1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

hashi_vault - Change token_path env var loading precedence (#902)

* Change how vault token is loaded

* Add changelog for PR #902

* Update changelogs/fragments/902-hashi_vault-token-path.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/hashi_vault.py

Add version_added

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/hashi_vault.py

Add version_added

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Brian Scholer 2020-09-18 15:59:25 -04:00 committed by GitHub
parent 1a5702cf21
commit ba5b86cf4a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions

View file

@ -0,0 +1,5 @@
minor_changes:
- hashi_vault lookup - add ``VAULT_TOKEN_PATH`` as env option to specify ``token_path`` param (https://github.com/ansible-collections/community.general/issues/373).
- hashi_vault lookup - add ``VAULT_TOKEN_FILE`` as env option to specify ``token_file`` param (https://github.com/ansible-collections/community.general/issues/373).
bugfixes:
- hashi_vault lookup - ``token_path`` in config file overridden by env ``HOME`` (https://github.com/ansible-collections/community.general/issues/373).

View file

@ -38,13 +38,17 @@ DOCUMENTATION = """
token_path:
description: If no token is specified, will try to read the token file from this path.
env:
- name: HOME
- name: VAULT_TOKEN_PATH
version_added: 1.2.0
ini:
- section: lookup_hashi_vault
key: token_path
version_added: '0.2.0'
token_file:
description: If no token is specified, will try to read the token from this file in C(token_path).
env:
- name: VAULT_TOKEN_FILE
version_added: 1.2.0
ini:
- section: lookup_hashi_vault
key: token_file
@ -537,6 +541,11 @@ class LookupModule(LookupBase):
def validate_auth_token(self, auth_method):
if auth_method == 'token':
if not self.get_option('token_path'):
# generally we want env vars defined in the spec, but in this case we want
# the env var HOME to have lower precedence than any other value source,
# including ini, so we're doing it here after all other processing has taken place
self.set_option('token_path', os.environ.get('HOME'))
if not self.get_option('token') and self.get_option('token_path'):
token_filename = os.path.join(
self.get_option('token_path'),