• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

ansible / awx-plugins / 27741620681

10 Jun 2026 10:23PM UTC coverage: 76.699%. Remained the same
27741620681

push

github

web-flow
Merge pull request #188 from jessicamack/fix-credential-field

Fix incorrectly labeled credential type

39 of 39 branches covered (100.0%)

Branch coverage included in aggregate %.

1 of 2 new or added lines in 1 file covered. (50.0%)

2930 of 3832 relevant lines covered (76.46%)

4.58 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

73.94
/src/awx_plugins/credentials/plugins.py
1
# FIXME: the following violations must be addressed gradually and unignored
2
# mypy: disable-error-code="assignment, misc, no-redef"
3

4
from awx_plugins.interfaces._temporary_private_api import (  # noqa: WPS436
6✔
5
    ManagedCredentialType,
6
)
7
from awx_plugins.interfaces._temporary_private_django_api import (  # noqa: WPS436
6✔
8
    gettext_noop,
9
)
10

11
from .injectors import (
6✔
12
    aws as aws_injector,
13
    azure_rm as azure_rm_injector,
14
    gce as gce_injector,
15
    kubernetes_bearer_token as kubernetes_bearer_token_injector,
16
    openstack as openstack_injector,
17
    terraform as terraform_injector,
18
    vmware as vmware_injector,
19
)
20

21

22
__all__ = ()  # noqa: WPS410
6✔
23

24

25
ssh = ManagedCredentialType(
×
26
    namespace='ssh',
6✔
27
    kind='ssh',
6✔
28
    name=gettext_noop('Machine'),
×
29
    managed=True,
6✔
30
    inputs={
31
        'fields': [
6✔
32
            {
33
                'id': 'username',
6✔
34
                'label': gettext_noop('Username'),
×
35
                'type': 'string',
6✔
36
            },
37
            {
38
                'id': 'password',
6✔
39
                'label': gettext_noop('Password'),
×
40
                'type': 'string',
6✔
41
                'secret': True,
6✔
42
                'ask_at_runtime': True,
6✔
43
            },
44
            {
45
                'id': 'ssh_key_data',
6✔
46
                'label': gettext_noop('SSH Private Key'),
×
47
                'type': 'string',
6✔
48
                'format': 'ssh_private_key',
6✔
49
                'secret': True,
6✔
50
                'multiline': True,
6✔
51
            },
52
            {
53
                'id': 'ssh_public_key_data',
6✔
54
                'label': gettext_noop('Signed SSH Certificate'),
×
55
                'type': 'string',
6✔
56
                'multiline': True,
6✔
57
                'secret': True,
6✔
58
            },
59
            {
60
                'id': 'ssh_key_unlock',
6✔
61
                'label': gettext_noop('Private Key Passphrase'),
×
62
                'type': 'string',
6✔
63
                'secret': True,
6✔
64
                'ask_at_runtime': True,
6✔
65
            },
66
            {
67
                'id': 'become_method',
6✔
68
                'label': gettext_noop('Privilege Escalation Method'),
×
69
                'type': 'string',
6✔
70
                'help_text': gettext_noop(
×
71
                    'Specify a method for "become" operations. This is '
6✔
72
                    'equivalent to specifying the --become-method Ansible '
73
                    'parameter.',
74
                ),
75
            },
76
            {
77
                'id': 'become_username',
6✔
78
                'label': gettext_noop('Privilege Escalation Username'),
×
79
                'type': 'string',
6✔
80
            },
81
            {
82
                'id': 'become_password',
6✔
83
                'label': gettext_noop('Privilege Escalation Password'),
×
84
                'type': 'string',
6✔
85
                'secret': True,
6✔
86
                'ask_at_runtime': True,
6✔
87
            },
88
        ],
89
    },
90
)
91

92
scm = ManagedCredentialType(
×
93
    namespace='scm',
6✔
94
    kind='scm',
6✔
95
    name=gettext_noop('Source Control'),
×
96
    managed=True,
6✔
97
    inputs={
98
        'fields': [
6✔
99
            {
100
                'id': 'username',
6✔
101
                'label': gettext_noop('Username'),
×
102
                'type': 'string',
6✔
103
            },
104
            {
105
                'id': 'password',
6✔
106
                'label': gettext_noop('Password'),
×
107
                'type': 'string',
6✔
108
                'secret': True,
6✔
109
            },
110
            {
111
                'id': 'ssh_key_data',
6✔
112
                'label': gettext_noop('SCM Private Key'),
×
113
                'type': 'string',
6✔
114
                'format': 'ssh_private_key',
6✔
115
                'secret': True,
6✔
116
                'multiline': True,
6✔
117
            },
118
            {
119
                'id': 'ssh_key_unlock',
6✔
120
                'label': gettext_noop('Private Key Passphrase'),
×
121
                'type': 'string',
6✔
122
                'secret': True,
6✔
123
            },
124
        ],
125
    },
126
)
127

