.. Document meta :orphan: .. |antsibull-internal-nbsp| unicode:: 0xA0 :trim: .. role:: ansible-attribute-support-label .. role:: ansible-attribute-support-property .. role:: ansible-attribute-support-full .. role:: ansible-attribute-support-partial .. role:: ansible-attribute-support-none .. role:: ansible-attribute-support-na .. role:: ansible-option-type .. role:: ansible-option-elements .. role:: ansible-option-required .. role:: ansible-option-versionadded .. role:: ansible-option-aliases .. role:: ansible-option-choices .. role:: ansible-option-choices-default-mark .. role:: ansible-option-default-bold .. role:: ansible-option-configuration .. role:: ansible-option-returned-bold .. role:: ansible-option-sample-bold .. Anchors .. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module: .. Anchors: short name for ansible.builtin .. Anchors: aliases .. Title cisco.dnac.device_credential_playbook_config_generator module -- Generate YAML configurations playbook for 'device\_credential\_workflow\_manager' module. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. Collection note .. note:: This module is part of the `cisco.dnac collection `_ (version 6.49.0). To install it, use: :code:`ansible-galaxy collection install cisco.dnac`. You need further requirements to be able to use this module, see :ref:`Requirements ` for details. To use it in a playbook, specify: :code:`cisco.dnac.device_credential_playbook_config_generator`. .. version_added .. rst-class:: ansible-version-added New in cisco.dnac 6.44.0 .. contents:: :local: :depth: 1 .. Deprecated Synopsis -------- .. Description - Automates brownfield YAML playbook generation for device credential configurations deployed in Cisco Catalyst Center infrastructure. - Extracts global device credentials (CLI, HTTPS Read/Write, SNMPv2c Read/Write, SNMPv3) and site-specific credential assignments via REST APIs. - Generates YAML files compatible with device\_credential\_workflow\_manager module for configuration documentation, credential auditing, disaster recovery, and multi-site credential standardization. - Supports auto-discovery mode for complete credential infrastructure extraction or component-based filtering for targeted extraction (global credentials, site assignments). - Masks sensitive fields (passwords, community strings, auth credentials) with Jinja2 variable placeholders for secure playbook generation. - Transforms camelCase API responses to snake\_case YAML format with comprehensive header comments and metadata. .. Aliases .. Requirements .. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module_requirements: Requirements ------------ The below requirements are needed on the host that executes this module. - dnacentersdk \>= 2.10.10 - python \>= 3.9 - PyYAML \>= 5.1 .. Options Parameters ---------- .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Parameter - Comments * - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config: .. rst-class:: ansible-option-title **config** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

A dictionary of filters for generating YAML playbook compatible with the \`device\_credential\_workflow\_manager\` module. Filters specify which components to include in the YAML configuration file. If "components\_list" is specified, only those components are included, regardless of the filters. If config is not provided or is empty, all configurations for all global\_credential\_details and assign\_credentials\_to\_site will be generated. This is useful for complete brownfield infrastructure discovery and documentation. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters: .. rst-class:: ansible-option-title **component_specific_filters** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Filters to specify which components to include in the YAML configuration file. If "components\_list" is specified, only those components are included, regardless of other filters. If filters for specific components (e.g., global\_credential\_details or assign\_credentials\_to\_site) are provided without explicitly including them in components\_list, those components will be automatically added to components\_list. At least one of components\_list or component filters must be provided. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/assign_credentials_to_site: .. rst-class:: ansible-option-title **assign_credentials_to_site** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Filters for site-specific credential assignment extraction. Extracts credential assignments for specified site hierarchical paths. Site names must be full hierarchical paths (case-sensitive). If not specified when component included in components\_list, extracts all site credential assignments. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/assign_credentials_to_site/site_name: .. rst-class:: ansible-option-title **site_name** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=string` .. raw:: html

- .. raw:: html

List of site hierarchical paths to extract credential assignments. Site names must match exact hierarchical paths in Catalyst Center (case-sensitive). Extracts CLI, HTTPS Read/Write, SNMPv2c Read/Write, and SNMPv3 credential assignments per site. For example, ["Global/India/Assam", "Global/India/Haryana"] .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/components_list: .. rst-class:: ansible-option-title **components_list** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=string` .. raw:: html

