controller_credentials password field-use another credential.

[mondherGL]

Hello ,

is it possible to refer another credential on password filed with controller_credentials ?
for example i have created credential CyberArk with type CyberArk Central Credential Provider Lookup i want to use it to create another credential like this :

controller_credentials:

• name: "Machine Credentials Example"
  description: "Machine Credentials Example"
  credential_type: "Machine"
  organization: "ExampleOrg"
  inputs:
  username: "user-ansible"
  password: CyberArk

Thank you in advance for your response,
Mondher Khaskhoussi

[djdanielsson]

that is not how lookups work, you would create credential_input_source which would look something like:

- source_credential: cyberark
    target_credential: gitlab
    input_field_name: password
    metadata:
      object_query: "Safe=MY_SAFE;Object=AWX-user"
      object_query_format: "Exact"
    description: Fill the gitlab credential from CyberArk

see the role for more details https://github.com/redhat-cop/controller_configuration/tree/devel/roles/credential_input_sources

[mondherGL]

Hello ,

Thank you for your response, but i need also to create the cyberark credential with type CyberArk Central Credential Provider Lookup.
on the documentation i can't find this credential type creation
https://github.com/redhat-cop/controller_configuration/blob/devel/roles/credentials/README.md
is it supported to create a credential with type CyberArk Central Credential Provider Lookup ?

Thank you,

[djdanielsson]

that list is out of date, I think we might want to consider just pointing to other documentation to provide an accurate up to date list so that is not something we need to try and keep up with.

[mondherGL]

Hello ,

if credential creation with type CyberArk Central Credential Provider Lookup is supported , can you please provide me the right syntax for the input parameters ? for example :

name: "CyberArk_lookup"
description: "Machine Credentials Example"
credential_type: "CyberArk Central Credential Provider Lookup"
organization: "ExampleOrg"
inputs:
CyberArk CCP URL: "https://:ccp.cyberark.com/"
Application ID: "application_id"

Thank you in advance,
Mondher khaskhoussi

[djdanielsson]

any credential type if it is a builtin or custom credential is "supported" by the module to create a credential associated to that type. as for those 2 inputs the correct fields are url and app_id. I would suggest looking at the credential type api finding the credential type you are interested in and seeing what the fields are. you will see the label which is what you see in the UI and the id which is the key that you need to use in the code. https://<Your Controller>/api/v2/credential_types/
and you will find the output to look something like this

{
            "id": 22,
            "type": "credential_type",
            "url": "[/api/v2/credential_types/22/](https://controller.local/api/v2/credential_types/22/)",
            "related": {
                "credentials": "[/api/v2/credential_types/22/credentials/](https://controller.local/api/v2/credential_types/22/credentials/)",
                "activity_stream": "[/api/v2/credential_types/22/activity_stream/](https://controller.local/api/v2/credential_types/22/activity_stream/)"
            },
            "summary_fields": {
                "user_capabilities": {
                    "edit": true,
                    "delete": true
                }
            },
            "created": "2024-04-29T17:06:56.102228Z",
            "modified": "2024-04-29T17:06:56.102228Z",
            "name": "CyberArk Central Credential Provider Lookup",
            "description": "",
            "kind": "external",
            "namespace": "aim",
            "managed": true,
            "inputs": {
                "fields": [
                    {
                        "id": "url",
                        "label": "CyberArk CCP URL",
                        "type": "string",
                        "format": "url"
                    },
                    {
                        "id": "webservice_id",
                        "label": "Web Service ID",
                        "type": "string",
                        "help_text": "The CCP Web Service ID. Leave blank to default to AIMWebService."
                    },
                    {
                        "id": "app_id",
                        "label": "Application ID",
                        "type": "string",
                        "secret": true
                    },
                    {
                        "id": "client_key",
                        "label": "Client Key",
                        "type": "string",
                        "secret": true,
                        "multiline": true
                    },
                    {
                        "id": "client_cert",
                        "label": "Client Certificate",
                        "type": "string",
                        "secret": true,
                        "multiline": true
                    },
                    {
                        "id": "verify",
                        "label": "Verify SSL Certificates",
                        "type": "boolean",
                        "default": true
                    }
                ],