1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Move gcp_kms_filters to google.cloud collection (#140)

gcp_kms_filters is a part of google.cloud collection

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
Abhijeet Kasurde 2020-04-10 23:52:39 +05:30 committed by GitHub
parent 20aa1ef55e
commit eb485c5f6f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 0 additions and 91 deletions

1
.github/BOTMETA.yml vendored
View file

@ -166,7 +166,6 @@ files:
$doc_fragments/xenserver.py: $doc_fragments/xenserver.py:
maintainers: bvitnik maintainers: bvitnik
labels: xenserver labels: xenserver
$filters/gcp_kms_filters.py:
$filters/json_query.py: $filters/json_query.py:
$filters/random_mac.py: $filters/random_mac.py:
$httpapis/exos.py: $httpapis/exos.py:

View file

@ -1,90 +0,0 @@
# (c) 2019, Eric Anderson <eric.sysmin@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# Usage:
# vars:
# encrypted_myvar: "{{ var | b64encode | gcp_kms_encrypt(auth_kind='serviceaccount',
# service_account_file='gcp_service_account_file', projects='default',
# key_ring='key_ring', crypto_key='crypto_key') }}"
# decrypted_myvar: "{{ encrypted_myvar | gcp_kms_decrypt(auth_kind='serviceaccount',
# service_account_file=gcp_service_account_file, projects='default',
# key_ring='key_ring', crypto_key='crypto_key') }}"
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from ansible.errors import AnsibleError
from ansible_collections.google.cloud.plugins.module_utils.gcp_utils import GcpSession
class GcpMockModule(object):
def __init__(self, params):
self.params = params
def fail_json(self, *args, **kwargs):
raise AnsibleError(kwargs['msg'])
class GcpKmsFilter():
def run(self, method, **kwargs):
params = {
'ciphertext': kwargs.get('ciphertext', None),
'plaintext': kwargs.get('plaintext', None),
'additional_authenticated_data': kwargs.get('additional_authenticated_data', None),
'key_ring': kwargs.get('key_ring', None),
'crypto_key': kwargs.get('crypto_key', None),
'projects': kwargs.get('projects', None),
'scopes': kwargs.get('scopes', None),
'locations': kwargs.get('locations', 'global'),
'auth_kind': kwargs.get('auth_kind', None),
'service_account_file': kwargs.get('service_account_file', None),
'service_account_email': kwargs.get('service_account_email', None),
}
if not params['scopes']:
params['scopes'] = ['https://www.googleapis.com/auth/cloudkms']
fake_module = GcpMockModule(params)
if method == "encrypt":
return self.kms_encrypt(fake_module)
elif method == "decrypt":
return self.kms_decrypt(fake_module)
def kms_decrypt(self, module):
payload = {"ciphertext": module.params['ciphertext']}
if module.params['additional_authenticated_data']:
payload['additionalAuthenticatedData'] = module.params['additional_authenticated_data']
auth = GcpSession(module, 'cloudkms')
url = "https://cloudkms.googleapis.com/v1/projects/{projects}/locations/{locations}/" \
"keyRings/{key_ring}/cryptoKeys/{crypto_key}:decrypt".format(**module.params)
response = auth.post(url, body=payload)
return response.json()['plaintext']
def kms_encrypt(self, module):
payload = {"plaintext": module.params['plaintext']}
if module.params['additional_authenticated_data']:
payload['additionalAuthenticatedData'] = module.params['additional_authenticated_data']
auth = GcpSession(module, 'cloudkms')
url = "https://cloudkms.googleapis.com/v1/projects/{projects}/locations/{locations}/" \
"keyRings/{key_ring}/cryptoKeys/{crypto_key}:encrypt".format(**module.params)
response = auth.post(url, body=payload)
return response.json()['ciphertext']
def gcp_kms_encrypt(plaintext, **kwargs):
return GcpKmsFilter().run('encrypt', plaintext=plaintext, **kwargs)
def gcp_kms_decrypt(ciphertext, **kwargs):
return GcpKmsFilter().run('decrypt', ciphertext=ciphertext, **kwargs)
class FilterModule(object):
def filters(self):
return {
'gcp_kms_encrypt': gcp_kms_encrypt,
'gcp_kms_decrypt': gcp_kms_decrypt
}