other_vars.yml

The vars in this file control whats configured by default in a new repository, this should be at least an example of a project, inventory and a template.
This should be a working example, so people will trust what has been given as an example.

---
# put your vars in here and make sure the secrets in this file are ALWAYS vault encrypted
# the values in this file will be encrypted and used in the config files.
code_environment_vars:
  all:
    credential_input_sources:
      - source_credential: "{{ organization_short_name | upper }}_ENV_hashivault"
        target_credential: "{{ organization_short_name | upper }}_ansible"
        input_field_name: ssh_key_data
        description: Fill the ansible ssh_key from HashiCorp Vault
        metadata:
          secret_backend: kv
          secret_path: data/ansible
          secret_key: ssh_private_key
      - source_credential: "{{ organization_short_name | upper }}_ENV_hashivault"
        target_credential: "{{ organization_short_name | upper }}_ansible"
        input_field_name: username
        description: Fill the ansible username from HashiCorp Vault
        metadata:
          secret_backend: kv
          secret_path: data/ansible
          secret_key: username
      - source_credential: "{{ organization_short_name | upper }}_ENV_hashivault"
        target_credential: "{{ organization_short_name | upper }}_ansible"
        input_field_name: become_method
        description: Fill the ansible become method from HashiCorp Vault
        metadata:
          secret_backend: kv
          secret_path: data/ansible
          secret_key: become_method
      - source_credential: "{{ organization_short_name | upper }}_ENV_hashivault"
        target_credential: "{{ organization_short_name | upper }}_gitlab"
        input_field_name: username
        description: Fill the gitlab username from HashiCorp Vault
        metadata:
          secret_backend: kv
          secret_path: data/gitlab
          secret_key: username
      - source_credential: "{{ organization_short_name | upper }}_ENV_hashivault"
        target_credential: "{{ organization_short_name | upper }}_gitlab"
        input_field_name: ssh_key_data
        description: Fill the gitlab key from HashiCorp Vault
        metadata:
          secret_backend: kv
          secret_path: data/gitlab
          secret_key: ssh_private_key
      - source_credential: "{{ organization_short_name | upper }}_ENV_hashivault"
        target_credential: "{{ organization_short_name | upper }}_automation_hub_image_pull_secret"
        input_field_name: host
        description: Fill the pull secret from HashiCorp Vault
        metadata:
          secret_backend: kv
          secret_path: data/automation_hub_image_pull_secret
          secret_key: host
      - source_credential: "{{ organization_short_name | upper }}_ENV_hashivault"
        target_credential: "{{ organization_short_name | upper }}_automation_hub_image_pull_secret"
        input_field_name: username
        description: Fill the field from HashiCorp Vault
        metadata:
          secret_backend: kv
          secret_path: data/automation_hub_image_pull_secret
          secret_key: username
      - source_credential: "{{ organization_short_name | upper }}_ENV_hashivault"
        target_credential: "{{ organization_short_name | upper }}_automation_hub_image_pull_secret"
        input_field_name: password
        description: Fill the field from HashiCorp Vault
        metadata:
          secret_backend: kv
          secret_path: data/automation_hub_image_pull_secret
          secret_key: password
      - source_credential: "{{ organization_short_name | upper }}_ENV_hashivault"
        target_credential: "{{ organization_short_name | upper }}_automation_hub_image_pull_secret"
        input_field_name: verify_ssl
        description: Fill the field from HashiCorp Vault
        metadata:
          secret_backend: kv
          secret_path: data/automation_hub_image_pull_secret
          secret_key: verify_ssl
      - source_credential: "{{ organization_short_name | upper }}_hashivault"
        target_credential: "{{ organization_short_name | upper }}_vault"
        input_field_name: vault_password
        description: Fill the field from HashiCorp Vault
        metadata:
          secret_backend: kv
          secret_path: data/rhaap_admin
          secret_key: password
    credentials:
      - name: "{{ organization_short_name | upper }}_gitlab"
        description: 'SCM credential'
        credential_type: Source Control
      - name: "{{ organization_short_name | upper }}_ansible"
        description: 'Machine credential'
        credential_type: Machine
      - name: "{{ organization_short_name | upper }}_automation_hub_image_pull_secret"
        description: 'Image pull secret'
        credential_type: Container Registry
      - name: "{{ organization_short_name | upper }}_vault"
        description: Vault secret
        credential_type: Vault
    inventories:
      - name: "{{ organization_short_name | upper }}_demo_inventory"
        description: 'Demo inventory, functional'
        organization: "{{ organization_long_name | upper }}"
    inventory_sources:
      - name: "{{ organization_short_name | upper }}_demo_inventory"
        description: 'Just a demo, functional'
        organization: "{{ organization_long_name | upper }}"
    projects:
      - name: "{{ organization_short_name | upper }}_demo_project"
        description: Demo project
        scm_url: git@gitlab.homelab:code-examples/dead_link_checker.git
    roles: []
    hosts: []
    labels: []
    teams:
      - use: here
    templates:
      - use: here
  dev:
    credential_input_sources: []
    credentials:
      - name: "{{ organization_short_name | upper }}_hashivault"
        description: Org Specific HashiCorp Vault Secret Lookup
        organization: "{{ organization_long_name | upper }}"
        credential_type: HashiCorp Vault Secret Lookup
        inputs:
          url: "{{ vault_url }}"
          namespace: "dev/{{ organization_short_name | lower }}"
      - name: "{{ organization_short_name | upper }}_ENV_hashivault"
        description: Env wide HashiCorp Vault Secret Lookup
        organization: "{{ organization_long_name | upper }}"
        credential_type: HashiCorp Vault Secret Lookup
        inputs:
          url: "{{ vault_url }}"
          namespace: "dev"
    inventories: []
    inventory_sources: []
    organizations: []
    projects:
      - name: "{{ organization_short_name | upper }}_demo_inventory"
        description: inventory project
        scm_url: git@gitlab.homelab:container_aap/inventory_base.git
    hosts: []
    labels: []
    roles:
      teama: "LDAP_{{ organization_short_name | upper }}_Admins"
      teamd: "LDAP_{{ organization_short_name | upper }}_Developers"
      teamo: "LDAP_{{ organization_short_name | upper }}_Operators"
    teams: []
    templates: []
  prod:
    credential_input_sources: []
    credentials:
      - name: "{{ organization_short_name | upper }}_hashivault"
        description: Org Specific HashiCorp Vault Secret Lookup
        organization: "{{ organization_long_name | upper }}"
        credential_type: HashiCorp Vault Secret Lookup
        inputs:
          url: "{{ vault_url }}"
          namespace: "prod/{{ organization_short_name | lower }}"
      - name: "{{ organization_short_name | upper }}_ENV_hashivault"
        description: Env wide HashiCorp Vault Secret Lookup
        organization: "{{ organization_long_name | upper }}"
        credential_type: HashiCorp Vault Secret Lookup
        inputs:
          url: "{{ vault_url }}"
          namespace: "prod"
    inventories: []
    inventory_sources: []
    organizations: []
    projects:
      - name: "{{ organization_short_name | upper }}_demo_inventory"
        description: inventory project
        scm_url: git@gitlab.homelab:container_aap/inventory_base.git
    hosts: []
    labels: []
    roles:
      teama: "LDAP_{{ organization_short_name | upper }}_Admins"
      teamd: "LDAP_{{ organization_short_name | upper }}_Developers"
      teamo: "LDAP_{{ organization_short_name | upper }}_Operators"
    teams: []
    templates: []

Back