def _get_params(self, terms, kwargs): path = terms[0] try: key = terms[1] except IndexError: key = None default = kwargs.get('default', None) params = { 'url': self._get_url(), 'verify': self._get_verify(), 'secret': path, 'key': key, 'default': default, } authtype = os.getenv('VAULT_AUTHTYPE', 'token') params['authtype'] = authtype if authtype == 'approle': params['role_id'] = os.getenv('VAULT_ROLE_ID') params['secret_id'] = os.getenv('VAULT_SECRET_ID') elif authtype == 'userpass' or authtype == 'ldap': params['username'] = os.getenv('VAULT_USER') params['password'] = os.getenv('VAULT_PASSWORD') else: params['token'] = hashivault_default_token() return params
def run(self, terms, variables, **kwargs): path = terms[0] key = terms[1] token = hashivault_default_token() authtype = 'token' params = { 'url': self.get_url(), 'verify': self.get_verify(), 'token': token, 'authtype': 'token', 'secret': path, 'key': key, } result = hashivault_read.hashivault_read(params) if 'value' not in result: raise AnsibleError('Error reading vault %s/%s: %s\n%s' % (path, key, result.get('msg', 'msg not set'), result.get('stack_trace', ''))) return [str(result['value'])]
def _get_params(self, terms, environments, kwargs): path = terms[0] try: key = terms[1] except IndexError: key = None default = kwargs.get('default', None) version = kwargs.get('version') mount_point = kwargs.get('mount_point', 'secret') params = { 'url': self._get_url(environments), 'verify': self._get_verify(environments), 'secret': path, 'key': key, 'default': default, 'version': version, 'mount_point': mount_point, } authtype = self._get_environment(environments, 'VAULT_AUTHTYPE', 'token') params['authtype'] = authtype cacert = self._get_environment(environments, 'VAULT_CACERT') if cacert: params['ca_cert'] = cacert capath = self._get_environment(environments, 'VAULT_CAPATH') if capath: params['ca_path'] = capath params['client_cert'] = os.getenv('VAULT_CLIENT_CERT') params['client_key'] = os.getenv('VAULT_CLIENT_KEY') if authtype == 'approle': params['role_id'] = self._get_environment(environments, 'VAULT_ROLE_ID') params['secret_id'] = self._get_environment( environments, 'VAULT_SECRET_ID') elif authtype == 'userpass' or authtype == 'ldap': params['username'] = self._get_environment(environments, 'VAULT_USER') params['password'] = self._get_environment(environments, 'VAULT_PASSWORD') else: params['token'] = self._get_environment(environments, 'VAULT_TOKEN', hashivault_default_token()) return params
def _get_params(self, terms, environments, kwargs): path = terms[0] try: key = terms[1] except IndexError: key = None default = kwargs.get('default', None) version = kwargs.get('version') mount_point = kwargs.get('mount_point', 'secret') params = { 'url': self._get_url(environments), 'verify': self._get_verify(environments), 'secret': path, 'key': key, 'default': default, 'version': version, 'mount_point': mount_point, } authtype = self._get_environment(environments, 'VAULT_AUTHTYPE', 'token') params['authtype'] = authtype cacert = self._get_environment(environments, 'VAULT_CACERT') if cacert: params['ca_cert'] = cacert capath = self._get_environment(environments, 'VAULT_CAPATH') if capath: params['ca_path'] = capath params['client_cert'] = os.getenv('VAULT_CLIENT_CERT') params['client_key'] = os.getenv('VAULT_CLIENT_KEY') if authtype == 'approle': params['role_id'] = self._get_environment(environments, 'VAULT_ROLE_ID') params['secret_id'] = self._get_environment(environments, 'VAULT_SECRET_ID') elif authtype == 'userpass' or authtype == 'ldap': params['username'] = self._get_environment(environments, 'VAULT_USER') params['password'] = self._get_environment(environments, 'VAULT_PASSWORD') else: params['token'] = self._get_environment(environments, 'VAULT_TOKEN', hashivault_default_token()) return params