1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/changelogs/fragments/23-hashi-vault-lookup-refresh.yaml
Brian Scholer eaa484eb37
hashi_vault refresh - Add AWS login methods, bugfixes, cleanup (#23)
* hashi_vault refresh from PR in ansible/ansible/#66735

* Duplicate AWS doc fragments, remove version_added

* Restore FQCNames

* Fully qualify examples

* Add changelog for #23 hash_vault refresh

* Reduce examples below 160 chars

* Address review feedback

* Update changelogs/fragments/23-hashi-vault-lookup-refresh.yaml

Use review suggestion

Co-Authored-By: flowerysong <junk+github@flowerysong.com>

Co-authored-by: flowerysong <junk+github@flowerysong.com>
2020-04-28 11:27:37 +00:00

13 lines
1.8 KiB
YAML

bugfixes:
- hashi_vault - when a non-token authentication method like ldap or userpass failed, but a valid token was loaded anyway (via env or token file), the token was used to attempt authentication, hiding the failure of the requested auth method.
- hashi_vault - if used via ``with_hashi_vault`` and a list of n secrets to retrieve, only the first one would be retrieved and returned n times.
- hashi_vault - error messages are now user friendly and don't contain the secret name ( https://github.com/ansible-collections/community.general/issues/54 )
minor_changes:
- hashi_vault - ``secret`` can now be an unnamed argument if it's specified first in the term string (see examples).
- hashi_vault - previously all options had to be supplied via key=value pairs in the term string; now a mix of string and parameters can be specified (see examples).
- hashi_vault - new option ``return_format`` added to control how secrets are returned, including options for multiple secrets and returning raw values with metadata.
- hashi_vault - ``token`` is now an explicit option (and the default) in the choices for ``auth_method``. This matches previous behavior (``auth_method`` omitted resulted in token auth) but makes the value clearer and allows it to be explicitly specified.
- hashi_vault - previous (undocumented) behavior was to attempt to read token from ``~/.vault-token`` if not specified. This is now controlled through ``token_path`` and ``token_file`` options (defaults will mimic previous behavior).
- hashi_vault - INI and additional ENV sources made available for some new and old options.
- hashi_vault - uses newer authentication calls in the HVAC library and falls back to older ones with deprecation warnings.
- hashi_vault - AWS IAM auth method added. Accepts standard ansible AWS params and only loads AWS libraries when needed.