YCM is a collection of Ansible modules designed to manage Yandex Cloud resources for tasks not covered by the Terraform provider.
Currently, modules for working with Lockbox and IAM are implemented, and new modules are added as they are developed.
- Secret creation: Easily create new secrets in Yandex Lockbox with specified parameters.
- Secret updates: Add new versions to existing secrets with updated data.
- Secret deletion: Delete secrets from Yandex Lockbox.
- Activate/Deactivate secrets: Change the status of secrets to active or inactive as needed.
- Retrieve IAM token: Use the
yc_iam_token
lookup plugin to dynamically retrieve an IAM token using a service account key file, simplifying authentication for Yandex Cloud API operations.
- Python 3.10 or higher.
- Ansible 2.9 or higher.
yandexcloud
Python SDK.
-
Clone the Repository:
git clone https://github.com/krang404/ycm.git
-
Install Dependencies:
pip install yandexcloud
To use the Yandex Cloud Module in your Ansible playbooks, include it as a custom module.
- name: Manage Yandex Cloud Secrets
hosts: localhost
tasks:
- name: Create a new secret
ycm:
iam_token: "{{ lookup('yc_iam_token', 'jwt', '/path/to/sa_key.json') }}"
folder_id: "your-folder-id"
secret_name: "example_secret"
secret_description: "An example secret"
text_payload_entries:
key1: "value1"
key2: "value2"
state: present
YCM includes lookup plugins to fetch IAM tokens and secret values from Yandex Cloud.
This plugin retrieves an IAM token using a service account key file.
Usage Example:
- name: Obtain IAM Token via SA-key
debug:
msg: "{{ lookup('yc_iam_token', 'jwt', '/path/to/sa_key.json') }}"
- name: Obtain IAM Token via OAuth
debug:
msg: "{{ lookup('yc_iam_token', 'oauth', 'your_oauth_token') }}"
This plugin fetches secret values from Yandex Lockbox.
Usage Example:
- name: Retrieve secret value
debug:
msg: "{{ lookup('yc_lockbox', 'secret-id', iam_token) }}"
The modules include error handling to manage exceptions that may occur during API interactions. If an error is encountered, the module will fail gracefully, providing an appropriate error message.
Contributions are welcome! Please fork the repository and submit a pull request with your changes. Ensure that your code adheres to the existing style and includes appropriate tests.
This project is licensed under the Apache License 2.0. See the LICENSE file for details.
This project utilizes the Yandex Cloud SDK for Python and is inspired by best practices in Ansible module development.
For more information, visit the ycm GitHub repository.