128
vault = ManagedCredentialType(
×
129
    namespace='vault',
6✔
130
    kind='vault',
6✔
131
    name=gettext_noop('Vault'),
×
132
    managed=True,
6✔
133
    inputs={
134
        'fields': [
6✔
135
            {
136
                'id': 'vault_password',
6✔
137
                'label': gettext_noop('Vault Password'),
×
138
                'type': 'string',
6✔
139
                'secret': True,
6✔
140
                'ask_at_runtime': True,
6✔
141
            },
142
            {
143
                'id': 'vault_id',
6✔
144
                'label': gettext_noop('Vault Identifier'),
×
145
                'type': 'string',
6✔
146
                'format': 'vault_id',
6✔
147
                'help_text': gettext_noop(
×
148
                    'Specify an (optional) Vault ID. This is '
6✔
149
                    'equivalent to specifying the --vault-id '
150
                    'Ansible parameter for providing multiple Vault '
151
                    'passwords.  Note: this feature only works in '
152
                    'Ansible 2.4+.',
153
                ),
154
            },
155
        ],
156
        'required': [
6✔
157
            'vault_password',
6✔
158
        ],
159
    },
160
)
161

162
net = ManagedCredentialType(
×
163
    namespace='net',
6✔
164
    kind='net',
6✔
165
    name=gettext_noop('Network'),
×
166
    managed=True,
6✔
167
    inputs={
168
        'fields': [
6✔
169
            {
170
                'id': 'username',
6✔
171
                'label': gettext_noop('Username'),
×
172
                'type': 'string',
6✔
173
            },
174
            {
175
                'id': 'password',
6✔
176
                'label': gettext_noop('Password'),
×
177
                'type': 'string',
6✔
178
                'secret': True,
6✔
179
            },
180
            {
181
                'id': 'ssh_key_data',
6✔
182
                'label': gettext_noop('SSH Private Key'),
×
183
                'type': 'string',
6✔
184
                'format': 'ssh_private_key',
6✔
185
                'secret': True,
6✔
186
                'multiline': True,
6✔
187
            },
188
            {
189
                'id': 'ssh_key_unlock',
6✔
190
                'label': gettext_noop('Private Key Passphrase'),
×
191
                'type': 'string',
6✔
192
                'secret': True,
6✔
193
            },
194
            {
195
                'id': 'authorize',
6✔
196
                'label': gettext_noop('Authorize'),
×
197
                'type': 'boolean',
6✔
198
            },
199
            {
200
                'id': 'authorize_password',
6✔
201
                'label': gettext_noop('Authorize Password'),
×
202
                'type': 'string',
6✔
203
                'secret': True,
6✔
204
            },
205
        ],
206
        'dependencies': {
6✔
207
            'authorize_password': [
6✔
208
                'authorize',
6✔
209
            ],
210
        },
211
        'required': [
6✔
212
            'username',
6✔
213
        ],
214
    },
215
)
216

217
aws = ManagedCredentialType(
×
218
    namespace='aws',
6✔
219
    kind='cloud',
6✔
220
    name=gettext_noop('Amazon Web Services'),
×
221
    managed=True,
6✔
222
    custom_injectors=aws_injector,
6✔
223
    inputs={
224
        'fields': [
6✔
225
            {
226
                'id': 'username',
6✔
227
                'label': gettext_noop('Access Key'),
×
228
                'type': 'string',
6✔
229
            },
230
            {
231
                'id': 'password',
6✔
232
                'label': gettext_noop('Secret Key'),
×
233
                'type': 'string',
6✔
234
                'secret': True,
6✔
235
            },
236
            {
237
                'id': 'security_token',
6✔
238
                'label': gettext_noop('STS Token'),
×
239
                'type': 'string',
6✔
240
                'secret': True,
6✔
241
                'help_text': gettext_noop(
×
242
                    'Security Token Service (STS) is a web service '
6✔
243
                    'that enables you to request temporary, '
244
                    'limited-privilege credentials for AWS Identity '
245
                    'and Access Management (IAM) users.',
246
                ),
247
            },
248
        ],
249
        'required': [
6✔
250
            'username',
6✔
251
            'password',
6✔
252
        ],
253
    },
254
)
255

