1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

[PR #6652/eddd1ba4 backport][stable-7] Fetch secret id's which are in folder by folder id ()

Fetch secret id's which are in folder by folder id ()

Added function to fetch secret id's by folder id

(cherry picked from commit eddd1ba4f2)

Co-authored-by: delinea-sagar <131447653+delinea-sagar@users.noreply.github.com>
This commit is contained in:
patchback[bot] 2023-06-09 17:51:37 +02:00 committed by GitHub
parent cae94f9d5e
commit 211b520017
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 55 additions and 3 deletions
changelogs/fragments
plugins/lookup

View file

@ -0,0 +1,2 @@
minor_changes:
- tss lookup plugin - allow to fetch secret IDs which are in a folder based on folder ID. Previously, we could not fetch secrets based on folder ID but now use ``fetch_secret_ids_from_folder`` option to indicate to fetch secret IDs based on folder ID (https://github.com/ansible-collections/community.general/issues/6223).

View file

@ -26,6 +26,13 @@ options:
description: The integer ID of the secret.
required: true
type: int
fetch_secret_ids_from_folder:
description:
- Boolean flag which indicates whether secret ids are in a folder is fetched by folder ID or not.
- V(true) then the terms will be considered as a folder IDs. Otherwise (default), they are considered as secret IDs.
required: false
type: bool
version_added: 7.1.0
fetch_attachments:
description:
- Boolean flag which indicates whether attached files will get downloaded or not.
@ -194,6 +201,26 @@ EXAMPLES = r"""
| items2dict(key_name='slug',
value_name='itemValue'))['private-key']
}}
# If fetch_secret_ids_from_folder=true then secret IDs are in a folder is fetched based on folder ID
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
fetch_secret_ids_from_folder=true,
base_url='https://secretserver.domain.com/SecretServer/',
token='thycotic_access_token'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
the secret id's are {{
secret
}}
"""
import abc
@ -204,18 +231,21 @@ from ansible.plugins.lookup import LookupBase
from ansible.utils.display import Display
try:
from thycotic.secrets.server import SecretServer, SecretServerError
from delinea.secrets.server import SecretServer, SecretServerError
HAS_TSS_SDK = True
HAS_DELINEA_SS_SDK = True
except ImportError:
try:
from delinea.secrets.server import SecretServer, SecretServerError
from thycotic.secrets.server import SecretServer, SecretServerError
HAS_TSS_SDK = True
HAS_DELINEA_SS_SDK = False
except ImportError:
SecretServer = None
SecretServerError = None
HAS_TSS_SDK = False
HAS_DELINEA_SS_SDK = False
try:
from thycotic.secrets.server import PasswordGrantAuthorizer, DomainPasswordGrantAuthorizer, AccessTokenAuthorizer
@ -270,6 +300,13 @@ class TSSClient(object):
else:
return self._client.get_secret_json(secret_id)
def get_secret_ids_by_folderid(self, term):
display.debug("tss_lookup term: %s" % term)
folder_id = self._term_to_folder_id(term)
display.vvv(u"Secret Server lookup of Secret id's with Folder ID %d" % folder_id)
return self._client.get_secret_ids_by_folderid(folder_id)
@staticmethod
def _term_to_secret_id(term):
try:
@ -277,6 +314,13 @@ class TSSClient(object):
except ValueError:
raise AnsibleOptionsError("Secret ID must be an integer")
@staticmethod
def _term_to_folder_id(term):
try:
return int(term)
except ValueError:
raise AnsibleOptionsError("Folder ID must be an integer")
class TSSClientV0(TSSClient):
def __init__(self, **server_parameters):
@ -345,6 +389,12 @@ class LookupModule(LookupBase):
)
try:
return [tss.get_secret(term, self.get_option("fetch_attachments"), self.get_option("file_download_path")) for term in terms]
if self.get_option("fetch_secret_ids_from_folder"):
if HAS_DELINEA_SS_SDK:
return [tss.get_secret_ids_by_folderid(term) for term in terms]
else:
raise AnsibleError("latest python-tss-sdk must be installed to use this plugin")
else:
return [tss.get_secret(term, self.get_option("fetch_attachments"), self.get_option("file_download_path")) for term in terms]
except SecretServerError as error:
raise AnsibleError("Secret Server lookup failure: %s" % error.message)