mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
* Added token parameter for AccessTokenAuthorizer
Parameters username and password are not required anymore because of
this.
* Added changelog fragments
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* token authorizer is prioritized
token authorizer is prioritized when token parameter is set
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* domain optional if token not provided
* Updated examples
- `base_url` is required everywhere
- examples for user, name + domain authorization included
- token authorization included
* Update 3327-tss-token-authorization.yml
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit dc8d076a25
)
Co-authored-by: Martin Vician <vician@users.noreply.github.com>
This commit is contained in:
parent
68458fd8aa
commit
bc0edf7d55
2 changed files with 57 additions and 17 deletions
4
changelogs/fragments/3327-tss-token-authorization.yml
Normal file
4
changelogs/fragments/3327-tss-token-authorization.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
minor_changes:
|
||||||
|
- tss lookup plugin - added ``token`` parameter for token authorization;
|
||||||
|
``username`` and ``password`` are optional when ``token`` is provided
|
||||||
|
(https://github.com/ansible-collections/community.general/pull/3327).
|
|
@ -36,19 +36,20 @@ options:
|
||||||
ini:
|
ini:
|
||||||
- section: tss_lookup
|
- section: tss_lookup
|
||||||
key: username
|
key: username
|
||||||
required: true
|
|
||||||
password:
|
password:
|
||||||
description: The password associated with the supplied username.
|
description:
|
||||||
|
- The password associated with the supplied username.
|
||||||
|
- Required when I(token) is not provided.
|
||||||
env:
|
env:
|
||||||
- name: TSS_PASSWORD
|
- name: TSS_PASSWORD
|
||||||
ini:
|
ini:
|
||||||
- section: tss_lookup
|
- section: tss_lookup
|
||||||
key: password
|
key: password
|
||||||
required: true
|
|
||||||
domain:
|
domain:
|
||||||
default: ""
|
default: ""
|
||||||
description:
|
description:
|
||||||
- The domain with which to request the OAuth2 Access Grant.
|
- The domain with which to request the OAuth2 Access Grant.
|
||||||
|
- Optional when I(token) is not provided.
|
||||||
- Requires C(python-tss-sdk) version 1.0.0 or greater.
|
- Requires C(python-tss-sdk) version 1.0.0 or greater.
|
||||||
env:
|
env:
|
||||||
- name: TSS_DOMAIN
|
- name: TSS_DOMAIN
|
||||||
|
@ -57,6 +58,17 @@ options:
|
||||||
key: domain
|
key: domain
|
||||||
required: false
|
required: false
|
||||||
version_added: 3.6.0
|
version_added: 3.6.0
|
||||||
|
token:
|
||||||
|
description:
|
||||||
|
- Existing token for Thycotic authorizer.
|
||||||
|
- If provided, I(username) and I(password) are not needed.
|
||||||
|
- Requires C(python-tss-sdk) version 1.0.0 or greater.
|
||||||
|
env:
|
||||||
|
- name: TSS_TOKEN
|
||||||
|
ini:
|
||||||
|
- section: tss_lookup
|
||||||
|
key: token
|
||||||
|
version_added: 3.7.0
|
||||||
api_path_uri:
|
api_path_uri:
|
||||||
default: /api/v1
|
default: /api/v1
|
||||||
description: The path to append to the base URL to form a valid REST
|
description: The path to append to the base URL to form a valid REST
|
||||||
|
@ -83,18 +95,6 @@ _list:
|
||||||
"""
|
"""
|
||||||
|
|
||||||
EXAMPLES = r"""
|
EXAMPLES = r"""
|
||||||
- hosts: localhost
|
|
||||||
vars:
|
|
||||||
secret: "{{ lookup('community.general.tss', 1) }}"
|
|
||||||
tasks:
|
|
||||||
- ansible.builtin.debug:
|
|
||||||
msg: >
|
|
||||||
the password is {{
|
|
||||||
(secret['items']
|
|
||||||
| items2dict(key_name='slug',
|
|
||||||
value_name='itemValue'))['password']
|
|
||||||
}}
|
|
||||||
|
|
||||||
- hosts: localhost
|
- hosts: localhost
|
||||||
vars:
|
vars:
|
||||||
secret: >-
|
secret: >-
|
||||||
|
@ -116,10 +116,39 @@ EXAMPLES = r"""
|
||||||
value_name='itemValue'))['password']
|
value_name='itemValue'))['password']
|
||||||
}}
|
}}
|
||||||
|
|
||||||
|
- hosts: localhost
|
||||||
|
vars:
|
||||||
|
secret: >-
|
||||||
|
{{
|
||||||
|
lookup(
|
||||||
|
'community.general.tss',
|
||||||
|
102,
|
||||||
|
base_url='https://secretserver.domain.com/SecretServer/',
|
||||||
|
username='user.name',
|
||||||
|
password='password',
|
||||||
|
domain='domain'
|
||||||
|
)
|
||||||
|
}}
|
||||||
|
tasks:
|
||||||
|
- ansible.builtin.debug:
|
||||||
|
msg: >
|
||||||
|
the password is {{
|
||||||
|
(secret['items']
|
||||||
|
| items2dict(key_name='slug',
|
||||||
|
value_name='itemValue'))['password']
|
||||||
|
}}
|
||||||
|
|
||||||
- hosts: localhost
|
- hosts: localhost
|
||||||
vars:
|
vars:
|
||||||
secret_password: >-
|
secret_password: >-
|
||||||
{{ ((lookup('community.general.tss', 1) | from_json).get('items') | items2dict(key_name='slug', value_name='itemValue'))['password'] }}"
|
{{
|
||||||
|
((lookup(
|
||||||
|
'community.general.tss',
|
||||||
|
102,
|
||||||
|
base_url='https://secretserver.domain.com/SecretServer/',
|
||||||
|
token='thycotic_access_token',
|
||||||
|
) | from_json).get('items') | items2dict(key_name='slug', value_name='itemValue'))['password']
|
||||||
|
}}
|
||||||
tasks:
|
tasks:
|
||||||
- ansible.builtin.debug:
|
- ansible.builtin.debug:
|
||||||
msg: the password is {{ secret_password }}
|
msg: the password is {{ secret_password }}
|
||||||
|
@ -142,12 +171,13 @@ except ImportError:
|
||||||
HAS_TSS_SDK = False
|
HAS_TSS_SDK = False
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from thycotic.secrets.server import PasswordGrantAuthorizer, DomainPasswordGrantAuthorizer
|
from thycotic.secrets.server import PasswordGrantAuthorizer, DomainPasswordGrantAuthorizer, AccessTokenAuthorizer
|
||||||
|
|
||||||
HAS_TSS_AUTHORIZER = True
|
HAS_TSS_AUTHORIZER = True
|
||||||
except ImportError:
|
except ImportError:
|
||||||
PasswordGrantAuthorizer = None
|
PasswordGrantAuthorizer = None
|
||||||
DomainPasswordGrantAuthorizer = None
|
DomainPasswordGrantAuthorizer = None
|
||||||
|
AccessTokenAuthorizer = None
|
||||||
HAS_TSS_AUTHORIZER = False
|
HAS_TSS_AUTHORIZER = False
|
||||||
|
|
||||||
|
|
||||||
|
@ -209,6 +239,11 @@ class TSSClientV1(TSSClient):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def _get_authorizer(**server_parameters):
|
def _get_authorizer(**server_parameters):
|
||||||
|
if server_parameters.get("token"):
|
||||||
|
return AccessTokenAuthorizer(
|
||||||
|
server_parameters["token"],
|
||||||
|
)
|
||||||
|
|
||||||
if server_parameters.get("domain"):
|
if server_parameters.get("domain"):
|
||||||
return DomainPasswordGrantAuthorizer(
|
return DomainPasswordGrantAuthorizer(
|
||||||
server_parameters["base_url"],
|
server_parameters["base_url"],
|
||||||
|
@ -238,6 +273,7 @@ class LookupModule(LookupBase):
|
||||||
username=self.get_option("username"),
|
username=self.get_option("username"),
|
||||||
password=self.get_option("password"),
|
password=self.get_option("password"),
|
||||||
domain=self.get_option("domain"),
|
domain=self.get_option("domain"),
|
||||||
|
token=self.get_option("token"),
|
||||||
api_path_uri=self.get_option("api_path_uri"),
|
api_path_uri=self.get_option("api_path_uri"),
|
||||||
token_path_uri=self.get_option("token_path_uri"),
|
token_path_uri=self.get_option("token_path_uri"),
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue