Respect VAULT_SKIP_VERIFY envionment variable setting in hashi_vault lookup plugin (#1024) (#1062)

* add skip_certificate_validation from env VAULT_SKIP_VERIFY * use os.envrion.env instead of skip_certificat_validation * fix typo in test * add tests for different truthy options * fix linting * add changelog * change precedence for validate_certs * add precedence test * fix inverted logic * Fix documentation Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/hashi_vault.py Co-authored-by: Felix Fontein <felix@fontein.de> * fix linting * Update plugins/lookup/hashi_vault.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/hashi_vault.py Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit 3af4be34b2) Co-authored-by: markafarrell <mark.andrew.farrell@gmail.com>
2025-08-28 00:41:44 -07:00 · 2020-10-09 15:30:11 +02:00 · 2020-10-09 15:30:11 +02:00 · 713e386c66
commit 713e386c66
parent adf61bf7f4
4 changed files with 71 additions and 3 deletions
--- a/tests/integration/targets/lookup_hashi_vault/lookup_hashi_vault/tasks/approle_test.yml
+++ b/tests/integration/targets/lookup_hashi_vault/lookup_hashi_vault/tasks/approle_test.yml
@ -30,7 +30,7 @@

    - name: 'Failure expected when inexistent secret is read'
      vars:
-          secret_inexistent: "{{ lookup('community.general.:qhashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/secret4 auth_method=approle secret_id=' ~ secret_id ~ ' role_id=' ~ role_id) }}"
+          secret_inexistent: "{{ lookup('community.general.hashi_vault', conn_params ~ 'secret=' ~ vault_kv2_path ~ '/non_existent_secret4 auth_method=approle secret_id=' ~ secret_id ~ ' role_id=' ~ role_id) }}"
      debug:
        msg: 'Failure is expected ({{ secret_inexistent }})'
      register: test_inexistent
--- a/tests/integration/targets/lookup_hashi_vault/lookup_hashi_vault/tasks/tests.yml
+++ b/tests/integration/targets/lookup_hashi_vault/lookup_hashi_vault/tasks/tests.yml
@ -33,3 +33,44 @@
      include_tasks: '{{ auth_type }}_test.yml'
      vars:
        conn_params: 'url=https://localhost:8201 validate_certs=False '
+
+    - name: 'test {{ auth_type }} auth with certs (validation using env VAR, lookup parameters)'
+      include_tasks: '{{ auth_type }}_test.yml'
+      args:
+        apply:
+          vars:
+            conn_params: ''
+          environment:
+            VAULT_ADDR: 'https://localhost:8201'
+            VAULT_SKIP_VERIFY: 1
+
+    - name: 'test {{ auth_type }} auth with certs (validation using env VAR (True), lookup parameters)'
+      include_tasks: '{{ auth_type }}_test.yml'
+      args:
+        apply:
+          vars:
+            conn_params: ''
+          environment:
+            VAULT_ADDR: 'https://localhost:8201'
+            VAULT_SKIP_VERIFY: True
+
+    - name: 'test {{ auth_type }} auth with certs (validation using env VAR (y), lookup parameters)'
+      include_tasks: '{{ auth_type }}_test.yml'
+      args:
+        apply:
+          vars:
+            conn_params: ''
+          environment:
+            VAULT_ADDR: 'https://localhost:8201'
+            VAULT_SKIP_VERIFY: y
+
+    - name: 'test {{ auth_type }} auth with certs (precedence of validate_certs over env VAR, lookup parameters)'
+      include_tasks: '{{ auth_type }}_test.yml'
+      args:
+        apply:
+          vars:
+            conn_params: 'validate_certs=False '
+          environment:
+            VAULT_ADDR: 'https://localhost:8201'
+            VAULT_SKIP_VERIFY: False
+