def _get_params(self, terms, kwargs):
path = terms[0]
try:
key = terms[1]
except IndexError:
key = None
default = kwargs.get('default', None)
params = {
'url': self._get_url(),
'verify': self._get_verify(),
'secret': path,
'key': key,
'default': default,
}
authtype = os.getenv('VAULT_AUTHTYPE', 'token')
params['authtype'] = authtype
if authtype == 'approle':
params['role_id'] = os.getenv('VAULT_ROLE_ID')
params['secret_id'] = os.getenv('VAULT_SECRET_ID')
elif authtype == 'userpass' or authtype == 'ldap':
params['username'] = os.getenv('VAULT_USER')
params['password'] = os.getenv('VAULT_PASSWORD')
else:
params['token'] = hashivault_default_token()
return params
def run(self, terms, variables, **kwargs):
path = terms[0]
key = terms[1]
token = hashivault_default_token()
authtype = 'token'
params = {
'url': self.get_url(),
'verify': self.get_verify(),
'token': token,
'authtype': 'token',
'secret': path,
'key': key,
}
result = hashivault_read.hashivault_read(params)
if 'value' not in result:
raise AnsibleError('Error reading vault %s/%s: %s\n%s' % (path, key, result.get('msg', 'msg not set'), result.get('stack_trace', '')))
return [str(result['value'])]
def _get_params(self, terms, environments, kwargs):
path = terms[0]
try:
key = terms[1]
except IndexError:
key = None
default = kwargs.get('default', None)
version = kwargs.get('version')
mount_point = kwargs.get('mount_point', 'secret')
params = {
'url': self._get_url(environments),
'verify': self._get_verify(environments),
'secret': path,
'key': key,
'default': default,
'version': version,
'mount_point': mount_point,
}
authtype = self._get_environment(environments, 'VAULT_AUTHTYPE',
'token')
params['authtype'] = authtype
cacert = self._get_environment(environments, 'VAULT_CACERT')
if cacert:
params['ca_cert'] = cacert
capath = self._get_environment(environments, 'VAULT_CAPATH')
if capath:
params['ca_path'] = capath
params['client_cert'] = os.getenv('VAULT_CLIENT_CERT')
params['client_key'] = os.getenv('VAULT_CLIENT_KEY')
if authtype == 'approle':
params['role_id'] = self._get_environment(environments,
'VAULT_ROLE_ID')
params['secret_id'] = self._get_environment(
environments, 'VAULT_SECRET_ID')
elif authtype == 'userpass' or authtype == 'ldap':
params['username'] = self._get_environment(environments,
'VAULT_USER')
params['password'] = self._get_environment(environments,
'VAULT_PASSWORD')
else:
params['token'] = self._get_environment(environments,
'VAULT_TOKEN',
hashivault_default_token())
return params
def _get_params(self, terms, environments, kwargs):
path = terms[0]
try:
key = terms[1]
except IndexError:
key = None
default = kwargs.get('default', None)
version = kwargs.get('version')
mount_point = kwargs.get('mount_point', 'secret')
params = {
'url': self._get_url(environments),
'verify': self._get_verify(environments),
'secret': path,
'key': key,
'default': default,
'version': version,
'mount_point': mount_point,
}
authtype = self._get_environment(environments, 'VAULT_AUTHTYPE', 'token')
params['authtype'] = authtype
cacert = self._get_environment(environments, 'VAULT_CACERT')
if cacert:
params['ca_cert'] = cacert
capath = self._get_environment(environments, 'VAULT_CAPATH')
if capath:
params['ca_path'] = capath
params['client_cert'] = os.getenv('VAULT_CLIENT_CERT')
params['client_key'] = os.getenv('VAULT_CLIENT_KEY')
if authtype == 'approle':
params['role_id'] = self._get_environment(environments, 'VAULT_ROLE_ID')
params['secret_id'] = self._get_environment(environments, 'VAULT_SECRET_ID')
elif authtype == 'userpass' or authtype == 'ldap':
params['username'] = self._get_environment(environments, 'VAULT_USER')
params['password'] = self._get_environment(environments, 'VAULT_PASSWORD')
else:
params['token'] = self._get_environment(environments, 'VAULT_TOKEN', hashivault_default_token())
return params