- .. raw:: html

List of credential components to include in YAML configuration. Valid values are 'global\_credential\_details' for global credentials and 'assign\_credentials\_to\_site' for site-specific assignments. If specified, only the listed components will be included in the generated YAML file. If not specified but component filters (global\_credential\_details or assign\_credentials\_to\_site) are provided, those components are automatically added to this list. If neither components\_list nor any component filters are provided, an error will be raised. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`"global\_credential\_details"` - :ansible-option-choices-entry:`"assign\_credentials\_to\_site"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details: .. rst-class:: ansible-option-title **global_credential_details** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Filters for global device credential extraction. Extracts only credentials matching specified descriptions. Each credential type (cli\_credential, https\_read, https\_write, snmp\_v2c\_read, snmp\_v2c\_write, snmp\_v3) can be filtered independently. Description values must match exactly as configured in Catalyst Center (case-sensitive). If credential type not specified, all credentials of that type extracted. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/cli_credential: .. rst-class:: ansible-option-title **cli_credential** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html

- .. raw:: html

List of CLI credential descriptions to extract. Extracts CLI credentials with matching description field. Each list item contains description key for filtering. For example: [{"description": "WLC\_CLI"}, {"description": "Router\_CLI"}] .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/cli_credential/description: .. rst-class:: ansible-option-title **description** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html

- .. raw:: html

Exact description of CLI credential to extract. Must match Catalyst Center credential description exactly (case-sensitive). .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/https_read: .. rst-class:: ansible-option-title **https_read** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html

- .. raw:: html

List of HTTPS Read credential descriptions to extract. Extracts HTTPS Read credentials with matching description field. Each list item contains description key for filtering. For example: [{"description": "HTTPS\_Read\_Admin"}] .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/https_read/description: .. rst-class:: ansible-option-title **description** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html

- .. raw:: html

Exact description of HTTPS Read credential to extract. Must match Catalyst Center credential description exactly (case-sensitive). .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/https_write: .. rst-class:: ansible-option-title **https_write** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html

- .. raw:: html

List of HTTPS Write credential descriptions to extract. Extracts HTTPS Write credentials with matching description field. Each list item contains description key for filtering. For example: [{"description": "HTTPS\_Write\_Admin"}] .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/https_write/description: .. rst-class:: ansible-option-title **description** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html

- .. raw:: html

Exact description of HTTPS Write credential to extract. Must match Catalyst Center credential description exactly (case-sensitive). .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/snmp_v2c_read: .. rst-class:: ansible-option-title **snmp_v2c_read** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html

- .. raw:: html

List of SNMPv2c Read credential descriptions to extract. Extracts SNMPv2c Read credentials with matching description field. Each list item contains description key for filtering. For example: [{"description": "SNMP\_RO\_Community"}] .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/snmp_v2c_read/description: .. rst-class:: ansible-option-title **description** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html

- .. raw:: html

Exact description of SNMPv2c Read credential to extract. Must match Catalyst Center credential description exactly (case-sensitive). .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/snmp_v2c_write: .. rst-class:: ansible-option-title **snmp_v2c_write** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html

- .. raw:: html

List of SNMPv2c Write credential descriptions to extract. Extracts SNMPv2c Write credentials with matching description field. Each list item contains description key for filtering. For example: [{"description": "SNMP\_RW\_Community"}] .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/snmp_v2c_write/description: .. rst-class:: ansible-option-title **description** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html

- .. raw:: html

Exact description of SNMPv2c Write credential to extract. Must match Catalyst Center credential description exactly (case-sensitive). .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/snmp_v3: .. rst-class:: ansible-option-title **snmp_v3** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html

- .. raw:: html

List of SNMPv3 credential descriptions to extract. Extracts SNMPv3 credentials with matching description field. Each list item contains description key for filtering. For example: [{"description": "SNMPv3\_Admin"}] .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-config/component_specific_filters/global_credential_details/snmp_v3/description: .. rst-class:: ansible-option-title **description** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html

- .. raw:: html

Exact description of SNMPv3 credential to extract. Must match Catalyst Center credential description exactly (case-sensitive). .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_api_task_timeout: .. rst-class:: ansible-option-title **dnac_api_task_timeout** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

Defines the timeout in seconds for API calls to retrieve task details. If the task details are not received within this period, the process will end, and a timeout notification will be logged. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`1200` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_debug: .. rst-class:: ansible-option-title **dnac_debug** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Indicates whether debugging is enabled in the Cisco Catalyst Center SDK. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_host: .. rst-class:: ansible-option-title **dnac_host** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html

