DITA migration changes. CUG Ch 22 (#3843)

downstream/assemblies/platform/assembly-controller-credentials.adoc

@@ -2,18 +2,6 @@
 
 [id="controller-credentials"]
 
-//ifdef::controller-GS[]
-//= Managing credentials
-
-
-//Credentials authenticate the controller user to launch Ansible playbooks. The passwords and SSH keys are used to authenticate against inventory hosts. 
-//By using the credentials feature of {ControllerName}, you can require the {ControllerName} user to enter a password or key phrase when a playbook launches.
-
-//include::platform/proc-controller-create-credential.adoc[leveloffset=+1]
-//include::platform/proc-controller-edit-credential.adoc[leveloffset=+1]
-//endif::controller-GS[]
-//ifdef::controller-UG[]
-
 = Managing user credentials
 
 Credentials authenticate the {ControllerName} user when launching jobs against machines, synchronizing with inventory sources, and importing project content from a version control system.
@@ -27,70 +15,96 @@ If a user moves to a different team or leaves the organization, you do not have
 For further information, see link:{URLControllerAdminGuide}[_{ControllerAG}_].
 ====
 
-== How credentials work
-{ControllerNameStart} uses SSH to connect to remote hosts. 
-To pass the key from {ControllerName} to SSH, the key must be decrypted before it can be written to a named pipe. 
-{ControllerNameStart} uses that pipe to send the key to SSH, so that the key is never written to disk.
-If passwords are used, {ControllerName} handles them by responding directly to the password prompt and decrypting the password before writing it to the prompt.
+//Removed as part of editorial review - include::platform/ref-controller-credentials-getting-started.adoc[leveloffset=+1]
+include::platform/con-controller-how-credentials-work.adoc[leveloffset=+1]
 
-The *Credentials* page shows credentials that are currently available. 
-The default view is collapsed (Compact), showing the credential name, and credential type.
-From this screen you can edit image:leftpencil.png[Edit,15,15], duplicate image:copy.png[Copy,15,15] or delete {MoreActionsIcon} a credential.
+include::platform/proc-controller-create-credential.adoc[leveloffset=+1]
 
-[NOTE]
-====
-It is possible to create duplicate credentials with the same name and without an organization. 
-However, it is not possible to create two duplicate credentials in the same organization.
+include::platform/proc-controller-add-users-job-templates.adoc[leveloffset=+1]
 
-.Example
+include::platform/ref-controller-credential-types.adoc[leveloffset=+1]
 
-. Create two machine credentials with the same name but without an organization.
-. Use the module `ansible.controller.export` to export the credentials.
-. Use the module `ansible.controller.import` in a different automation execution node.
-. Check the imported credentials.
+include::platform/ref-controller-credential-aws.adoc[leveloffset=+2]
 
-When you export two duplicate credentials and then import them in a different node, only one credential is imported.
-====
+include::platform/ref-controller-access-ec2-credentials-in-playbook.adoc[leveloffset=+3]
 
