Recipe Examples & Common Tasks

This is a collection of examples of how to do certain common tasks using recipes.

Add permissions to a user-specified role

input:
  role_id:
    data_type: string
    description: 'The role to add permissions to.'
    prompt:
      method: ask
      arguments:
        question: 'What is the ID of the role that should get the permissions?'
    default:
      source: value
      value: authenticated
config:
  action:
    user.role.${role_id}:
      grantPermissions:
        - 'do something special'
        - "dance like no-one's watching"

Request a credential interactively and store it securely

It's possible to use a recipe to request a secret key interactively, and store it as a config entity. For security, it's better to create an environmnent variable and point your key at that. (Not only do you avoid putting secrets in code, but you can also have different values for different environments.) This example, which requires the Key module, employs that practice:

input:
  secret_key:
    data_type: string
    description: 'The environment variable that stores the secret key used for authentication.'
    prompt:
      method: ask
      arguments:
        question: 'What is the name of the environment variable that contains the secret key?'
    default:
      source: value
      value: SECRET_KEY  # This can be any value.
install:
  # Since we are creating a Key entity, we need to make sure the Key module is installed first.
  - key
config:
  action:
    # Create a Key config entity that stores the secret key.
    key.key.example_key:
      create:
        id: example_key
        label: 'Example Key'
        description: 'An example key for demonstration purposes.'
        key_type: authentication
        key_provider: env
        key_provider_settings:
          # This will be whatever value the user entered at the command line.
          env_variable: ${secret_key}
          base64_encoded: false
          strip_line_breaks: false