diff options
| author | Michel Alexandre Salim <michel@michel-slm.name> | 2016-01-02 15:23:27 +0700 |
|---|---|---|
| committer | Michel Alexandre Salim <michel@michel-slm.name> | 2016-01-02 15:23:27 +0700 |
| commit | afb2abf980a06a9a396075497855adea5d7ada22 (patch) | |
| tree | 8c05d86e9d880e553dfc3e9e250abd1bf049dcdd | |
| parent | 210cf06d9ac8e62b15d6f34e9c63c1b98986a1d5 (diff) | |
| download | ansible-afb2abf980a06a9a396075497855adea5d7ada22.tar.gz | |
Make credstash lookup plugin support encryption contexts
Previously, the lookup plugin passes all its keyword arguments to
credstash's `getSecret`; while this works for passing the standard
parameters (version, region and table), this does not allow passing
a dictionary of key-value pairs as `getSecret`'s context parameter.
Instead, pop `version`, `region` and `table` from `kwargs`, supplying
the default value if they are not defined, and pass the rest of the `kwargs`
as the `context` parameter.
| -rw-r--r-- | lib/ansible/plugins/lookup/credstash.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/ansible/plugins/lookup/credstash.py b/lib/ansible/plugins/lookup/credstash.py index 41cc6b894f..66c8d9950f 100644 --- a/lib/ansible/plugins/lookup/credstash.py +++ b/lib/ansible/plugins/lookup/credstash.py @@ -38,7 +38,11 @@ class LookupModule(LookupBase): ret = [] for term in terms: try: - val = credstash.getSecret(term, **kwargs) + version = kwargs.pop('version', '') + region = kwargs.pop('region', None) + table = kwargs.pop('table', 'credential-store') + val = credstash.getSecret(term, version, region, table, + context=kwargs) except credstash.ItemNotFound: raise AnsibleError('Key {0} not found'.format(term)) except Exception as e: |