Hello again,
So I currently work on my first action plugin and I have a noob question: what is the best practice for passing credentials to the ‘run’ class method?
Assume we have a playbook that calls the role containing the plugin:
- name: "Call a role"
import_role:
name: "example"
and inside the example role we have a task triggering the plugin:
- name: "Call plugin"
plugin:
username: "{{ username }}"
password: "{{ password }}"
So the question is where and how can I define username and password without having these values exposed in the output?
jpmens
(Jan-Piet Mens)
2
All play variables are passed into task_vars, automatically, so you don’t need to specify these as plugin parameters.
Say you you have a variable dinner be it specified as extravars, inventory vars, etc. this is automatically passed into you action plugin:
#!/usr/bin/env python
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from ansible.plugins.action import ActionBase
try:
from __main__ import display
except ImportError:
from ansible.utils.display import Display
display = Display()
class ActionModule(ActionBase):
BYPASS_HOST_LOOP = False # if True, runs once per play
def run(self, tmp=None, task_vars=None):
'''Run action plugin'''
meal = task_vars['dinner']
display.vv(meal)
result = {
'changed': False,
'failed': False,
'msg': 'okbla',
}
return result
- hosts: alice
tasks:
- aplug:
$ ansible-playbook jp.yml -e dinner=Doener -vv
...
TASK [aplug] ************************************************************************
task path: /.../ansible-tests/action_plugins/vars/jp.yml:10
Doener
ok: [alice] => {"changed": false, "msg": "okbla"}
@jpmens thank you for the answer!
system
(system)
Closed
4
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.