-//Removed as part of editorial review - include::platform/ref-controller-credentials-getting-started.adoc[leveloffset=+1]
-include::platform/proc-controller-create-credential.adoc[leveloffset=+1]
-include::platform/proc-controller-add-users-job-templates.adoc[leveloffset=+1]
-include::platform/ref-controller-credential-types.adoc[leveloffset=+1]
-include::platform/ref-controller-credential-aws.adoc[leveloffset=+2]
 include::platform/ref-controller-credential-galaxy-hub.adoc[leveloffset=+2]
 //AWS Secrets Manager Lookup
 include::platform/ref-controller-aws-secrets-lookup.adoc[leveloffset=+2]
 //Bitbucket
 include::platform/ref-controller-credential-bitbucket.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-centrify-vault.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-container-registry.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-cyberark-central.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-cyberark-conjur.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-gitHub-pat.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-gitLab-pat.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-GCE.adoc[leveloffset=+2]
+
+include::platform/con-controller-access-GCE-in-a-playbook.adoc[leveloffset=+3]
+
 include::platform/ref-controller-credential-GPG-public-key.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-hashiCorp-secret.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-hashiCorp-vault.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-insights.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-machine.adoc[leveloffset=+2]
+
+include::platform/con-controller-access-machine-credentials-playbook.adoc[leveloffset=+3]
+
 include::platform/ref-controller-credential-azure-key.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-azure-resource.adoc[leveloffset=+2]
+
+include::platform/ref-controller-access-azure-resources-in-playbook.adoc[leveloffset=+3]
+
 include::platform/ref-controller-credential-network.adoc[leveloffset=+2]
+
+include::platform/ref-controller-access-network-creds-playbook.adoc[leveloffset=+3]
+
+include::platform/ref-controller-multiple-connection-protocols.adoc[leveloffset=+3]
+
 include::platform/ref-controller-credential-openShift.adoc[leveloffset=+2]
+
 include::platform/proc-controller-credential-create-openshift-account.adoc[leveloffset=+3]
+
 include::platform/ref-controller-credential-openStack.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-aap.adoc[leveloffset=+2]
+
+include::platform/ref-controller-access-controller-creds-in-playbook.adoc[leveloffset=+3]
+
 include::platform/ref-controller-credential-satellite.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-virtualization.adoc[leveloffset=+2]
+
+include::platform/ref-controller-access-virt-creds-in-playbook.adoc[leveloffset=+3]
+
 include::platform/ref-controller-credential-source-control.adoc[leveloffset=+2]
+
 //The following Terraform module is for 2.5 only:
 include::platform/ref-controller-credential-terraform.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-thycotic-vault.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-thycotic-server.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-vault.adoc[leveloffset=+2]
+
 include::platform/ref-controller-credential-vmware-vcenter.adoc[leveloffset=+2]
+
+include::platform/ref-controller-access-vmware-creds-in-playbook.adoc[leveloffset=+3]
+
 include::platform/ref-controller-use-credentials-in-playbooks.adoc[leveloffset=+1]
 
-//endif::controller-UG[]
 

downstream/modules/platform/con-controller-access-GCE-in-a-playbook.adoc

@@ -0,0 +1,14 @@
+[id="con-controller-access-GCE-in-a-playbook"]
+
+= Access Google Compute Engine credentials in an Ansible Playbook
+
+You can get GCE credential parameters from a job runtime environment:
+
+[literal, options="nowrap" subs="+attributes"]
+----
+vars:
+  gce:
+    email: '{{ lookup("env", "GCE_EMAIL") }}'
+    project: '{{ lookup("env", "GCE_PROJECT") }}'
+    pem_file_path: '{{ lookup("env", "GCE_PEM_FILE_PATH") }}'
+----

downstream/modules/platform/con-controller-access-machine-credentials-playbook.adoc

@@ -0,0 +1,13 @@
+[id="con-controller-access-machine-credentials-playbook"]
+
+= Access machine credentials in an ansible playbook
+
+You can get username and password from Ansible facts:
+
+[literal, options="nowrap" subs="+attributes"]
+----
+vars:
+  machine:
+    username: '{{ ansible_user }}'
+    password: '{{ ansible_password }}'
+----

downstream/modules/platform/con-controller-how-credentials-work.adoc

@@ -0,0 +1,28 @@
+[id="con-controller-how-credentials-work"]
+
+= How credentials work
+
+{ControllerNameStart} uses SSH to connect to remote hosts. 
+To pass the key from {ControllerName} to SSH, the key must be decrypted before it can be written to a named pipe. 
+{ControllerNameStart} uses that pipe to send the key to SSH, so that the key is never written to disk.
+If passwords are used, {ControllerName} handles them by responding directly to the password prompt and decrypting the password before writing it to the prompt.
+
+The *Credentials* page shows credentials that are currently available. 
+The default view is collapsed (Compact), showing the credential name, and credential type.
+
+From this screen you can edit image:leftpencil.png[Edit,15,15], duplicate image:copy.png[Copy,15,15] or delete {MoreActionsIcon} a credential.
+
+[NOTE]
+====
+It is possible to create duplicate credentials with the same name and without an organization. 
+However, it is not possible to create two duplicate credentials in the same organization.
+
+.Example
+
+. Create two machine credentials with the same name but without an organization.
+. Use the module `ansible.controller.export` to export the credentials.
+. Use the module `ansible.controller.import` in a different automation execution node.
+. Check the imported credentials.
+
+When you export two duplicate credentials and then import them in a different node, only one credential is imported.
+====

