vault_add_key_to_base_users.yml

This tasks file will add the user/password key given to the base_users secret in the vault.
This is used by the base_config to create the local users in rhaap on a configuration run.

We first read the existing users and add the new user to the secret.
Then we write the updated secret to the vault.

---
- name: Read secret
  ansible.builtin.uri:
    url: "{{ vault_url }}/v1/kv/data/base_users"
    method: GET
    headers:
      X-Vault-Token: "{{ vault_token }}"
      X-Vault-Namespace: "{{ main_ns_name }}/{{ sub_ns_name }}"
      Content-type: "application/json"
    timeout: 10
    validate_certs: false
  register: rsecret

- name: Set the content var
  ansible.builtin.set_fact:
    new_content: "{{ rsecret['json']['data']['data'] }}"

- name: Add user to set
  ansible.builtin.set_fact:
    new_content: "{{ new_content | combine( {new_key: new_value} ) }}"

- name: Set secret content
  ansible.builtin.set_fact:
    json_secret_content: |
      {
      "data":
        {{ new_content }}
      }
  no_log: true

- name: Update secret
  ansible.builtin.uri:
    url: "{{ vault_url }}/v1/kv/data/base_users"
    method: POST
    headers:
      X-Vault-Token: "{{ vault_token }}"
      X-Vault-Namespace: "{{ main_ns_name }}/{{ sub_ns_name }}"
      Content-type: "application/json"
    body_format: json
    body:
      "{{ json_secret_content }}"
    timeout: 10
    validate_certs: false
  no_log: true