hashi_vault - add support for using mount_point with aws_iam_login au…

…th (#22) * Add support for using mount_point with aws_iam_login auth * Add changelog for #22
ansible-collections · Dec 15, 2020 · a4374fd · a4374fd
1 parent 052c724
commit a4374fd
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/changelogs/fragments/22-hashi_vault-aws_iam_login-mount_point.yml b/changelogs/fragments/22-hashi_vault-aws_iam_login-mount_point.yml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - hashi_vault - ``mount_point`` parameter did not work with ``aws_iam_login`` auth method (https://github.com/ansible-collections/community.hashi_vault/issues/7)
diff --git a/plugins/lookup/hashi_vault.py b/plugins/lookup/hashi_vault.py
@@ -179,6 +179,7 @@
         - section: lookup_hashi_vault
           key: aws_iam_server_id
       required: False
+      version_added: '0.2.0'
 """
 
 EXAMPLES = """
@@ -459,7 +460,7 @@ def auth_approle(self):
         self.client.auth_approle(**params)
 
     def auth_aws_iam_login(self):
-        params = self.options['iam_login_credentials']
+        params = self.options['_auth_aws_iam_login_params']
         if self.hvac_has_auth_methods and hasattr(self.client.auth.aws, 'iam_login'):
             self.client.auth.aws.iam_login(**params)
         else:
@@ -644,9 +645,12 @@ def validate_auth_token(self, auth_method):
     def validate_auth_aws_iam_login(self, auth_method):
         params = {
             'access_key': self.get_option('aws_access_key'),
-            'secret_key': self.get_option('aws_secret_key')
+            'secret_key': self.get_option('aws_secret_key'),
         }
 
+        if self.get_option('mount_point'):
+            params['mount_point'] = self.get_option('mount_point')
+
         if self.get_option('role_id'):
             params['role'] = self.get_option('role_id')
 
@@ -677,7 +681,7 @@ def validate_auth_aws_iam_login(self, auth_method):
             if session_credentials.token:
                 params['session_token'] = session_credentials.token
 
-        self.set_option('iam_login_credentials', params)
+        self.set_option('_auth_aws_iam_login_params', params)
 
     def validate_auth_jwt(self, auth_method):
         self.validate_by_required_fields(auth_method, 'role_id', 'jwt')