256
openstack = ManagedCredentialType(
×
257
    namespace='openstack',
6✔
258
    kind='cloud',
6✔
259
    name=gettext_noop('OpenStack'),
×
260
    managed=True,
6✔
261
    custom_injectors=openstack_injector,
6✔
262
    inputs={
263
        'fields': [
6✔
264
            {
265
                'id': 'username',
6✔
266
                'label': gettext_noop('Username'),
×
267
                'type': 'string',
6✔
268
            },
269
            {
270
                'id': 'password',
6✔
271
                'label': gettext_noop('Password (API Key)'),
×
272
                'type': 'string',
6✔
273
                'secret': True,
6✔
274
            },
275
            {
276
                'id': 'host',
6✔
277
                'label': gettext_noop('Host (Authentication URL)'),
×
278
                'type': 'string',
6✔
279
                'help_text': gettext_noop(
×
280
                    'The host to authenticate with.  For example, '
6✔
281
                    'https://openstack.business.com/v2.0/',
282
                ),
283
            },
284
            {
285
                'id': 'project',
6✔
286
                'label': gettext_noop('Project (Tenant Name)'),
×
287
                'type': 'string',
6✔
288
            },
289
            {
290
                'id': 'project_domain_name',
6✔
291
                'label': gettext_noop('Project (Domain Name)'),
×
292
                'type': 'string',
6✔
293
            },
294
            {
295
                'id': 'domain',
6✔
296
                'label': gettext_noop('Domain Name'),
×
297
                'type': 'string',
6✔
298
                'help_text': gettext_noop(
×
299
                    'OpenStack domains define administrative boundaries. '
6✔
300
                    'It is only needed for Keystone v3 authentication '
301
                    'URLs. Refer to the documentation for '
302
                    'common scenarios.',
303
                ),
304
            },
305
            {
306
                'id': 'region',
6✔
307
                'label': gettext_noop('Region Name'),
×
308
                'type': 'string',
6✔
309
                'help_text': gettext_noop(
×
310
                    'For some cloud providers, like OVH, region must be '
6✔
311
                    'specified',
312
                ),
313
            },
314
            {
315
                'id': 'verify_ssl',
6✔
316
                'label': gettext_noop('Verify SSL'),
×
317
                'type': 'boolean',
6✔
318
                'default': True,
6✔
319
            },
320
        ],
321
        'required': [
6✔
322
            'username',
6✔
323
            'password',
6✔
324
            'host',
6✔
325
            'project',
6✔
326
        ],
327
    },
328
)
329

330
vmware = ManagedCredentialType(
×
331
    namespace='vmware',
6✔
332
    kind='cloud',
6✔
333
    name=gettext_noop('VMware vCenter'),
×
334
    managed=True,
6✔
335
    custom_injectors=vmware_injector,
6✔
336
    inputs={
337
        'fields': [
6✔
338
            {
339
                'id': 'host',
6✔
340
                'label': gettext_noop('VCenter Host'),
×
341
                'type': 'string',
6✔
342
                'help_text': gettext_noop(
×
343
                    'Enter the hostname or IP address that corresponds to '
6✔
344
                    'your VMware vCenter.',
345
                ),
346
            },
347
            {
348
                'id': 'username',
6✔
349
                'label': gettext_noop('Username'),
×
350
                'type': 'string',
6✔
351
            },
352
            {
353
                'id': 'password',
6✔
354
                'label': gettext_noop('Password'),
×
355
                'type': 'string',
6✔
356
                'secret': True,
6✔
357
            },
358
        ],
359
        'required': [
6✔
360
            'host',
6✔
361
            'username',
6✔
362
            'password',
6✔
363
        ],
364
    },
365
)
366

367
satellite6 = ManagedCredentialType(
×
368
    namespace='satellite6',
6✔
369
    kind='cloud',
6✔
370
    name=gettext_noop('Red Hat Satellite 6'),
×
371
    managed=True,
6✔
372
    inputs={
373
        'fields': [
6✔
374
            {
375
                'id': 'host',
6✔
376
                'label': gettext_noop('Satellite 6 URL'),
×
377
                'type': 'string',
6✔
378
                'help_text': gettext_noop(
×
379
                    'Enter the URL that corresponds to your Red Hat Satellite '
6✔
380
                    '6 server. For example, https://satellite.example.org',
381
                ),
382
            },
383
            {
384
                'id': 'username',
6✔
385
                'label': gettext_noop('Username'),
×
386
                'type': 'string',
6✔
387
            },
388
            {
389
                'id': 'password',
6✔
390
                'label': gettext_noop('Password'),
×
391
                'type': 'string',
6✔
392
                'secret': True,
6✔
393
            },
394
        ],
395
        'required': [
6✔
396
            'host',
6✔
397
            'username',
6✔
398
            'password',
6✔
399
        ],
400
    },
401
)
402

403
gce = ManagedCredentialType(
×
404
    namespace='gce',
6✔
405
    kind='cloud',
6✔
406
    name=gettext_noop('Google Compute Engine'),
×
407
    managed=True,
6✔
408
    custom_injectors=gce_injector,
6✔
409
    inputs={
410
        'fields': [
6✔
411
            {
412
                'id': 'username',
6✔
413
                'label': gettext_noop('Service Account Email Address'),
×
414
                'type': 'string',
6✔
415
                'help_text': gettext_noop(
×
416
                    'The email address assigned to the Google Compute Engine '
6✔
417
                    'service account.',
418
                ),
419
            },
420
            {
421
                'id': 'project',
6✔
422
                'label': 'Project',
6✔
423
                'type': 'string',
6✔
424
                'help_text': gettext_noop(
×
425
                    'The Project ID is the GCE assigned identification. '
6✔
426
                    'It is often constructed as three words or two words '
427
                    'followed by a three-digit number. Examples: '
428
                    'project-id-000 and another-project-id',
429
                ),
430
            },
431
            {
432
                'id': 'ssh_key_data',
6✔
433
                'label': gettext_noop('RSA Private Key'),
×
434
                'type': 'string',
6✔
435
                'format': 'ssh_private_key',
6✔
436
                'secret': True,
6✔
437
                'multiline': True,
6✔
438
                'help_text': gettext_noop(
×
439
                    'Paste the contents of the PEM file associated with the '
6✔
440
                    'service account email.',
441
                ),
442
            },
443
        ],
444
        'required': [
6✔
445
            'username',
6✔
446
            'ssh_key_data',
6✔
447
        ],
448
    },
449
)
450

451
azure_rm = ManagedCredentialType(
×
452
    namespace='azure_rm',
6✔
453
    kind='cloud',
6✔
454
    name=gettext_noop('Microsoft Azure Resource Manager'),
×
455
    managed=True,
6✔
456
    custom_injectors=azure_rm_injector,
6✔
457
    inputs={
458
        'fields': [
6✔
459
            {
460
                'id': 'subscription',
6✔
461
                'label': gettext_noop('Subscription ID'),
×
462
                'type': 'string',
6✔
463
                'help_text': gettext_noop(
×
464
                    'Subscription ID is an Azure construct, which is mapped '
6✔
465
                    'to a username.',
466
                ),
467
            },
468
            {
469
                'id': 'username',
6✔
470
                'label': gettext_noop('Username'),
×
471
                'type': 'string',
6✔
472
            },
473
            {
474
                'id': 'password',
6✔
475
                'label': gettext_noop('Password'),
×
476
                'type': 'string',
6✔
477
                'secret': True,
6✔
478
            },
479
            {
480
                'id': 'client',
6✔
481
                'label': gettext_noop('Client ID'),
×
482
                'type': 'string',
6✔
483
            },
484
            {
485
                'id': 'secret',
6✔
486
                'label': gettext_noop('Client Secret'),
×
487
                'type': 'string',
6✔
488
                'secret': True,
6✔
489
            },
490
            {
491
                'id': 'tenant',
6✔
492
                'label': gettext_noop('Tenant ID'),
×
493
                'type': 'string',
6✔
494
            },
495
            {
496
                'id': 'cloud_environment',
6✔
497
                'label': gettext_noop('Azure Cloud Environment'),
×
498
                'type': 'string',
6✔
499
                'help_text': gettext_noop(
×
500
                    'Environment variable AZURE_CLOUD_ENVIRONMENT when using '
6✔
501
                    'Azure GovCloud or Azure stack.',
502
                ),
503
            },
504
        ],
505
        'required': [
6✔
506
            'subscription',
6✔
507
        ],
508
    },
509
)
510

