1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Fetch secret id's which are in folder by folder id (#6652)

Added function to fetch secret id's by folder id
This commit is contained in:
delinea-sagar 2023-06-09 11:14:05 -04:00 committed by GitHub
parent 61b889749e
commit eddd1ba4f2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 55 additions and 3 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- tss lookup plugin - allow to fetch secret IDs which are in a folder based on folder ID. Previously, we could not fetch secrets based on folder ID but now use ``fetch_secret_ids_from_folder`` option to indicate to fetch secret IDs based on folder ID (https://github.com/ansible-collections/community.general/issues/6223).

View file

@ -26,6 +26,13 @@ options:
description: The integer ID of the secret. description: The integer ID of the secret.
required: true required: true
type: int type: int
fetch_secret_ids_from_folder:
description:
- Boolean flag which indicates whether secret ids are in a folder is fetched by folder ID or not.
- V(true) then the terms will be considered as a folder IDs. Otherwise (default), they are considered as secret IDs.
required: false
type: bool
version_added: 7.1.0
fetch_attachments: fetch_attachments:
description: description:
- Boolean flag which indicates whether attached files will get downloaded or not. - Boolean flag which indicates whether attached files will get downloaded or not.
@ -194,6 +201,26 @@ EXAMPLES = r"""
| items2dict(key_name='slug', | items2dict(key_name='slug',
value_name='itemValue'))['private-key'] value_name='itemValue'))['private-key']
}} }}
# If fetch_secret_ids_from_folder=true then secret IDs are in a folder is fetched based on folder ID
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
fetch_secret_ids_from_folder=true,
base_url='https://secretserver.domain.com/SecretServer/',
token='thycotic_access_token'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
the secret id's are {{
secret
}}
""" """
import abc import abc
@ -204,18 +231,21 @@ from ansible.plugins.lookup import LookupBase
from ansible.utils.display import Display from ansible.utils.display import Display
try: try:
from thycotic.secrets.server import SecretServer, SecretServerError from delinea.secrets.server import SecretServer, SecretServerError
HAS_TSS_SDK = True HAS_TSS_SDK = True
HAS_DELINEA_SS_SDK = True
except ImportError: except ImportError:
try: try:
from delinea.secrets.server import SecretServer, SecretServerError from thycotic.secrets.server import SecretServer, SecretServerError
HAS_TSS_SDK = True HAS_TSS_SDK = True
HAS_DELINEA_SS_SDK = False
except ImportError: except ImportError:
SecretServer = None SecretServer = None
SecretServerError = None SecretServerError = None
HAS_TSS_SDK = False HAS_TSS_SDK = False
HAS_DELINEA_SS_SDK = False
try: try:
from thycotic.secrets.server import PasswordGrantAuthorizer, DomainPasswordGrantAuthorizer, AccessTokenAuthorizer from thycotic.secrets.server import PasswordGrantAuthorizer, DomainPasswordGrantAuthorizer, AccessTokenAuthorizer
@ -270,6 +300,13 @@ class TSSClient(object):
else: else:
return self._client.get_secret_json(secret_id) return self._client.get_secret_json(secret_id)
def get_secret_ids_by_folderid(self, term):
display.debug("tss_lookup term: %s" % term)
folder_id = self._term_to_folder_id(term)
display.vvv(u"Secret Server lookup of Secret id's with Folder ID %d" % folder_id)
return self._client.get_secret_ids_by_folderid(folder_id)
@staticmethod @staticmethod
def _term_to_secret_id(term): def _term_to_secret_id(term):
try: try:
@ -277,6 +314,13 @@ class TSSClient(object):
except ValueError: except ValueError:
raise AnsibleOptionsError("Secret ID must be an integer") raise AnsibleOptionsError("Secret ID must be an integer")
@staticmethod
def _term_to_folder_id(term):
try:
return int(term)
except ValueError:
raise AnsibleOptionsError("Folder ID must be an integer")
class TSSClientV0(TSSClient): class TSSClientV0(TSSClient):
def __init__(self, **server_parameters): def __init__(self, **server_parameters):
@ -345,6 +389,12 @@ class LookupModule(LookupBase):
) )
try: try:
return [tss.get_secret(term, self.get_option("fetch_attachments"), self.get_option("file_download_path")) for term in terms] if self.get_option("fetch_secret_ids_from_folder"):
if HAS_DELINEA_SS_SDK:
return [tss.get_secret_ids_by_folderid(term) for term in terms]
else:
raise AnsibleError("latest python-tss-sdk must be installed to use this plugin")
else:
return [tss.get_secret(term, self.get_option("fetch_attachments"), self.get_option("file_download_path")) for term in terms]
except SecretServerError as error: except SecretServerError as error:
raise AnsibleError("Secret Server lookup failure: %s" % error.message) raise AnsibleError("Secret Server lookup failure: %s" % error.message)