Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.tss.
New in version 1.0.0: of community.general
The below requirements are needed on the local controller node that executes this lookup.
| Parameter | Choices/Defaults | Configuration | Comments |
|---|---|---|---|
| _terms integer / required | The integer ID of the secret. | ||
| api_path_uri string | Default: "/api/v1" | env:TSS_API_PATH_URI | The path to append to the base URL to form a valid REST API request. |
| base_url string / required | ini entries: [tss_lookup] env:TSS_BASE_URL | The base URL of the server, e.g. https://localhost/SecretServer. | |
| domain string added in 3.6.0 of community.general | Default: "" | ini entries: [tss_lookup] env:TSS_DOMAIN | The domain with which to request the OAuth2 Access Grant. Optional when token is not provided. Requires python-tss-sdk version 1.0.0 or greater. |
| password string | ini entries: [tss_lookup] env:TSS_PASSWORD | The password associated with the supplied username. Required when token is not provided. | |
| token string added in 3.7.0 of community.general | ini entries: [tss_lookup] env:TSS_TOKEN | Existing token for Thycotic authorizer. If provided, username and password are not needed. Requires python-tss-sdk version 1.0.0 or greater. | |
| token_path_uri string | Default: "/oauth2/token" | env:TSS_TOKEN_PATH_URI | The path to append to the base URL to form a valid OAuth2 Access Grant request. |
| username string | ini entries: [tss_lookup] env:TSS_USERNAME | The username with which to request the OAuth2 Access Grant. |
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
username='user.name',
password='password'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
username='user.name',
password='password',
domain='domain'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
- hosts: localhost
vars:
secret_password: >-
{{
((lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
token='thycotic_access_token',
) | from_json).get('items') | items2dict(key_name='slug', value_name='itemValue'))['password']
}}
tasks:
- ansible.builtin.debug:
msg: the password is {{ secret_password }}
Common return values are documented here, the following are the fields unique to this lookup:
| Key | Returned | Description |
|---|---|---|
| _list list / elements=dictionary | success | The JSON responses to GET /secrets/{id}. |
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/tss_lookup.html