downstream/modules/platform/proc-controller-add-users-job-templates.adoc

@@ -11,7 +11,7 @@
 . Click the *User Access* tab.
 You can see users and teams associated with this credential and their roles.
 If no users exist, add them from the *Users* menu.
-For more information, see link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html/access_management_and_authentication/gw-managing-access#assembly-controller-users_gw-manage-rbac[Users].
+For more information, see link:{URLCentralAuth}/gw-managing-access#assembly-controller-users_gw-manage-rbac[Users].
 . Click btn:[Add roles].
 . Select the user(s) that you want to give access to the credential and click btn:[Next].
 . From the *Select roles to apply* page, select the roles you want to add to the User.
@@ -27,4 +27,4 @@ If the action is not successful, a warning displays.
 . Select the *Job templates* tab to select a job template to which you want to assign this credential.
 . Chose a job template or select *Create job template* from the *Create template* list to assign the credential to additional job templates.
 +
-For more information about creating new job templates, see the xref:controller-job-templates[Job templates] section.
+For more information about creating new job templates, see link:{URLControllerUserGuide}/controller-job-templates[Job templates].

downstream/modules/platform/proc-controller-create-credential.adoc

@@ -3,21 +3,14 @@
 [id="controller-create-credential"]
 
 = Creating new credentials
-//ifdef::controller-GS[]
-//As part of the initial setup, a demonstration credential and a Galaxy credential have been created for your use. Use the Galaxy credential as a template.
-//It can be copied, but not edited.
-//You can add more credentials as necessary.
-//endif::controller-GS[]
 
-//ifdef::controller-UG[]
 Credentials added to a team are made available to all members of the team.
 You can also add credentials to individual users.
 
 As part of the initial setup, two credentials are available for your use: Demo Credential and Ansible Galaxy.
 Use the Ansible Galaxy credential as a template.
 You can copy this credential, but not edit it.
 Add more credentials as needed.
-//endif::controller-UG[]
 
 .Procedure
 . From the navigation panel, select {MenuAECredentials}.
@@ -30,12 +23,9 @@ Add more credentials as needed.
 * Optional *Organization*: The name of the organization with which the credential is associated. The default is *Default*.
 * *Credential type*: enter or select the credential type you want to create.
 
-. Enter the appropriate details depending on the type of credential selected, as described in xref:ref-controller-credential-types[Credential types].
+. Enter the appropriate details depending on the type of credential selected, as described in link:{URLControllerUserGuide}/controller-credentials#ref-controller-credential-types[Credential types].
 +
 image:credential-types-drop-down-menu.png[Credential types drop down list]
 
-
 . Click btn:[Create credential].
 
-//You can also use this procedure from the *Credentials* tab when you select a credential type on the *Credential Types* page. Not sure how to document that, it should be a single route. 
-//endif::controller-UG[]

downstream/modules/platform/ref-controller-access-azure-resources-in-playbook.adoc

@@ -0,0 +1,15 @@
+[id="ref-controller-access-azure-resources-in-playbook"]
+
+= Access {Azure} resource manager credentials in an ansible playbook
+
+You can get {Azure} credential parameters from a job runtime environment:
+
+[literal, options="nowrap" subs="+attributes"]
+----
+vars:
+  azure:
+    client_id: '{{ lookup("env", "AZURE_CLIENT_ID") }}'
+    secret: '{{ lookup("env", "AZURE_SECRET") }}'
+    tenant: '{{ lookup("env", "AZURE_TENANT") }}'
+    subscription_id: '{{ lookup("env", "AZURE_SUBSCRIPTION_ID") }}'
+----

downstream/modules/platform/ref-controller-access-controller-creds-in-playbook.adoc

@@ -0,0 +1,14 @@
+[id="ref-controller-access-controller-creds-in-playbook"]
+
+= Access {ControllerName} credentials in an Ansible Playbook
+
+You can get the host, username, and password parameters from a job runtime environment:
+
+[literal, options="nowrap" subs="+attributes"]
+----
+vars:
+  controller:
+    host: '{{ lookup("env", "CONTROLLER_HOST") }}'
+    username: '{{ lookup("env", "CONTROLLER_USERNAME") }}'
+    password: '{{ lookup("env", "CONTROLLER_PASSWORD") }}'
+----

downstream/modules/platform/ref-controller-access-ec2-credentials-in-playbook.adoc