- .. raw:: html

The hostname of the Cisco Catalyst Center. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_log: .. rst-class:: ansible-option-title **dnac_log** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Flag to enable/disable playbook execution logging. When true and dnac\_log\_file\_path is provided, - Create the log file at the execution location with the specified name. When true and dnac\_log\_file\_path is not provided, - Create the log file at the execution location with the name 'dnac.log'. When false, - Logging is disabled. If the log file doesn't exist, - It is created in append or write mode based on the "dnac\_log\_append" flag. If the log file exists, - It is overwritten or appended based on the "dnac\_log\_append" flag. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_log_append: .. rst-class:: ansible-option-title **dnac_log_append** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Determines the mode of the file. Set to True for 'append' mode. Set to False for 'write' mode. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_log_file_path: .. rst-class:: ansible-option-title **dnac_log_file_path** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Governs logging. Logs are recorded if dnac\_log is True. If path is not specified, - When 'dnac\_log\_append' is True, 'dnac.log' is generated in the current Ansible directory; logs are appended. - When 'dnac\_log\_append' is False, 'dnac.log' is generated; logs are overwritten. If path is specified, - When 'dnac\_log\_append' is True, the file opens in append mode. - When 'dnac\_log\_append' is False, the file opens in write (w) mode. - In shared file scenarios, without append mode, content is overwritten after each module execution. - For a shared log file, set append to False for the 1st module (to overwrite); for subsequent modules, set append to True. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"dnac.log"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_log_level: .. rst-class:: ansible-option-title **dnac_log_level** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Sets the threshold for log level. Messages with a level equal to or higher than this will be logged. Levels are listed in order of severity [CRITICAL, ERROR, WARNING, INFO, DEBUG]. CRITICAL indicates serious errors halting the program. Displays only CRITICAL messages. ERROR indicates problems preventing a function. Displays ERROR and CRITICAL messages. WARNING indicates potential future issues. Displays WARNING, ERROR, CRITICAL messages. INFO tracks normal operation. Displays INFO, WARNING, ERROR, CRITICAL messages. DEBUG provides detailed diagnostic info. Displays all log messages. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"WARNING"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_password: .. rst-class:: ansible-option-title **dnac_password** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

The password for authentication at the Cisco Catalyst Center. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_port: .. rst-class:: ansible-option-title **dnac_port** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Specifies the port number associated with the Cisco Catalyst Center. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"443"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_task_poll_interval: .. rst-class:: ansible-option-title **dnac_task_poll_interval** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

Specifies the interval in seconds between successive calls to the API to retrieve task details. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`2` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_username: .. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-user: .. rst-class:: ansible-option-title **dnac_username** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-aliases:`aliases: user` .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

The username for authentication at the Cisco Catalyst Center. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"admin"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_verify: .. rst-class:: ansible-option-title **dnac_verify** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Flag to enable or disable SSL certificate verification. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-dnac_version: .. rst-class:: ansible-option-title **dnac_version** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Specifies the version of the Cisco Catalyst Center that the SDK should use. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"2.2.3.3"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-file_mode: .. rst-class:: ansible-option-title **file_mode** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Controls how config is written to the YAML file. \ :literal:`overwrite`\ replaces existing file content. \ :literal:`append`\ appends generated YAML content to the existing file. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`"overwrite"` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`"append"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-file_path: .. rst-class:: ansible-option-title **file_path** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Absolute or relative path for YAML configuration file output. If not provided, generates default filename in current working directory with pattern \ :literal:`device\_credential\_playbook\_config\_\.yml`\ . Example default filename \ :literal:`device\_credential\_playbook\_config\_2026-01-24\_12-33-20.yml`\ . Directory created automatically if path does not exist. Supports YAML file extension (.yml or .yaml). .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-state: .. rst-class:: ansible-option-title **state** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Desired state for YAML playbook generation workflow. Only 'gathered' state supported for brownfield credential extraction. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`"gathered"` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__parameter-validate_response_schema: .. rst-class:: ansible-option-title **validate_response_schema** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Flag for Cisco Catalyst Center SDK to enable the validation of request bodies against a JSON schema. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

