using ENV vars so its hard to hop between different subs?
You can also do Microsoft Azure subscription/login via module parameters. For example check out this module: azure.azcollection.azure_rm_account_info module – Get Azure Account facts (output of az account show) — Ansible Documentation
You can see parameters like profile and switch profiles module-by-module, or hand them in as an extra var.
The other thing you can do, if you start operationalizing automation with Ansible Automation Platform or even just the upstream project AWX, you can have different credentials that act as different environments for each Job Template and/or workflow. This allows the same automation to be re-used across different environments. In this case the “credential” points to different Azure subscriptions. You can even run these in parallel within a workflow, where the same automation job (playbook) is running in parallel across different Azure environments.
Here is the Workflows guide: 23. Workflows — Automation Controller User Guide v4.4
Each rectangle box is the equivalent of an Ansible Playbook. I have a quick video on Job Template vs Ansible Playbook to explain this: Starting off a bit more basic this morning. What is the difference be... | TikTok