uclalib_k8s_external_secrets_ssm_put.yml

---

  # avuong
  # Playbook to create ssm parameters
  #
  # Vars are stored in group_vars
  #
  # Boto3 is needed for this module to work

- name: uclalib_k8s_external_secrets_ssm_put.yml
  gather_facts: no
  hosts:
    - k8s_ssm_external_secrets

  vars:
    # RedHat 7 does not set python3 as the default interpretter. Must be set at vars or ansible.cfg
    ansible_python_interpreter: "python3"

  tasks:
    - name: Create or update secure key/value pair with nominated kms key
      aws_ssm_parameter_store:
        # Convention: /environment/cluster/namespace/appname/parameterkey
        # Example: /test/testsoftwaredev/test-argocd/uclalibrary_bind_dn
        name: "/{{ item.0.environment }}/{{ item.0.cluster }}/{{ item.0.namespace if item.0.namespace is defined else item.0.environment + '-' + item.0.app }}/{{ item.0.app }}/{{ item.1.parameter }}"
        string_type: "SecureString"
        key_id: "{{ kms_alias }}"
        value: "{{ item.1.value }}"
        region: "{{ aws_region }}"
        aws_access_key: "{{ aws_access_key_id }}"
        aws_secret_key: "{{ aws_secret_access_key }}"
      with_subelements:
        - "{{ parameters }}"
        - namespace_parameters
      delegate_to: 127.0.0.1
      no_log: "true"