problem using api v2 to insert a new credential.

Cesar_Sanchez · October 19, 2017, 11:41pm

Hi guys.

I want to programmatically insert 1000 credentials. I tried to use the api v2, but I’m getting a Bad Request (Bad data found in related field team.)

Tried to use tower-cli (v2) and same result.

If I use tower-cli v1, I can insert the credentials if as ssh-key-data I pass the location of the file.

Can you please explain to me, how should I pass the key data to the api?

Thanks,

-Cesar

AlanCoding · October 20, 2017, 12:31am

Hi Cesar,

Here is our example for using tower-cli to create a credential in v2:

https://github.com/ansible/tower-cli/blob/master/docs_deprecated/examples/fake_data_creator.sh#L93-L111

Multi-line inputs are, indeed, tricky. We have an issue open to add some shortcut options for credentials in v2, but even then you will likely prefer to get keys from files.

Also consider running the example with verbosity on, -v, to see the request data, which might get the ball rolling for whatever else you’re attempting.

Alan

Cesar_Sanchez · October 20, 2017, 12:15pm

Thanks Alan,

Your example helped me figure out what was happening.

My api user (I use token authentication) didn’t have enough privileges to create credentials. I had to set that account as a system administrator in order to do so.

I think this is a limitation, given that I don’t want to give sysadmin privileges to that specific user, to limit it the exposure of certain playbooks, but I do want him to be able to create new credentials.

Is this behaviour intended? or probably a new issue?

Thanks,

-Cesar

AlanCoding · October 20, 2017, 1:17pm

Cesar,

What you’re describing sounds like its related to how we assign ownership to credentials. Here’s what we have in the current system… in the request body you must provide either:

user
team
organization

If you provide organization, then you need to be admin of that organization, and then, that credential will have some limited sharing rules with other people in the org (only admins I believe). But if you provide user, that makes it a “private” credential. In practice, the user should be yourself, and you will get admin role to the credential you created. AFAIK, every user in the system should be able to create a private credential.

I could see that changing in AWX soon as a part of this issue:
https://github.com/ansible/awx/issues/166

but we’ll see. Feel free to add your thoughts there.

Thanks,
Alan

Topic		Views
awx 3 api credeetntials post AWX Project awx	6	March 27, 2019
Unable to update/add credential field in Job Template using API in Ansible tower AWX Project	0	June 17, 2021
Attaching machine credential using tower-cli AWX Project awx	3	August 20, 2019
tower-cli auth token? AWX Project	1	February 27, 2019
Credential Module - Create Tower Credential with a Cyberark AIM Lookup as the password AWX Project awx	1	February 1, 2023

problem using api v2 to insert a new credential.

Related topics