Make credstash lookup plugin support encryption contexts

Previously, the lookup plugin passes all its keyword arguments to
credstash's `getSecret`; while this works for passing the standard
parameters (version, region and table), this does not allow passing
a dictionary of key-value pairs as `getSecret`'s context parameter.

Instead, pop `version`, `region` and `table` from `kwargs`, supplying
the default value if they are not defined, and pass the rest of the `kwargs`
as the `context` parameter.
This commit is contained in:
Michel Alexandre Salim 2016-01-02 15:23:27 +07:00
parent 210cf06d9a
commit afb2abf980

View file

@ -38,7 +38,11 @@ class LookupModule(LookupBase):
ret = []
for term in terms:
try:
val = credstash.getSecret(term, **kwargs)
version = kwargs.pop('version', '')
region = kwargs.pop('region', None)
table = kwargs.pop('table', 'credential-store')
val = credstash.getSecret(term, version, region, table,
context=kwargs)
except credstash.ItemNotFound:
raise AnsibleError('Key {0} not found'.format(term))
except Exception as e: