1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Add option for domain authorization (#3228)

Use DomainPasswordGrantAuthorizer if parameter `domain` is used.
This commit is contained in:
Martin Vician 2021-08-20 12:54:29 +01:00 committed by GitHub
parent c7fccb2c01
commit bcccf4e388
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 9 deletions

View file

@ -0,0 +1,3 @@
minor_changes:
- tss lookup plugin - added new parameter for domain authorization
(https://github.com/ansible-collections/community.general/pull/3228).

View file

@ -45,6 +45,16 @@ options:
- section: tss_lookup
key: password
required: true
domain:
default: ""
description: The domain with which to request the OAuth2 Access Grant.
env:
- name: TSS_DOMAIN
ini:
- section: tss_lookup
key: domain
required: false
version_added: 3.6.0
api_path_uri:
default: /api/v1
description: The path to append to the base URL to form a valid REST
@ -130,7 +140,8 @@ except ImportError:
sdk_version = "0.0.5"
try:
from thycotic.secrets.server import PasswordGrantAuthorizer
from thycotic.secrets.server import PasswordGrantAuthorizer, DomainPasswordGrantAuthorizer
sdK_version_below_v1 = False
except ImportError:
sdK_version_below_v1 = True
@ -138,7 +149,6 @@ except ImportError:
from ansible.utils.display import Display
from ansible.plugins.lookup import LookupBase
display = Display()
@ -147,12 +157,28 @@ class LookupModule(LookupBase):
def Client(server_parameters):
if LooseVersion(sdk_version) < LooseVersion('1.0.0') or sdK_version_below_v1:
return SecretServer(**server_parameters)
return SecretServer(
server_parameters["base_url"],
server_parameters["username"],
server_parameters["password"],
server_parameters["api_path_uri"],
server_parameters["token_path_uri"],
)
else:
# The Password Authorizer became available in v1.0.0 and beyond.
# The Password Authorizer and Domain Password Authorizer
# became available in v1.0.0 and beyond.
# Import only if sdk_version requires it.
# from thycotic.secrets.server import PasswordGrantAuthorizer
if server_parameters["domain"]:
authorizer = DomainPasswordGrantAuthorizer(
server_parameters["base_url"],
server_parameters["username"],
server_parameters["domain"],
server_parameters["password"],
server_parameters["token_path_uri"],
)
else:
authorizer = PasswordGrantAuthorizer(
server_parameters["base_url"],
server_parameters["username"],
@ -175,6 +201,7 @@ class LookupModule(LookupBase):
"base_url": self.get_option("base_url"),
"username": self.get_option("username"),
"password": self.get_option("password"),
"domain": self.get_option("domain"),
"api_path_uri": self.get_option("api_path_uri"),
"token_path_uri": self.get_option("token_path_uri"),
}