Passing credentials to an action plugin

Hello again,

So I currently work on my first action plugin and I have a noob question: what is the best practice for passing credentials to the ‘run’ class method?

Assume we have a playbook that calls the role containing the plugin:

- name: "Call a role"
    name: "example"

and inside the example role we have a task triggering the plugin:

- name: "Call plugin"
    username: "{{ username }}"
    password: "{{ password }}"

So the question is where and how can I define username and password without having these values exposed in the output?

All play variables are passed into task_vars, automatically, so you don’t need to specify these as plugin parameters.

Say you you have a variable dinner be it specified as extravars, inventory vars, etc. this is automatically passed into you action plugin:

#!/usr/bin/env python
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from ansible.plugins.action import ActionBase

    from __main__ import display
except ImportError:
    from ansible.utils.display import Display
    display = Display()

class ActionModule(ActionBase):

    BYPASS_HOST_LOOP = False       # if True, runs once per play

    def run(self, tmp=None, task_vars=None):
        '''Run action plugin'''

        meal = task_vars['dinner']

        result = {
            'changed': False,
            'failed': False,
            'msg': 'okbla',

        return result
- hosts: alice
    - aplug:
$ ansible-playbook jp.yml -e dinner=Doener -vv
TASK [aplug] ************************************************************************
task path: /.../ansible-tests/action_plugins/vars/jp.yml:10
ok: [alice] => {"changed": false, "msg": "okbla"}

@jpmens thank you for the answer!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.