[Scaleway] Add module to manage function namespaces (#5415)

* [Scaleway] Add module to manage function namespaces Signed-off-by: Lunik <lunik@tiwabbit.fr> * rename short_descriptions Signed-off-by: Lunik <lunik@tiwabbit.fr> * handle changed verification on hashed secret values Signed-off-by: Lunik <lunik@tiwabbit.fr> * fix syntax for python 2.6 Signed-off-by: Lunik <lunik@tiwabbit.fr> * fix missing argon2 in unittest Signed-off-by: Lunik <lunik@tiwabbit.fr> * fix missing value on description field Signed-off-by: Lunik <lunik@tiwabbit.fr> Signed-off-by: Lunik <lunik@tiwabbit.fr>
2025-06-05 07:49:10 -07:00 · 2022-11-02 20:11:04 +01:00 · 2022-11-02 20:11:04 +01:00 · 5fe0f57033
commit 5fe0f57033
parent ea3550d838
13 changed files with 962 additions and 1 deletions
--- a/plugins/module_utils/scaleway.py
+++ b/plugins/module_utils/scaleway.py
@ -11,11 +11,21 @@ import re
 import sys
 import datetime
 import time
+import traceback

-from ansible.module_utils.basic import env_fallback
+from ansible.module_utils.basic import env_fallback, missing_required_lib
 from ansible.module_utils.urls import fetch_url
 from ansible.module_utils.six.moves.urllib.parse import urlencode

+SCALEWAY_SECRET_IMP_ERR = None
+try:
+    from passlib.hash import argon2
+    HAS_SCALEWAY_SECRET_PACKAGE = True
+except Exception:
+    argon2 = None
+    SCALEWAY_SECRET_IMP_ERR = traceback.format_exc()
+    HAS_SCALEWAY_SECRET_PACKAGE = False
+

 def scaleway_argument_spec():
    return dict(
@ -80,6 +90,44 @@ def filter_sensitive_attributes(container, attributes):
    return container


+class SecretVariables(object):
+    @staticmethod
+    def ensure_scaleway_secret_package(module):
+        if not HAS_SCALEWAY_SECRET_PACKAGE:
+            module.fail_json(
+                msg=missing_required_lib("passlib[argon2]", url='https://passlib.readthedocs.io/en/stable/'),
+                exception=SCALEWAY_SECRET_IMP_ERR
+            )
+
+    @staticmethod
+    def dict_to_list(source_dict):
+        return [
+            dict(key=var[0], value=var[1])
+            for var in source_dict.items()
+        ]
+
+    @staticmethod
+    def list_to_dict(source_list, hashed=False):
+        key_value = 'hashed_value' if hashed else 'value'
+        return dict(
+            (var['key'], var[key_value])
+            for var in source_list
+        )
+
+    @classmethod
+    def decode(cls, secrets_list, values_list):
+        secrets_dict = cls.list_to_dict(secrets_list, hashed=True)
+        values_dict = cls.list_to_dict(values_list, hashed=False)
+        for key in values_dict:
+            if key in secrets_dict:
+                if argon2.verify(values_dict[key], secrets_dict[key]):
+                    secrets_dict[key] = values_dict[key]
+                else:
+                    secrets_dict[key] = secrets_dict[key]
+
+        return cls.dict_to_list(secrets_dict)
+
+
 def resource_attributes_should_be_changed(target, wished, verifiable_mutable_attributes, mutable_attributes):
    diff = dict()
    for attr in verifiable_mutable_attributes: