TechQA.

IBM Cloud Secrets Manager API - can I create multiple secret groups at once?

87 views Asked by At

I am writing an Ansible play against the IBM Cloud Secrets Manager API. One of the tasks is to create secret groups. I pass to collection_total the length of the list, and in the resources value I provide the list, which contains the groups in the format:

{ 'name': group_name, 'description': group_description}

This appears to match the API.

Running the play in verbose mode validates the information I am passing in the body:

    "invocation": {
        "module_args": {
            "attributes": null,
            "body": {
                "metadata": {
                    "collection_total": 24,
                    "collection_type": "application/vnd.ibm.secrets-manager.secret.group+json"
                },
                "resources": [
                    {
                        "description": "fail-safe-credentials",
                        "name": "fail-safe-credentials"
                    },
                    {
                        "description": "ebgp-password",
                        "name": "ebgp-password"
                    },

(Note: The full resources list is redacted to save space, but it does contain 24 entries. Also, I am aware that the description is just the name, but I am migrating secrets and there were no descriptions previously, so making do with a required value the best way I can.)

Here is relevant task:

    - name: Create new groups in CSM
      ansible.builtin.uri:
        url: "{{ csm_vault_url }}/api/v1/secret_groups"
        headers:
          Content-Type: application/json
          Authorization: "Bearer {{ iam_token }}"
        method: POST
        body_format: json
        body:
          metadata:
            collection_type: application/vnd.ibm.secrets-manager.secret.group+json
            collection_total: "{{ group_info.new | length }}"
          resources: "{{ group_info.new }}"
      register: created_groups
      tags: csm

When I run the play, it fails - and the error is:

    "json": {
        "errors": [
            {
                "code": "secrets-manager.00023E",
                "message": "You can create only one secret group at a time."
            }

The API doesn't state that 1 is the only value supported, but this would seem to indicate that it is. I can loop through the list, but I just wanted to verify what should be the case, since calling the API once is preferable to calling it 24 times. If this is the expected behavior, could the API docs be updated to reflect this (and perhaps remove the collections_total value, if it isn't really a variable).

Running an Ansible play using the ansible.builtin.uri module against the CSM API. Expected that the single API call would create the 24 secret groups. Actual result: Error message.

ibm-cloud ibm-secrets-manager
Original Q&A
1

There are 1 answers

0
Idan Adar On BEST ANSWER

Bulk operations are not supported.

Related Questions in IBM-CLOUD

Related Questions in IBM-SECRETS-MANAGER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions