summaryrefslogtreecommitdiffstats
path: root/roles/openshift_aws_iam_kms
diff options
context:
space:
mode:
authorKenny Woodson <kwoodson@redhat.com>2017-07-28 17:31:21 -0400
committerKenny Woodson <kwoodson@redhat.com>2017-08-21 21:25:22 -0400
commit435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164 (patch)
tree5041faeb9b23781c3befaac18dd64e104963a586 /roles/openshift_aws_iam_kms
parent23da41c1fb3736b10e07774000e3a2bca028806e (diff)
downloadopenshift-435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164.tar.gz
openshift-435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164.tar.bz2
openshift-435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164.tar.xz
openshift-435bbcb4af02ddedaa2ebcbea48b00f2bbf4d164.zip
First attempt at provisioning.
Diffstat (limited to 'roles/openshift_aws_iam_kms')
-rw-r--r--roles/openshift_aws_iam_kms/README.md43
-rw-r--r--roles/openshift_aws_iam_kms/defaults/main.yml1
-rw-r--r--roles/openshift_aws_iam_kms/meta/main.yml13
-rw-r--r--roles/openshift_aws_iam_kms/tasks/main.yml18
4 files changed, 75 insertions, 0 deletions
diff --git a/roles/openshift_aws_iam_kms/README.md b/roles/openshift_aws_iam_kms/README.md
new file mode 100644
index 000000000..9468e785c
--- /dev/null
+++ b/roles/openshift_aws_iam_kms/README.md
@@ -0,0 +1,43 @@
+openshift_aws_iam_kms
+=========
+
+Ansible role to create AWS IAM KMS keys for encryption
+
+Requirements
+------------
+
+Ansible Modules:
+
+oo_iam_kms
+
+Role Variables
+--------------
+
+- r_openshift_aws_iam_kms_region: AWS region to create KMS key
+- r_openshift_aws_iam_kms_alias: Alias name to assign to created KMS key
+
+Dependencies
+------------
+
+lib_utils
+
+Example Playbook
+----------------
+```yaml
+- include_role:
+ name: openshift_aws_iam_kms
+ vars:
+ r_openshift_aws_iam_kms_region: 'us-east-1'
+ r_openshift_aws_iam_kms_alias: 'alias/clusterABC_kms'
+```
+
+
+License
+-------
+
+Apache 2.0
+
+Author Information
+------------------
+
+Openshift
diff --git a/roles/openshift_aws_iam_kms/defaults/main.yml b/roles/openshift_aws_iam_kms/defaults/main.yml
new file mode 100644
index 000000000..ed97d539c
--- /dev/null
+++ b/roles/openshift_aws_iam_kms/defaults/main.yml
@@ -0,0 +1 @@
+---
diff --git a/roles/openshift_aws_iam_kms/meta/main.yml b/roles/openshift_aws_iam_kms/meta/main.yml
new file mode 100644
index 000000000..e29aaf96b
--- /dev/null
+++ b/roles/openshift_aws_iam_kms/meta/main.yml
@@ -0,0 +1,13 @@
+---
+galaxy_info:
+ author: OpenShift
+ description: AWS IAM KMS setup and management
+ company: Red Hat, Inc
+ license: ASL 2.0
+ min_ansible_version: 1.2
+ platforms:
+ - name: EL
+ versions:
+ - 7
+dependencies:
+- lib_utils
diff --git a/roles/openshift_aws_iam_kms/tasks/main.yml b/roles/openshift_aws_iam_kms/tasks/main.yml
new file mode 100644
index 000000000..b541b466c
--- /dev/null
+++ b/roles/openshift_aws_iam_kms/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- fail:
+ msg: "{{ item.name }} needs to be defined."
+ when: "{{ item.cond }}"
+ with_items:
+ - name: "{{ r_openshift_aws_iam_kms_alias }}"
+ cond: "{{ r_openshift_aws_iam_kms_alias is undefined }}"
+ - name: "{{ r_openshift_aws_iam_kms_region }}"
+ cond: "{{ r_openshift_aws_iam_kms_region is undefined }}"
+
+- name: Create IAM KMS key with alias
+ oo_iam_kms:
+ state: present
+ alias: "{{ r_openshift_aws_iam_kms_alias }}"
+ region: "{{ r_openshift_aws_iam_kms_region }}"
+ register: created_kms
+
+- debug: var=created_kms.results
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-20 05:11:06 +0000