Make credstash lookup plugin support encryption contexts
Previously, the lookup plugin passes all its keyword arguments to credstash's `getSecret`; while this works for passing the standard parameters (version, region and table), this does not allow passing a dictionary of key-value pairs as `getSecret`'s context parameter. Instead, pop `version`, `region` and `table` from `kwargs`, supplying the default value if they are not defined, and pass the rest of the `kwargs` as the `context` parameter.
This commit is contained in:
parent
210cf06d9a
commit
afb2abf980
1 changed files with 5 additions and 1 deletions
|
@ -38,7 +38,11 @@ class LookupModule(LookupBase):
|
|||
ret = []
|
||||
for term in terms:
|
||||
try:
|
||||
val = credstash.getSecret(term, **kwargs)
|
||||
version = kwargs.pop('version', '')
|
||||
region = kwargs.pop('region', None)
|
||||
table = kwargs.pop('table', 'credential-store')
|
||||
val = credstash.getSecret(term, version, region, table,
|
||||
context=kwargs)
|
||||
except credstash.ItemNotFound:
|
||||
raise AnsibleError('Key {0} not found'.format(term))
|
||||
except Exception as e:
|
||||
|
|
Loading…
Reference in a new issue