Make credstash lookup plugin support encryption contexts
Previously, the lookup plugin passes all its keyword arguments to credstash's `getSecret`; while this works for passing the standard parameters (version, region and table), this does not allow passing a dictionary of key-value pairs as `getSecret`'s context parameter. Instead, pop `version`, `region` and `table` from `kwargs`, supplying the default value if they are not defined, and pass the rest of the `kwargs` as the `context` parameter.
This commit is contained in:
parent
210cf06d9a
commit
afb2abf980
1 changed files with 5 additions and 1 deletions
|
@ -38,7 +38,11 @@ class LookupModule(LookupBase):
|
||||||
ret = []
|
ret = []
|
||||||
for term in terms:
|
for term in terms:
|
||||||
try:
|
try:
|
||||||
val = credstash.getSecret(term, **kwargs)
|
version = kwargs.pop('version', '')
|
||||||
|
region = kwargs.pop('region', None)
|
||||||
|
table = kwargs.pop('table', 'credential-store')
|
||||||
|
val = credstash.getSecret(term, version, region, table,
|
||||||
|
context=kwargs)
|
||||||
except credstash.ItemNotFound:
|
except credstash.ItemNotFound:
|
||||||
raise AnsibleError('Key {0} not found'.format(term))
|
raise AnsibleError('Key {0} not found'.format(term))
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
|
Loading…
Reference in a new issue