Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

hashi_vault: Perform a LIST request when secret path ends with a slash #55769

Open
wants to merge 1 commit into
base: devel
from

Conversation

Projects
None yet
2 participants
@Normo
Copy link

commented Apr 25, 2019

SUMMARY

Backwards-compatible, minimal adaption of 'hashi_vault' lookup script to also perform a LIST request, which is an essential part of HashiCorp Vault API.

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME
  • hashi_vault lookup plugin
ADDITIONAL INFORMATION

Example Playbook (you should set environment variables VAULT_ADDR and VAULT_TOKEN to access your running HashiCorp Vault instance):

- name: Accessing a path not ending in a slash (this works!)
  debug:
    msg:
      - "{{ lookup('hashi_vault', 'secret=secrets/some/path/some_secret1') }}"

- name: Accessing a path ending with a slash should return a list of subsequent secrets. (This does not work, yet!)
  loop: "{{ lookup('hashi_vault', 'secret=secrets/some/path/:keys') }}"
  debug:
    msg: "{{ item }}"
Before change:

fatal: [example.com]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'hashi_vault'. Error was a <class 'ansible.errors.AnsibleError'>, original message: The secret secrets/some/path/ doesn't seem to exist for hashi_vault lookup"}


After change:

ok: [example.com] => {
    "msg": [
        "some_secret1",
        "some_secret2",
        "..."
    ]
}
@ansibot

This comment has been minimized.

Copy link
Contributor

commented Apr 25, 2019

@Normo

This comment has been minimized.

Copy link
Author

commented May 3, 2019

ready_for_review

@Normo

This comment has been minimized.

Copy link
Author

commented May 13, 2019

bot_status

@ansibot

This comment has been minimized.

Copy link
Contributor

commented May 13, 2019

Components

lib/ansible/plugins/lookup/hashi_vault.py
support: community
maintainers: defionscode

Metadata

waiting_on: maintainer
changes_requested_by: null
needs_info: False
needs_revision: False
needs_rebase: False
merge_commits: []
too many files or commits: False
mergeable_state: clean
shippable_status: success
maintainer_shipits (module maintainers): 0
community_shipits (namespace maintainers): 0
ansible_shipits (core team members): 0
shipit_actors (maintainer or core team member): []
shipit_actors_other: []
automerge: automerge shipit test failed

click here for bot help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.