New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add credstash lookup plugin #11778
add credstash lookup plugin #11778
Conversation
from ansible.errors import AnsibleError | ||
from ansible.plugins.lookup import LookupBase | ||
|
||
import credstash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should capture possible import exception and explain that this lookup requires the credstash python library when it fails
for documentation add it and an example to docsites/rst//playbooks_lookups.rst |
Great, thanks a lot for the feedback @bcoca. I've added both now. The build is failing but it looks unrelated to me:
|
Fixed exception handling syntax that would've caused an error in Python 2.4. Could I get an update on this please? Is there anything else that I can do to help move this forward? |
no, sorry, just for us to have enough time to review and merge |
|
||
CREDSTASH_INSTALLED = False | ||
|
||
try: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should be in the run method, otherwise ansible itself will fail to run
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By this we mean the
if not CREDSTASH_INSTALLED:
raise AnsibleError([...])
If importring credstash takes a long time it might be good to move that to inside the lookup module as well but that's an unrelated issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very good point - thanks! I've moved this to inside of the run function.
I don't think that credstash takes a particularly long time to import, but if you feel it'd be best to keep it inside the module then I can move it there.
Update - I've fixed the issues raised above. Thanks a lot for taking the time to check this out. |
Thank you! :) |
Credstash is a small utility for managing secrets using AWS's KMS and DynamoDB: https://github.com/LuminalOSS/credstash
Example usage:
All credstash options (region, table, etc) are also configurable:
I have some small questions about contributing. This lookup plugin has a dependency on the
credstash
module. Is there a way for me to add this as a dependency for the plugin? Is there also a good way for me to add documentation?