ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

hashi_vault - Change token_path env var loading precedence (#902) (#938)

Browse source 
* Change how vault token is loaded

* Add changelog for PR #902

* Update changelogs/fragments/902-hashi_vault-token-path.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/hashi_vault.py

Add version_added

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/hashi_vault.py

Add version_added

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit ba5b86cf4a)

Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
This commit is contained in:
patchback[bot] 2020-09-21 13:57:32 +02:00 committed by GitHub
parent 0fe7ea63a8
commit 951806c888
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
changelogs/fragments/902-hashi_vault-token-path.yml Normal file
View file

@ -0,0 +1,5 @@
minor_changes:
- hashi_vault lookup - add ``VAULT_TOKEN_PATH`` as env option to specify ``token_path`` param (https://github.com/ansible-collections/community.general/issues/373).
- hashi_vault lookup - add ``VAULT_TOKEN_FILE`` as env option to specify ``token_file`` param (https://github.com/ansible-collections/community.general/issues/373).
bugfixes:
- hashi_vault lookup - ``token_path`` in config file overridden by env ``HOME`` (https://github.com/ansible-collections/community.general/issues/373).

11
plugins/lookup/hashi_vault.py
View file

@ -38,13 +38,17 @@ DOCUMENTATION = """
token_path: token_path:
description: If no token is specified, will try to read the token file from this path. description: If no token is specified, will try to read the token file from this path.
env: env:
- name: HOME - name: VAULT_TOKEN_PATH
version_added: 1.2.0
ini: ini:
- section: lookup_hashi_vault - section: lookup_hashi_vault
key: token_path key: token_path
version_added: '0.2.0' version_added: '0.2.0'
token_file: token_file:
description: If no token is specified, will try to read the token from this file in C(token_path). description: If no token is specified, will try to read the token from this file in C(token_path).
env:
- name: VAULT_TOKEN_FILE
version_added: 1.2.0
ini: ini:
- section: lookup_hashi_vault - section: lookup_hashi_vault
key: token_file key: token_file
@ -537,6 +541,11 @@ class LookupModule(LookupBase):
def validate_auth_token(self, auth_method): def validate_auth_token(self, auth_method):
if auth_method == 'token': if auth_method == 'token':
if not self.get_option('token_path'):
# generally we want env vars defined in the spec, but in this case we want
# the env var HOME to have lower precedence than any other value source,
# including ini, so we're doing it here after all other processing has taken place
self.set_option('token_path', os.environ.get('HOME'))
if not self.get_option('token') and self.get_option('token_path'): if not self.get_option('token') and self.get_option('token_path'):
token_filename = os.path.join( token_filename = os.path.join(
self.get_option('token_path'), self.get_option('token_path'),