Added option for disabling MSI autodiscover feature in azure_keyvault_secret lookup plugin

[nalle]

SUMMARY

Added an option to be able to disable MSI autodiscover feature.

The default for the module is to assume that the MSI metadata URL is available, which slows down the module considerably when not being able to access that IP.

This way the original intended functionality is preserved and we who want to use it without MSI available can do so without an almost 30s penalty.

Some things had to be moved around due to where the options kwarg is available.

ISSUE TYPE

• Feature Pull Request

COMPONENT NAME

azure.azcollection.azure_keyvault_secret

ADDITIONAL INFORMATION

Below follows a paste from running with and without MSI autodiscover enabled
With MSI autodiscovery without MSI metadata host:

PLAY [localhost] ***************************************************************************************************************************************************************************

TASK [debug] *******************************************************************************************************************************************************************************
Friday 19 August 2022  09:35:14 +0200 (0:00:00.016)       0:00:00.016 *********
Your credentials class does not support session injection. Performance will not be at the maximum.
ok: [localhost] => {
    "msg": "the value of this secret is <redacted>"
}

PLAY RECAP *********************************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Friday 19 August 2022  09:35:42 +0200 (0:00:28.608)       0:00:28.624 *********
===============================================================================
debug ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 28.61s
Playbook run took 0 days, 0 hours, 0 minutes, 28 seconds

Without MSI autodiscovery enabled:

PLAY [localhost] ***************************************************************************************************************************************************************************

TASK [debug] *******************************************************************************************************************************************************************************
Friday 19 August 2022  09:35:06 +0200 (0:00:00.019)       0:00:00.019 *********
Your credentials class does not support session injection. Performance will not be at the maximum.
ok: [localhost] => {
    "msg": "the value of this secret is <redacted>"
}

PLAY RECAP *********************************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Friday 19 August 2022  09:35:07 +0200 (0:00:00.920)       0:00:00.939 *********
===============================================================================
debug ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.92s
Playbook run took 0 days, 0 hours, 0 minutes, 0 seconds

And some examples that were in the previous pull request

Using MSI autodiscovery

  connection: local
  vars:
    azure_keyvault_url: https://something.vault.azure.net
    azure_client_id: xxxxxx-xxxx-xxxxx-xxxxx
    azure_secret: xxxxxx-xxx-xxxxx-xxxxxx
    azure_tenant_id: xxxxxxx-xxxx-xxxxx-xxxxx-
  tasks:
    - debug:
        msg: "{{ lookup('azure.azcollection.azure_keyvault_secret','secretname',vault_url=azure_keyvault_url, client_id=azure_client_id, secret=azure_secret, tenant_id=azure_tenant_id) }}

Without MSI autodiscovery

  connection: local
  vars:
    azure_keyvault_url: https://something.vault.azure.net
    azure_client_id: xxxxxx-xxxx-xxxxx-xxxxx
    azure_secret: xxxxxx-xxx-xxxxx-xxxxxx
    azure_tenant_id: xxxxxxx-xxxx-xxxxx-xxxxx-
  tasks:
    - debug:
        msg: "{{ lookup('azure.azcollection.azure_keyvault_secret','secretname',vault_url=azure_keyvault_url, client_id=azure_client_id, secret=azure_secret, tenant_id=azure_tenant_id, use_msi=False) }}

[nalle]

@Fred-sun ok, new pull request that looks a lot better than #956 and should be free from conflicts

[Fred-sun]

Small change request!