Get htpaswd credentials from ansible variable

ansible/inventory/host_files/192.168.56.10/pandda.yaml

@@ -8,8 +8,3 @@
     protected_prefixes:
       - 192.168.100.0/24
       - 192.168.101.0/24
-    users:
-      - username: admin
-        password: admin
-      - username: local
-        password: local

ansible/inventory/host_vars/192.168.56.10/pandda_vars.yaml

@@ -0,0 +1,2 @@
+adict_gui_user: username
+adict_gui_pass: password

ansible/roles/nginx/tasks/main.yml

@@ -20,7 +20,11 @@
 
 - name: Execute basic HTTP auth configuration generator
   ansible.builtin.command:
-    cmd: "{{ pandda_conf_executable }} {{ pandda_conf_opt }}/adict_basic_auth_conf.py -f {{ pandda_conf_path }}adict.htpasswd"
+    cmd: >
+      {{ pandda_conf_executable }} {{ pandda_conf_opt }}/adict_basic_auth_conf.py
+      --config '[{username: {{ adict_gui_user }}, password: {{ adict_gui_pass }}}]'
+      --file {{ pandda_conf_path }}adict.htpasswd
+  no_log: true
   changed_when: true
   tags: configure
 

ansible/roles/pandda_conf/files/adict_basic_auth_conf.py

@@ -1,5 +1,4 @@
 import sys
-import os
 import typing
 
 import bcrypt
@@ -11,10 +10,10 @@ def generate_htpasswd_content(config: dict, output_file: typing.TextIO):
     """Generates htpasswd file content based on supplied central configuration file
 
     Args:
-        config (dict): Central configuration file
+        config (dict): User configuration
         output_file (TextIO): Output file handle
     """
-    for user in config["users"]:
+    for user in config:
         # Data from config
         username = user["username"]
         password = user["password"]
@@ -32,8 +31,9 @@ def generate_htpasswd_content(config: dict, output_file: typing.TextIO):
         "-c",
         "--config",
         dest="config",
-        default="/etc/pandda.d/pandda.yaml",
-        help="configuration file containing user settings",
+        help="configuration string containing user settings",
+        required=True,
+        type=str,
     )
     parser.add_argument(
         "-f",
@@ -43,26 +43,13 @@ def generate_htpasswd_content(config: dict, output_file: typing.TextIO):
     )
     args = parser.parse_args()
 
-    # Load central config
-    adict_config = None
-    if os.path.exists(args.config):
-        with open(args.config, "r") as f:
-            pandda_config = yaml.safe_load(f)
-        for sub_config in pandda_config:
-            if "adict" in sub_config:
-                adict_config = sub_config["adict"]
-                break
-        else:
-            print("ADiCT section missing in the configuration file", file=sys.stderr)
-            exit(1)
-    else:
-        print(f"Configuration file {args.config} not found", file=sys.stderr)
-        exit(1)
+    # Load configuration
+    users_config = yaml.safe_load(args.config)
 
     # Generate htpasswd
     with open(args.file, "w") as f:
         try:
-            htpasswd_content = generate_htpasswd_content(adict_config, f)
+            htpasswd_content = generate_htpasswd_content(users_config, f)
         except KeyError as e:
             print(f"Key missing in the configuration file: {e}", file=sys.stderr)
             exit(1)