@@ -0,0 +1,14 @@
+[id="ref-controller-access-ec2-credentials-in-playbook"]
+
+= Access Amazon EC2 credentials in an Ansible Playbook
+
+You can get AWS credential parameters from a job runtime environment:
+
+[literal, options="nowrap" subs="+attributes"]
+----
+vars:
+  aws:
+    access_key: '{{ lookup("env", "AWS_ACCESS_KEY_ID") }}'
+    secret_key: '{{ lookup("env", "AWS_SECRET_ACCESS_KEY") }}'
+    security_token: '{{ lookup("env", "AWS_SECURITY_TOKEN") }}'
+----

downstream/modules/platform/ref-controller-access-network-creds-playbook.adoc

@@ -0,0 +1,13 @@
+[id="ref-controller-access-network-creds-playbook"]
+
+= Access network credentials in an ansible playbook
+
+You can get the username and password parameters from a job runtime environment:
+
+[literal, options="nowrap" subs="+attributes"]
+----
+vars:
+  network:
+    username: '{{ lookup("env", "ANSIBLE_NET_USERNAME") }}'
+    password: '{{ lookup("env", "ANSIBLE_NET_PASSWORD") }}'
+----

downstream/modules/platform/ref-controller-access-virt-creds-in-playbook.adoc

@@ -0,0 +1,46 @@
+[id="ref-controller-access-virt-creds-in-playbook"]
+
+= Access virtualization credentials in an Ansible Playbook
+
+You can get the Red Hat Virtualization credential parameter from a job runtime environment:
+
+[literal, options="nowrap" subs="+attributes"]
+----
+vars:
+  ovirt:
+    ovirt_url: '{{ lookup("env", "OVIRT_URL") }}'
+    ovirt_username: '{{ lookup("env", "OVIRT_USERNAME") }}'
+    ovirt_password: '{{ lookup("env", "OVIRT_PASSWORD") }}'
+----
+
+The  `file` and `env` injectors for Red Hat Virtualization are as follows:
+
+[literal, options="nowrap" subs="+attributes"]
+----
+ManagedCredentialType(
+    namespace='rhv',
+
+....
+....
+....
+
+injectors={
+        # The duplication here is intentional; the ovirt4 inventory plugin
+        # writes a .ini file for authentication, while the ansible modules for
+        # ovirt4 use a separate authentication process that support
+        # environment variables; by injecting both, we support both
+        'file': {
+            'template': '\n'.join(
+                [
+                    '[ovirt]',
+                    'ovirt_url={{host}}',
+                    'ovirt_username={{username}}',
+                    'ovirt_password={{password}}',
+                    '{% if ca_file %}ovirt_ca_file={{ca_file}}{% endif %}',
+                ]
+            )
+        },
+        'env': {'OVIRT_INI_PATH': '{{tower.filename}}', 'OVIRT_URL': '{{host}}', 'OVIRT_USERNAME': '{{username}}', 'OVIRT_PASSWORD': '{{password}}'},
+    },
+)
+----

downstream/modules/platform/ref-controller-access-vmware-creds-in-playbook.adoc

@@ -0,0 +1,14 @@
+[id="ref-controller-access-vmware-creds-in-playbook"]
+
+= Access VMware vCenter credentials in an ansible playbook
+
+You can get VMware vCenter credential parameters from a job runtime environment:
+
+[literal, options="nowrap" subs="+attributes"]
+----
+vars:
+  vmware:
+    host: '{{ lookup("env", "VMWARE_HOST") }}'
+    username: '{{ lookup("env", "VMWARE_USER") }}'
+    password: '{{ lookup("env", "VMWARE_PASSWORD") }}'
+----

downstream/modules/platform/ref-controller-aws-secrets-lookup.adoc

@@ -4,4 +4,4 @@
 
 = AWS secrets manager lookup
 
-This is considered part of the secret management capability. For more information, see link:{BaseURL}/red_hat_ansible_automation_platform/{PlatformVers}/html-single/configuring_automation_execution/assembly-controller-secret-management#ref-aws-secrets-manager-lookup[AWS Secrets Manager Lookup]
+This is considered part of the secret management capability. For more information, see link:{URLControllerAdminGuide}/assembly-controller-secret-management#ref-aws-secrets-manager-lookup[AWS Secrets Manager Lookup]