cloudera.cloud.env_cred module – Create, update, and destroy CDP credentials

Note

This module is part of the cloudera.cloud collection (version 2.5.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cloudera.cloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cloudera.cloud.env_cred.

Synopsis

  • Create, update, and destroy CDP credentials.

  • The module support check_mode.

Requirements

The below requirements are needed on the host that executes this module.

  • cdpy

Parameters

Parameter

Comments

application

string

The ApplicationId of the Azure Application used for access

cdp_region

aliases: cdp_endpoint_region, endpoint_region

string

Specify the Cloudera Data Platform endpoint region.

Default: "default"

cloud

string / required

The target cloud provider for the Credential.

Required if state=present.

Choices:

  • "aws"

  • "azure"

  • "gcp"

debug

aliases: debug_endpoints

boolean

Capture the CDP SDK debug log.

Choices:

  • false ← (default)

  • true

delay

integer

Delay period in seconds between retries

Default: 3

description

aliases: desc

string

Descriptive text for the Credential.

Default: "None"

name

aliases: credential

string / required

The name of the Credential.

The name must conform to the CDP Credential format, which is lowercase letters, numbers, and hyphens only.

profile

string

If provided, the CDP SDK will use this value as its profile.

retries

integer

Number of times to retry the create operation if a possible eventual consistency error is returned

Set to 0 to fail immediately on such errors

Default: 5

role

aliases: arn, role_arn

string

The CDP cross-account role for AWS

For cloud=aws, this is the Role ARN for the cross-account role.

secret

string

The Secret for the Application access on Azure

The path to the Key File for the Service Account being used on Google

state

string

Establish the state of the Credential in CDP.

Choices:

  • "present" ← (default)

  • "absent"

subscription

string

The Subscription ID or URI of the Azure Subscription being used

tenant

string

The URI of the Azure Tenant

verify_endpoint_tls

aliases: endpoint_tls

boolean

Verify the TLS certificates for the CDP endpoint.

Choices:

  • false

  • true ← (default)

Examples

# Note: These examples do not set authentication details.

# Create a CDP Credential for AWS
- cloudera.cloud.env_cred:
    state: present
    cloud: aws
    name: example-credential
    description: This is an example Credential
    role: arn:aws:iam::123456789123:role/some-cross-account-role

# Delete a CDP Credential
- cloudera.cloud.env_cred:
    state: absent
    name: example-credential

# Create a CDP Credential for AWS and log the output of the CDP SDK in the return values
- cloudera.cloud.env_cred:
    name: example-credential
    debug: yes

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

credential

complex

Returns an object for the Credential.

Returned: success

cloudPlatform

string

The name of the cloud provider for the Credential.

Returned: always

Sample: "AWS"

credentialName

string

The name of the Credential.

Returned: always

Sample: "example-credential"

crn

string

The CDP CRN value derived from the cross-account Role ARN used during creation.

Returned: always

Sample: "crn:cdp:environments:us-west-1:558bc1d2-8867-4357-8524-311d51259233:credential:61eb5b97-226a-4be7-b56d-795d18a043b5"

description

string

The description of the Credential.

Returned: when supported

Sample: "An example Credential"

sdk_out

string

Returns the captured CDP SDK log.

Returned: when supported

sdk_out_lines

list / elements=string

Returns a list of each line of the captured CDP SDK log.

Returned: when supported

Authors

  • Webster Mudge (@wmudge)

  • Daniel Chaffelson (@chaffelson)