add credstash lookup plugin #11778
add credstash lookup plugin #11778
Conversation
from ansible.errors import AnsibleError | ||
from ansible.plugins.lookup import LookupBase | ||
|
||
import credstash |
bcoca
Jul 30, 2015
Member
we should capture possible import exception and explain that this lookup requires the credstash python library when it fails
we should capture possible import exception and explain that this lookup requires the credstash python library when it fails
for documentation add it and an example to docsites/rst//playbooks_lookups.rst |
Great, thanks a lot for the feedback @bcoca. I've added both now. The build is failing but it looks unrelated to me:
|
Fixed exception handling syntax that would've caused an error in Python 2.4. Could I get an update on this please? Is there anything else that I can do to help move this forward? |
no, sorry, just for us to have enough time to review and merge |
|
||
CREDSTASH_INSTALLED = False | ||
|
||
try: |
bcoca
Aug 5, 2015
Member
this should be in the run method, otherwise ansible itself will fail to run
this should be in the run method, otherwise ansible itself will fail to run
abadger
Aug 5, 2015
Member
By this we mean the
if not CREDSTASH_INSTALLED:
raise AnsibleError([...])
If importring credstash takes a long time it might be good to move that to inside the lookup module as well but that's an unrelated issue.
By this we mean the
if not CREDSTASH_INSTALLED:
raise AnsibleError([...])
If importring credstash takes a long time it might be good to move that to inside the lookup module as well but that's an unrelated issue.
scottcunningham
Aug 6, 2015
Author
Contributor
Very good point - thanks! I've moved this to inside of the run function.
I don't think that credstash takes a particularly long time to import, but if you feel it'd be best to keep it inside the module then I can move it there.
Very good point - thanks! I've moved this to inside of the run function.
I don't think that credstash takes a particularly long time to import, but if you feel it'd be best to keep it inside the module then I can move it there.
except credstash.ItemNotFound: | ||
raise AnsibleError('Key {} not found'.format(term)) | ||
except Exception, e: | ||
raise AnsibleError('Encountered exception while fetching {}: {}'.format(term, e.message)) |
abadger
Aug 5, 2015
Member
Lookup plugins run on the controller. The minimum python version for the controller is python 2.6. So str.format() can't use "{}". The easy workaround is to use "{0}" and "{1}" instead.
Lookup plugins run on the controller. The minimum python version for the controller is python 2.6. So str.format() can't use "{}". The easy workaround is to use "{0}" and "{1}" instead.
scottcunningham
Aug 6, 2015
Author
Contributor
Good point - I've updated the PR to fix this.
Good point - I've updated the PR to fix this.
Update - I've fixed the issues raised above. Thanks a lot for taking the time to check this out. |
Thank you! :) |
Credstash is a small utility for managing secrets using AWS's KMS and DynamoDB: https://github.com/LuminalOSS/credstash
Example usage:
All credstash options (region, table, etc) are also configurable:
I have some small questions about contributing. This lookup plugin has a dependency on the
credstash
module. Is there a way for me to add this as a dependency for the plugin? Is there also a good way for me to add documentation?