Run Ansible Azure Playbooks without requiring credential files.

runAnsibleAzurePlaybook.sh

#!/bin/bash
set -e
# This script reads Vault password from user prompt, and loads Azure Environment Variables.
# 
# For this first you need to create an Ansible Vaulted .sh script of the format
# export AZURE_SUBSCRIPTION_ID=my_sub_id
# export AZURE_CLIENT_ID=my_serviceprincipal_client_id
# export AZURE_TENANT=my_serviceprincipal_tenant_id
# export AZURE_SECRET=my_serviceprincipal_secret_key
#
# Make sure to create the script with Ansible Vault:
# E.g. ansible-vault create foo.sh 
# 
# Next you run this script i.e runAnsibleAzurePlaybook.sh with the correct arguments.
# 
# The script then loads vaulted Azure secrets into the environment and Runs playbooks so that they can access the loaded Azure secrets.

# The main advantage is that Azure credentials and Vault passwords need not be stored in .bashrc or .azure/credentials files.

usage() {
    $0 [OPTIONS]
    -f [FILE] : Vaulted Env Script 
    -p [PLAYBOOK] : Playbook to run
    -i [INVENTORY DIR] : Inventory dir
    -h OR -? : Show this help.
    "
}

if [ $# -eq 0 ]; then
    usage; exit 0
fi

while getopts "h?i:vnf:p:" opt; do
    case "$opt" in
    h|\?)
        usage
        exit 0
        ;;
    i)  inv_path=$OPTARG
        ;;
    f)  envfile=$OPTARG
        ;;
    p)  pb_path=$OPTARG
        ;;
    *)  usage
        exit 0
        ;;
    esac
done



if [ ! -f$envfile ]; then
    echo "$envfile not found!"
    exit 1
fi

if [ ! -f$pb_path ]; then
    echo "$pb_path not found!"
    exit 1
fi

if [ ! -d $inv_path ]; then
    echo " $inv_path not found!"
    exit 1
fi

. <(ansible-vault --ask-vault-pass view $envfile)
ansible-playbook "--ask-vault-pass" -vvvv $pb_path