.. Attributes .. Notes Notes ----- .. note:: - SDK methods utilized - discovery.get\_all\_global\_credentials, site\_design.get\_sites, network\_settings.get\_device\_credential\_settings\_for\_a\_site - API paths utilized - GET /dna/intent/api/v2/global-credential, GET /dna/intent/api/v1/sites, GET /dna/intent/api/v1/sites/${id}/deviceCredentials - Module is idempotent; multiple runs generate identical YAML content except timestamp in header comments. - Check mode supported; validates parameters without file generation. - Sensitive credential fields (passwords, community strings, auth credentials) masked with Jinja2 variable placeholders (e.g., {{ cli\_credential\_wlc\_password }}). - Generated YAML uses OrderedDumper for consistent key ordering enabling version control. - Description-based filtering is case-sensitive and requires exact matches. - Site hierarchical paths must match exact Catalyst Center site structure. - Auto-population of components\_list: If component-specific filters (such as global\_credential\_details or assign\_credentials\_to\_site) are provided without explicitly including them in components\_list, those components will be automatically added to components\_list. This simplifies configuration by eliminating the need to redundantly specify components in both places. - Example of auto-population behavior: If you provide filters for global\_credential\_details without including global\_credential\_details in components\_list, the module will automatically add global\_credential\_details to components\_list before processing. This allows you to write more concise playbooks. - Validation requirements: If component\_specific\_filters is provided, at least one of the following must be true - (1) components\_list contains at least one component, OR (2) Component-specific filters (e.g., global\_credential\_details, assign\_credentials\_to\_site) are provided. If neither condition is met, the module will fail with a validation error. - Does not support \ :literal:`check\_mode`\ - The plugin runs on the control node and does not use any ansible connection plugins instead embedded connection manager from Cisco Catalyst Center SDK - The parameters starting with dnac\_ are used by the Cisco Catalyst Center Python SDK to establish the connection .. Seealso See Also -------- .. seealso:: \ :ref:`cisco.dnac.device\_credential\_workflow\_manager `\ Module for managing device credential workflows in Cisco Catalyst Center. .. Examples Examples -------- .. code-block:: yaml+jinja - name: Generate YAML playbook for device credential workflow manager which includes all global credentials and site assignments cisco.dnac.device_credential_playbook_config_generator: dnac_host: "{{ dnac_host }}" dnac_username: "{{ dnac_username }}" dnac_password: "{{ dnac_password }}" dnac_verify: "{{ dnac_verify }}" dnac_port: "{{ dnac_port }}" dnac_version: "{{ dnac_version }}" dnac_debug: "{{ dnac_debug }}" dnac_log: true dnac_log_level: DEBUG state: gathered file_mode: "overwrite" - name: Generate YAML Configuration with File Path specified cisco.dnac.device_credential_playbook_config_generator: dnac_host: "{{ dnac_host }}" dnac_username: "{{ dnac_username }}" dnac_password: "{{ dnac_password }}" dnac_verify: "{{ dnac_verify }}" dnac_port: "{{ dnac_port }}" dnac_version: "{{ dnac_version }}" dnac_debug: "{{ dnac_debug }}" dnac_log: true dnac_log_level: DEBUG state: gathered file_mode: "append" file_path: "device_credential_config.yml" - name: Generate YAML Configuration with specific component global credential filters cisco.dnac.device_credential_playbook_config_generator: dnac_host: "{{ dnac_host }}" dnac_username: "{{ dnac_username }}" dnac_password: "{{ dnac_password }}" dnac_verify: "{{ dnac_verify }}" dnac_port: "{{ dnac_port }}" dnac_version: "{{ dnac_version }}" dnac_debug: "{{ dnac_debug }}" dnac_log: true dnac_log_level: DEBUG state: gathered file_path: "device_credential_config.yml" file_mode: "overwrite" config: component_specific_filters: components_list: ["global_credential_details"] global_credential_details: cli_credential: - description: test https_read: - description: http_read https_write: - description: http_write - name: Generate YAML Configuration with specific component assign credentials to site filters cisco.dnac.device_credential_playbook_config_generator: dnac_host: "{{ dnac_host }}" dnac_username: "{{ dnac_username }}" dnac_password: "{{ dnac_password }}" dnac_verify: "{{ dnac_verify }}" dnac_port: "{{ dnac_port }}" dnac_version: "{{ dnac_version }}" dnac_debug: "{{ dnac_debug }}" dnac_log: true dnac_log_level: DEBUG state: gathered file_path: "device_credential_config.yml" file_mode: "append" config: component_specific_filters: components_list: ["assign_credentials_to_site"] assign_credentials_to_site: site_name: - "Global/India/Assam" - "Global/India/Haryana" - name: Generate YAML Configuration with both global credential and assign credentials to site filters cisco.dnac.device_credential_playbook_config_generator: dnac_host: "{{ dnac_host }}" dnac_username: "{{ dnac_username }}" dnac_password: "{{ dnac_password }}" dnac_verify: "{{ dnac_verify }}" dnac_port: "{{ dnac_port }}" dnac_version: "{{ dnac_version }}" dnac_debug: "{{ dnac_debug }}" dnac_log: true dnac_log_level: DEBUG state: gathered file_path: "device_credential_config.yml" file_mode: "append" config: component_specific_filters: components_list: ["global_credential_details", "assign_credentials_to_site"] global_credential_details: cli_credential: - description: test https_read: - description: http_read https_write: - description: http_write assign_credentials_to_site: site_name: - "Global/India/Assam" - "Global/India/TamilNadu" .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Key - Description * - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__return-msg: .. rst-class:: ansible-option-title **msg** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Human-readable message describing the operation result. Indicates success, failure, or informational status of YAML generation. Provides high-level summary with file path and configuration counts for success scenarios. Provides error details for validation or generation failures. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`"YAML configuration file generated successfully for module 'device\_credential\_workflow\_manager'"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__return-response_1: .. rst-class:: ansible-option-title **response_1** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Response returned when YAML configuration generation completes successfully with all requested credentials and site assignments extracted and written to file. Includes operation summary with component counts, configuration counts, and file path details. Generated YAML file contains formatted playbook compatible with \ :literal:`device\_credential\_workflow\_manager`\ module. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`{"msg": {"components\_processed": 2, "components\_skipped": 0, "configurations\_count": 2, "file\_path": "device\_credential\_config.yml", "message": "YAML configuration file generated successfully for module 'device\_credential\_workflow\_manager'", "status": "success"}, "response": {"components\_processed": 2, "components\_skipped": 0, "configurations\_count": 2, "file\_path": "device\_credential\_config.yml", "message": "YAML configuration file generated successfully for module 'device\_credential\_workflow\_manager'", "status": "success"}, "status": "success"}` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__return-response_2: .. rst-class:: ansible-option-title **response_2** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Response returned when no device credentials or site assignments are found matching the specified filters or in the Catalyst Center system. Operation status is \ :literal:`ok`\ indicating successful execution but no data available to generate. No YAML file is created when no configurations are found. \ :literal:`components\_attempted`\ shows which components were requested for extraction. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`{"msg": {"components\_attempted": 2, "components\_processed": 0, "components\_skipped": 2, "message": "No configurations found for module 'device\_credential\_workflow\_manager'. Verify filters and component availability. Components attempted: ['global\_credential\_details', 'assign\_credentials\_to\_site']", "status": "ok"}, "response": {"components\_attempted": 2, "components\_processed": 0, "components\_skipped": 2, "message": "No configurations found for module 'device\_credential\_workflow\_manager'. Verify filters and component availability. Components attempted: ['global\_credential\_details', 'assign\_credentials\_to\_site']", "status": "ok"}, "status": "ok"}` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.dnac.device_credential_playbook_config_generator_module__return-response_3: .. rst-class:: ansible-option-title **response_3** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html

- .. raw:: html

Response returned when playbook configuration parameters fail validation before YAML generation begins. Occurs when invalid filter parameters, incorrect data types, or unsupported component names are provided. No API calls executed and no file generation attempted. Error message provides specific validation failure details and allowed parameter values. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`{"msg": "Validation Error: 'component\_specific\_filters' must be provided with 'components\_list' key when 'generate\_all\_configurations' is set to False.", "response": "Validation Error: 'component\_specific\_filters' must be provided with 'components\_list' key when 'generate\_all\_configurations' is set to False.", "status": "failed"}` .. raw:: html

.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Vivek Raj (@vivekraj2000) - Madhan Sankaranarayanan (@madhansansel) .. Extra links Collection links ~~~~~~~~~~~~~~~~ .. raw:: html

Issue Tracker Repository (Sources)

.. Parsing errors