511
github_token = ManagedCredentialType(
×
512
    namespace='github_token',
6✔
513
    kind='token',
6✔
514
    name=gettext_noop('GitHub Personal Access Token'),
×
515
    managed=True,
6✔
516
    inputs={
517
        'fields': [
6✔
518
            {
519
                'id': 'token',
6✔
520
                'label': gettext_noop('Token'),
×
521
                'type': 'string',
6✔
522
                'secret': True,
6✔
523
                'help_text': gettext_noop(
×
524
                    'This token needs to come from your profile settings '
6✔
525
                    'in GitHub',
526
                ),
527
            },
528
        ],
529
        'required': [
6✔
530
            'token',
6✔
531
        ],
532
    },
533
)
534

535
gitlab_token = ManagedCredentialType(
×
536
    namespace='gitlab_token',
6✔
537
    kind='token',
6✔
538
    name=gettext_noop('GitLab Personal Access Token'),
×
539
    managed=True,
6✔
540
    inputs={
541
        'fields': [
6✔
542
            {
543
                'id': 'token',
6✔
544
                'label': gettext_noop('Token'),
×
545
                'type': 'string',
6✔
546
                'secret': True,
6✔
547
                'help_text': gettext_noop(
×
548
                    'This token needs to come from your profile settings in '
6✔
549
                    'GitLab',
550
                ),
551
            },
552
        ],
553
        'required': ['token'],
6✔
554
    },
555
)
556

557
bitbucket_dc_token = ManagedCredentialType(
×
558
    namespace='bitbucket_dc_token',
6✔
559
    kind='token',
6✔
560
    name=gettext_noop('Bitbucket Data Center HTTP Access Token'),
×
561
    managed=True,
6✔
562
    inputs={
563
        'fields': [
6✔
564
            {
565
                'id': 'token',
6✔
566
                'label': gettext_noop('Token'),
×
567
                'type': 'string',
6✔
568
                'secret': True,
6✔
569
                'help_text': gettext_noop(
×
570
                    'This token needs to come from your user settings in '
6✔
571
                    'Bitbucket',
572
                ),
573
            },
574
        ],
575
        'required': [
6✔
576
            'token',
6✔
577
        ],
578
    },
579
)
580

581
insights = ManagedCredentialType(
×
582
    namespace='insights',
6✔
583
    kind='insights',
6✔
584
    name=gettext_noop('Insights'),
×
585
    managed=True,
6✔
586
    inputs={
587
        'fields': [
6✔
588
            {
589
                'id': 'username',
6✔
590
                'label': gettext_noop('Username'),
×
591
                'type': 'string',
6✔
592
                'help_text': gettext_noop(
×
593
                    'Username is required for basic authentication.',
6✔
594
                ),
595
            },
596
            {
597
                'id': 'password',
6✔
598
                'label': gettext_noop('Password'),
×
599
                'type': 'string',
6✔
600
                'secret': True,
6✔
601
                'help_text': gettext_noop(
×
602
                    'Password is required for basic authentication.',
6✔
603
                ),
604
            },
605
            {
606
                'id': 'client_id',
6✔
607
                'label': gettext_noop('Client ID'),
×
608
                'type': 'string',
6✔
609
                'help_text': gettext_noop(
×
610
                    'Enter client ID to create a service account credential.',
6✔
611
                ),
612
            },
613
            {
614
                'id': 'client_secret',
6✔
615
                'label': gettext_noop('Client Secret'),
×
616
                'type': 'string',
6✔
617
                'secret': True,
6✔
618
                'help_text': gettext_noop(
×
619
                    'Enter client secret to create a service account credential.',
6✔
620
                ),
621
            },
622
        ],
623
        'required': [],
6✔
624
    },
625
    injectors={
626
        'extra_vars': {
6✔
627
            'scm_username': '{{username}}',
6✔
628
            'scm_password': '{{password}}',
6✔
629
            'client_id': '{{client_id}}',
6✔
630
            'client_secret': '{{client_secret}}',
6✔
631
            'authentication': '{% if client_id %}service_account{% else %}basic{% endif %}',
6✔
632
        },
633
        'env': {
6✔
634
            'INSIGHTS_USER': '{{username}}',
6✔
635
            'INSIGHTS_PASSWORD': '{{password}}',
6✔
636
            'INSIGHTS_CLIENT_ID': '{{client_id}}',
6✔
637
            'INSIGHTS_CLIENT_SECRET': '{{client_secret}}',
6✔
638
        },
639
    },
640
)
641

