Fixes #21536: Allowing the ability to pass aws session paramters to credstash lookup (#23077)

* Allowing the ability to pass aws session paramters to credstash lookup Fixes #21536 https://github.com/ansible/ansible/issues/21536 * Default environment variable lookup To get around non lookup of environment variables. First, check for environment variables, then look for parameters * Following AWS Precedence http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#config-settings-and-precedence
author: Ben Waters <thebenwaters@users.noreply.github.com> 2017-08-07 18:33:59 +0300
committer: Ryan Brown <sb@ryansb.com> 2017-08-07 11:33:59 -0400
commit: be5e2251a78f182374a8e40b00744b26a7905e68 (patch)
tree: 49d7b164ac7d7d3d3eee972b27e6994906b07975
parent: bdccc2df3c2825d0e194dcd2814553ea7f9e3a98 (diff)
download: ansible-be5e2251a78f182374a8e40b00744b26a7905e68.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/ansible/plugins/lookup/credstash.py b/lib/ansible/plugins/lookup/credstash.py
index 66c8d9950f..8bd2879b8f 100644
--- a/lib/ansible/plugins/lookup/credstash.py
+++ b/lib/ansible/plugins/lookup/credstash.py
@@ -17,6 +17,8 @@
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
+import os
+
 from ansible.errors import AnsibleError
 from ansible.plugins.lookup import LookupBase
 
@@ -41,8 +43,14 @@ class LookupModule(LookupBase):
                 version = kwargs.pop('version', '')
                 region = kwargs.pop('region', None)
                 table = kwargs.pop('table', 'credential-store')
+                profile_name = kwargs.pop('profile_name', os.getenv('AWS_PROFILE', None))
+                aws_access_key_id = kwargs.pop('aws_access_key_id', os.getenv('AWS_ACCESS_KEY_ID', None))
+                aws_secret_access_key = kwargs.pop('aws_secret_access_key', os.getenv('AWS_SECRET_ACCESS_KEY', None))
+                aws_session_token = kwargs.pop('aws_session_token', os.getenv('AWS_SESSION_TOKEN', None))
+                kwargs_pass = {'profile_name': profile_name, 'aws_access_key_id': aws_access_key_id,
+                               'aws_secret_access_key': aws_secret_access_key, 'aws_session_token': aws_session_token}
                 val = credstash.getSecret(term, version, region, table,
-                                          context=kwargs)
+                                          context=kwargs, **kwargs_pass)
             except credstash.ItemNotFound:
                 raise AnsibleError('Key {0} not found'.format(term))
             except Exception as e:
author	Ben Waters <thebenwaters@users.noreply.github.com>	2017-08-07 18:33:59 +0300
committer	Ryan Brown <sb@ryansb.com>	2017-08-07 11:33:59 -0400
commit	be5e2251a78f182374a8e40b00744b26a7905e68 (patch)
tree	49d7b164ac7d7d3d3eee972b27e6994906b07975
parent	bdccc2df3c2825d0e194dcd2814553ea7f9e3a98 (diff)
download	ansible-be5e2251a78f182374a8e40b00744b26a7905e68.tar.gz