hcp-ansible/playbooks/tasks/misc/load_credentials_vars.yml

51 lines
1.6 KiB
YAML

---
- name: "Stat credentials file"
ansible.builtin.stat:
path: "{{ sub_configuration_directories['secrets'] }}/{{ configuration_credentials_vars_file }}"
register: _credentials_file
delegate_to: localhost
- name: "Stat vault credentials file"
ansible.builtin.stat:
path: "{{ sub_configuration_directories['secrets'] }}/vault.yml"
register: _vault_credentials_file
delegate_to: localhost
- name: "Make sure credentials file exists"
ansible.builtin.assert:
that:
- _credentials_file.stat.exists
fail_msg: >-
Credentials file {{ _credentials_file.stat.path }} was not found, cannot continue without it.
delegate_to: localhost
- name: "Load credentials variables"
ansible.builtin.include_vars:
dir: "{{ sub_configuration_directories['secrets'] }}"
files_matching: "{{ configuration_credentials_vars_file }}"
depth: 1
name: _credentials
delegate_to: localhost
- name: "Load vault credentials if vault.yml exists"
ansible.builtin.include_vars:
dir: "{{ sub_configuration_directories['secrets'] }}"
files_matching: "vault.yml"
depth: 1
name: _vault_credentials
when: _vault_credentials_file.stat.exists
delegate_to: localhost
- name: "Merge vault credentials into _credentials"
vars:
_config_to_merge:
vault: "{{ _vault_credentials }}"
ansible.builtin.set_fact:
_credentials: "{{ _credentials | combine(_config_to_merge, recursive=true) }}"
when: _vault_credentials_file.stat.exists
delegate_to: localhost
- name: "Debug _credentials"
ansible.builtin.debug:
msg: "{{ _credentials }}"