642
rhv = ManagedCredentialType(
×
643
    namespace='rhv',
6✔
644
    kind='cloud',
6✔
645
    name=gettext_noop('Red Hat Virtualization'),
×
646
    managed=True,
6✔
647
    inputs={
648
        'fields': [
6✔
649
            {
650
                'id': 'host',
6✔
651
                'label': gettext_noop('Host (Authentication URL)'),
×
652
                'type': 'string',
6✔
653
                'help_text': gettext_noop('The host to authenticate with.'),
×
654
            },
655
            {
656
                'id': 'username',
6✔
657
                'label': gettext_noop('Username'),
×
658
                'type': 'string',
6✔
659
            },
660
            {
661
                'id': 'password',
6✔
662
                'label': gettext_noop('Password'),
×
663
                'type': 'string',
6✔
664
                'secret': True,
6✔
665
            },
666
            {
667
                'id': 'ca_file',
6✔
668
                'label': gettext_noop('CA File'),
×
669
                'type': 'string',
6✔
670
                'help_text': gettext_noop(
×
671
                    'Absolute file path to the CA file to use (optional)',
6✔
672
                ),
673
            },
674
        ],
675
        'required': ['host', 'username', 'password'],
6✔
676
    },
677
    injectors={
678
        # The duplication here is intentional; the ovirt4 inventory plugin
679
        # writes a .ini file for authentication, while the ansible modules for
680
        # ovirt4 use a separate authentication process that support
681
        # environment variables; by injecting both, we support both
682
        'file': {
6✔
683
            'template': '\n'.join(
6✔
684
                [
685
                    '[ovirt]',
6✔
686
                    'ovirt_url={{host}}',
6✔
687
                    'ovirt_username={{username}}',
6✔
688
                    'ovirt_password={{password}}',
6✔
689
                    '{% if ca_file %}ovirt_ca_file={{ca_file}}{% endif %}',
6✔
690
                ],
691
            ),
692
        },
693
        'env': {
6✔
694
            'OVIRT_INI_PATH': '{{tower.filename}}',
6✔
695
            'OVIRT_URL': '{{host}}',
6✔
696
            'OVIRT_USERNAME': '{{username}}',
6✔
697
            'OVIRT_PASSWORD': '{{password}}',
6✔
698
        },
699
    },
700
)
701

