mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-24 21:14:00 -07:00 
			
		
		
		
	hashi_vault - Change token_path env var loading precedence (#902)
* Change how vault token is loaded * Add changelog for PR #902 * Update changelogs/fragments/902-hashi_vault-token-path.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/hashi_vault.py Add version_added Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/hashi_vault.py Add version_added Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
		
					parent
					
						
							
								1a5702cf21
							
						
					
				
			
			
				commit
				
					
						ba5b86cf4a
					
				
			
		
					 2 changed files with 15 additions and 1 deletions
				
			
		
							
								
								
									
										5
									
								
								changelogs/fragments/902-hashi_vault-token-path.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								changelogs/fragments/902-hashi_vault-token-path.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,5 @@ | |||
| minor_changes: | ||||
|   - hashi_vault lookup - add ``VAULT_TOKEN_PATH`` as env option to specify ``token_path`` param (https://github.com/ansible-collections/community.general/issues/373). | ||||
|   - hashi_vault lookup - add ``VAULT_TOKEN_FILE`` as env option to specify ``token_file`` param (https://github.com/ansible-collections/community.general/issues/373). | ||||
| bugfixes: | ||||
|   - hashi_vault lookup - ``token_path`` in config file overridden by env ``HOME`` (https://github.com/ansible-collections/community.general/issues/373). | ||||
|  | @ -38,13 +38,17 @@ DOCUMENTATION = """ | |||
|     token_path: | ||||
|       description: If no token is specified, will try to read the token file from this path. | ||||
|       env: | ||||
|         - name: HOME | ||||
|         - name: VAULT_TOKEN_PATH | ||||
|           version_added: 1.2.0 | ||||
|       ini: | ||||
|         - section: lookup_hashi_vault | ||||
|           key: token_path | ||||
|       version_added: '0.2.0' | ||||
|     token_file: | ||||
|       description: If no token is specified, will try to read the token from this file in C(token_path). | ||||
|       env: | ||||
|         - name: VAULT_TOKEN_FILE | ||||
|           version_added: 1.2.0 | ||||
|       ini: | ||||
|         - section: lookup_hashi_vault | ||||
|           key: token_file | ||||
|  | @ -537,6 +541,11 @@ class LookupModule(LookupBase): | |||
| 
 | ||||
|     def validate_auth_token(self, auth_method): | ||||
|         if auth_method == 'token': | ||||
|             if not self.get_option('token_path'): | ||||
|                 # generally we want env vars defined in the spec, but in this case we want | ||||
|                 # the env var HOME to have lower precedence than any other value source, | ||||
|                 # including ini, so we're doing it here after all other processing has taken place | ||||
|                 self.set_option('token_path', os.environ.get('HOME')) | ||||
|             if not self.get_option('token') and self.get_option('token_path'): | ||||
|                 token_filename = os.path.join( | ||||
|                     self.get_option('token_path'), | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue