eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Fix 1Password secret tasks always reporting changed in ringtail playbook #213

Merged
eblume merged 1 commit from fix/ringtail-1password-secrets-idempotent into main 2026-02-19 07:25:26 -08:00
Conversation 0 Commits 1 Files changed 2 +5 -2
2 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ansible/playbooks/ringtail.yml
View file

@ -100,7 +100,8 @@
--from-literal=1password-credentials.json='{{ _op_credentials.stdout }}' \
--dry-run=client -o yaml | k3s kubectl apply -f -
executable: /run/current-system/sw/bin/bash
changed_when: true
register: _op_credentials_apply
changed_when: "'configured' in _op_credentials_apply.stdout or 'created' in _op_credentials_apply.stdout"
no_log: true
- name: Create or update onepassword-token secret
@ -112,5 +113,6 @@
--from-literal=token={{ _op_token.stdout }} \
--dry-run=client -o yaml | k3s kubectl apply -f -
executable: /run/current-system/sw/bin/bash
changed_when: true
register: _op_token_apply
changed_when: "'configured' in _op_token_apply.stdout or 'created' in _op_token_apply.stdout"
no_log: true

1
docs/changelog.d/fix-ringtail-1password-secrets-idempotent.bugfix.md Normal file
View file

@ -0,0 +1 @@
Make 1Password secret tasks in ringtail playbook idempotent by checking kubectl apply output instead of always reporting changed.