702
controller = ManagedCredentialType(
×
703
    namespace='controller',
6✔
704
    kind='cloud',
6✔
705
    name=gettext_noop('Red Hat Ansible Automation Platform'),
×
706
    managed=True,
6✔
707
    inputs={
708
        'fields': [
6✔
709
            {
710
                'id': 'host',
6✔
711
                'label': gettext_noop('Red Hat Ansible Automation Platform'),
×
712
                'type': 'string',
6✔
713
                'help_text': gettext_noop(
×
714
                    'Red Hat Ansible Automation Platform base URL to '
6✔
715
                    'authenticate with.',
716
                ),
717
            },
718
            {
719
                'id': 'username',
6✔
720
                'label': gettext_noop('Username'),
×
721
                'type': 'string',
6✔
722
                'help_text': gettext_noop(
×
723
                    'Red Hat Ansible Automation Platform username id to '
6✔
724
                    'authenticate as.This should not be set if an OAuth token '
725
                    'is being used.',
726
                ),
727
            },
728
            {
729
                'id': 'password',
6✔
730
                'label': gettext_noop('Password'),
×
731
                'type': 'string',
6✔
732
                'secret': True,
6✔
733
            },
734
            {
735
                'id': 'oauth_token',
6✔
736
                'label': gettext_noop('OAuth Token'),
×
737
                'type': 'string',
6✔
738
                'secret': True,
6✔
739
                'help_text': gettext_noop(
×
740
                    'An OAuth token to use to authenticate with.This should '
6✔
741
                    'not be set if username/password are being used.',
742
                ),
743
            },
744
            {
745
                'id': 'verify_ssl',
6✔
746
                'label': gettext_noop('Verify SSL'),
×
747
                'type': 'boolean',
6✔
748
                'secret': False,
6✔
749
            },
750
            {
751
                'id': 'request_timeout',
6✔
NEW
752
                'label': gettext_noop('Request Timeout'),
×
753
                'type': 'string',
6✔
754
                'secret': False,
6✔
755
                'default': '10',
6✔
756
                'help_text': gettext_noop(
×
757
                    'Specify the timeout Ansible should use in requests to '
6✔
758
                    'the host. Defaults to 10s',
759
                ),
760
            },
761
        ],
762
        'required': ['host'],
6✔
763
    },
764
    injectors={
765
        'extra_vars': {
6✔
766
            'aap_hostname': '{{host}}',
6✔
767
            'aap_username': '{{username}}',
6✔
768
            'aap_password': '{{password}}',
6✔
769
            'aap_token': '{{oauth_token}}',
6✔
770
            'aap_request_timeout': '{{request_timeout}}',
6✔
771
            'aap_validate_certs': '{{verify_ssl}}',
6✔
772
        },
773
        'env': {
6✔
774
            'TOWER_HOST': '{{host}}',
6✔
775
            'TOWER_USERNAME': '{{username}}',
6✔
776
            'TOWER_PASSWORD': '{{password}}',
6✔
777
            'TOWER_VERIFY_SSL': '{{verify_ssl}}',
6✔
778
            'TOWER_OAUTH_TOKEN': '{{oauth_token}}',
6✔
779
            'CONTROLLER_HOST': '{{host}}',
6✔
780
            'CONTROLLER_USERNAME': '{{username}}',
6✔
781
            'CONTROLLER_PASSWORD': '{{password}}',
6✔
782
            'CONTROLLER_VERIFY_SSL': '{{verify_ssl}}',
6✔
783
            'CONTROLLER_OAUTH_TOKEN': '{{oauth_token}}',
6✔
784
            'CONTROLLER_REQUEST_TIMEOUT': '{{request_timeout}}',
6✔
785
            'AAP_HOSTNAME': '{{host}}',
6✔
786
            'AAP_USERNAME': '{{username}}',
6✔
787
            'AAP_PASSWORD': '{{password}}',
6✔
788
            'AAP_VALIDATE_CERTS': '{{verify_ssl}}',
6✔
789
            'AAP_TOKEN': '{{oauth_token}}',
6✔
790
            'AAP_REQUEST_TIMEOUT': '{{request_timeout}}',
6✔
791
        },
792
    },
793
)
794

795
kubernetes_bearer_token = ManagedCredentialType(
×
796
    namespace='kubernetes_bearer_token',
6✔
797
    kind='kubernetes',
6✔
798
    name=gettext_noop('OpenShift or Kubernetes API Bearer Token'),
×
799
    managed=True,
6✔
800
    custom_injectors=kubernetes_bearer_token_injector,
6✔
801
    inputs={
802
        'fields': [
6✔
803
            {
804
                'id': 'host',
6✔
805
                'label': gettext_noop('OpenShift or Kubernetes API Endpoint'),
×
806
                'type': 'string',
6✔
807
                'help_text': gettext_noop(
×
808
                    'The OpenShift or Kubernetes API Endpoint to authenticate '
6✔
809
                    'with.',
810
                ),
811
            },
812
            {
813
                'id': 'bearer_token',
6✔
814
                'label': gettext_noop('API authentication bearer token'),
×
815
                'type': 'string',
6✔
816
                'secret': True,
6✔
817
            },
818
            {
819
                'id': 'verify_ssl',
6✔
820
                'label': gettext_noop('Verify SSL'),
×
821
                'type': 'boolean',
6✔
822
                'default': True,
6✔
823
            },
824
            {
825
                'id': 'ssl_ca_cert',
6✔
826
                'label': gettext_noop('Certificate Authority data'),
×
827
                'type': 'string',
6✔
828
                'secret': True,
6✔
829
                'multiline': True,
6✔
830
            },
831
        ],
832
        'required': ['host', 'bearer_token'],
6✔
833
    },
834
)
835

836
registry = ManagedCredentialType(
×
837
    namespace='registry',
6✔
838
    kind='registry',
6✔
839
    name=gettext_noop('Container Registry'),
×
840
    managed=True,
6✔
841
    inputs={
842
        'fields': [
6✔
843
            {
844
                'id': 'host',
6✔
845
                'label': gettext_noop('Authentication URL'),
×
846
                'type': 'string',
6✔
847
                'help_text': gettext_noop(
×
848
                    'Authentication endpoint for the container registry.',
6✔
849
                ),
850
                'default': 'quay.io',
6✔
851
            },
852
            {
853
                'id': 'username',
6✔
854
                'label': gettext_noop('Username'),
×
855
                'type': 'string',
6✔
856
            },
857
            {
858
                'id': 'password',
6✔
859
                'label': gettext_noop('Password or Token'),
×
860
                'type': 'string',
6✔
861
                'secret': True,
6✔
862
                'help_text': gettext_noop(
×
863
                    'A password or token used to authenticate with',
6✔
864
                ),
865
            },
866
            {
867
                'id': 'verify_ssl',
6✔
868
                'label': gettext_noop('Verify SSL'),
×
869
                'type': 'boolean',
6✔
870
                'default': True,
6✔
871
            },
872
        ],
873
        'required': ['host'],
6✔
874
    },
875
)
876

877

878
galaxy_api_token = ManagedCredentialType(
×
879
    namespace='galaxy_api_token',
6✔
880
    kind='galaxy',
6✔
881
    name=gettext_noop('Ansible Galaxy/Automation Hub API Token'),
×
882
    managed=True,
6✔
883
    inputs={
884
        'fields': [
6✔
885
            {
886
                'id': 'url',
6✔
887
                'label': gettext_noop('Galaxy Server URL'),
×
888
                'type': 'string',
6✔
889
                'help_text': gettext_noop(
×
890
                    'The URL of the Galaxy instance to connect to.',
6✔
891
                ),
892
            },
893
            {
894
                'id': 'auth_url',
6✔
895
                'label': gettext_noop('Auth Server URL'),
×
896
                'type': 'string',
6✔
897
                'help_text': gettext_noop(
×
898
                    'The URL of a Keycloak server token_endpoint, '
6✔
899
                    'if using SSO auth.',
900
                ),
901
            },
902
            {
903
                'id': 'token',
6✔
904
                'label': gettext_noop('API Token'),
×
905
                'type': 'string',
6✔
906
                'secret': True,
6✔
907
                'help_text': gettext_noop(
×
908
                    'A token to use for authentication against the Galaxy '
6✔
909
                    'instance.',
910
                ),
911
            },
912
        ],
913
        'required': ['url'],
6✔
914
    },
915
)
916

917
gpg_public_key = ManagedCredentialType(
×
918
    namespace='gpg_public_key',
6✔
919
    kind='cryptography',
6✔
920
    name=gettext_noop('GPG Public Key'),
×
921
    managed=True,
6✔
922
    inputs={
923
        'fields': [
6✔
924
            {
925
                'id': 'gpg_public_key',
6✔
926
                'label': gettext_noop('GPG Public Key'),
×
927
                'type': 'string',
6✔
928
                'secret': True,
6✔
929
                'multiline': True,
6✔
930
                'help_text': gettext_noop(
×
931
                    'GPG Public Key used to validate content signatures.',
6✔
932
                ),
933
            },
934
        ],
935
        'required': ['gpg_public_key'],
6✔
936
    },
937
)
938

939
terraform = ManagedCredentialType(
×
940
    namespace='terraform',
6✔
941
    kind='cloud',
6✔
942
    name=gettext_noop('Terraform backend configuration'),
×
943
    managed=True,
6✔
944
    custom_injectors=terraform_injector,
6✔
945
    inputs={
946
        'fields': [
6✔
947
            {
948
                'id': 'configuration',
6✔
949
                'label': gettext_noop('Backend configuration'),
×
950
                'type': 'string',
6✔
951
                'secret': True,
6✔
952
                'multiline': True,
6✔
953
                'help_text': gettext_noop(
×
954
                    'Terraform backend config as Hashicorp configuration '
6✔
955
                    'language.',
956
                ),
957
            },
958
            {
959
                'id': 'gce_credentials',
6✔
960
                'label': gettext_noop(
×
961
                    'Google Cloud Platform account credentials',
6✔
962
                ),
963
                'type': 'string',
6✔
964
                'secret': True,
6✔
965
                'multiline': True,
6✔
966
                'help_text': gettext_noop(
×
967
                    'Google Cloud Platform account credentials '
6✔
968
                    'in JSON format.',
969
                ),
970
            },
971
        ],
972
        'required': ['configuration'],
6✔
973
    },
974
)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc