explain secrets password format

[ikke-t]

It seems secrets format has changed since I last used it. I didn't see it explained anywhere. So looking around I ended up with this:

  - name: ldap
    vaultPrefixes:
      - global
    fields:
      - name: bindPassword
        value: foobar
        onMissingValue: generate
        vaultPolicy: validatedPatternDefaultPolicy

which compalains:

TASK [vault_utils : Loads secrets file into the vault of a cluster] ***************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Secret has onMissingValue set to 'generate' but has a value set"}

Value is not missing, it should just ignore that generate field. Variable name "onMissingValue" would indicate it ignores this if value is set.

But alltogether, the format of secrets file should be described in the doc. As of current, it doesn't have "value:" in example.

[mbaldessari]

I added #262 with a link to the specs. Maybe we should open up a dedicated section in the docs to cover for this in a more visible way?