mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
hashi_vault - Change token_path env var loading precedence (#902)
* Change how vault token is loaded * Add changelog for PR #902 * Update changelogs/fragments/902-hashi_vault-token-path.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/hashi_vault.py Add version_added Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/hashi_vault.py Add version_added Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
1a5702cf21
commit
ba5b86cf4a
2 changed files with 15 additions and 1 deletions
5
changelogs/fragments/902-hashi_vault-token-path.yml
Normal file
5
changelogs/fragments/902-hashi_vault-token-path.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
minor_changes:
|
||||
- hashi_vault lookup - add ``VAULT_TOKEN_PATH`` as env option to specify ``token_path`` param (https://github.com/ansible-collections/community.general/issues/373).
|
||||
- hashi_vault lookup - add ``VAULT_TOKEN_FILE`` as env option to specify ``token_file`` param (https://github.com/ansible-collections/community.general/issues/373).
|
||||
bugfixes:
|
||||
- hashi_vault lookup - ``token_path`` in config file overridden by env ``HOME`` (https://github.com/ansible-collections/community.general/issues/373).
|
|
@ -38,13 +38,17 @@ DOCUMENTATION = """
|
|||
token_path:
|
||||
description: If no token is specified, will try to read the token file from this path.
|
||||
env:
|
||||
- name: HOME
|
||||
- name: VAULT_TOKEN_PATH
|
||||
version_added: 1.2.0
|
||||
ini:
|
||||
- section: lookup_hashi_vault
|
||||
key: token_path
|
||||
version_added: '0.2.0'
|
||||
token_file:
|
||||
description: If no token is specified, will try to read the token from this file in C(token_path).
|
||||
env:
|
||||
- name: VAULT_TOKEN_FILE
|
||||
version_added: 1.2.0
|
||||
ini:
|
||||
- section: lookup_hashi_vault
|
||||
key: token_file
|
||||
|
@ -537,6 +541,11 @@ class LookupModule(LookupBase):
|
|||
|
||||
def validate_auth_token(self, auth_method):
|
||||
if auth_method == 'token':
|
||||
if not self.get_option('token_path'):
|
||||
# generally we want env vars defined in the spec, but in this case we want
|
||||
# the env var HOME to have lower precedence than any other value source,
|
||||
# including ini, so we're doing it here after all other processing has taken place
|
||||
self.set_option('token_path', os.environ.get('HOME'))
|
||||
if not self.get_option('token') and self.get_option('token_path'):
|
||||
token_filename = os.path.join(
|
||||
self.get_option('token_path'),
|
||||
|
|
Loading…
Reference in a new issue