mirror of
https://github.com/ansible-collections/google.cloud.git
synced 2025-04-06 10:50:28 -07:00
updated plugsins based on feedback, fixed linting and documentation errors.
This commit is contained in:
Dave Costakos
parent
375b317692
commit
3ce29db3ee
1 changed files with 17 additions and 26 deletions
|
|
@ -14,7 +14,7 @@ DOCUMENTATION = '''
|
||||||
- see https://cloud.google.com/iam/docs/service-account-creds for details on creating
|
- see https://cloud.google.com/iam/docs/service-account-creds for details on creating
|
||||||
credentials for Google Cloud and the format of such credentials
|
credentials for Google Cloud and the format of such credentials
|
||||||
- once a secret value is retreived, it is returned decoded. It is up to the developer
|
- once a secret value is retreived, it is returned decoded. It is up to the developer
|
||||||
to maintain secrecy of this value once returned.
|
to maintain secrecy of this value once returned.
|
||||||
|
|
||||||
options:
|
options:
|
||||||
key:
|
key:
|
||||||
|
|
@ -62,7 +62,7 @@ DOCUMENTATION = '''
|
||||||
type: jsonarg
|
type: jsonarg
|
||||||
required: False
|
required: False
|
||||||
access_token:
|
access_token:
|
||||||
description:
|
description:
|
||||||
- support for GCP Access Token
|
- support for GCP Access Token
|
||||||
- defaults to OS env variable GCP_ACCESS_TOKEN if not present
|
- defaults to OS env variable GCP_ACCESS_TOKEN if not present
|
||||||
type: str
|
type: str
|
||||||
|
|
@ -116,11 +116,9 @@ RETURN = '''
|
||||||
# Imports
|
# Imports
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
import json
|
|
||||||
import os
|
import os
|
||||||
import base64
|
import base64
|
||||||
|
|
||||||
|
|
||||||
from ansible.plugins.lookup import LookupBase
|
from ansible.plugins.lookup import LookupBase
|
||||||
from ansible.errors import AnsibleError
|
from ansible.errors import AnsibleError
|
||||||
from ansible.utils.display import Display
|
from ansible.utils.display import Display
|
||||||
|
|
@ -139,12 +137,11 @@ try:
|
||||||
except ImportError:
|
except ImportError:
|
||||||
HAS_GOOGLE_CLOUD_COLLECTION = False
|
HAS_GOOGLE_CLOUD_COLLECTION = False
|
||||||
|
|
||||||
from ansible.errors import AnsibleError
|
|
||||||
from ansible.utils.display import Display
|
|
||||||
|
|
||||||
class GcpLookupException(Exception):
|
class GcpLookupException(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
class GcpMockModule(object):
|
class GcpMockModule(object):
|
||||||
def __init__(self, params):
|
def __init__(self, params):
|
||||||
self.params = params
|
self.params = params
|
||||||
|
|
@ -158,20 +155,23 @@ class GcpMockModule(object):
|
||||||
except getattr(requests.exceptions, "RequestException"):
|
except getattr(requests.exceptions, "RequestException"):
|
||||||
self.fail_json(msg="GCP returned error: %s" % response.json())
|
self.fail_json(msg="GCP returned error: %s" % response.json())
|
||||||
|
|
||||||
|
|
||||||
class LookupModule(LookupBase):
|
class LookupModule(LookupBase):
|
||||||
def run(self, terms=None, variables=None, **kwargs):
|
def run(self, terms=None, variables=None, **kwargs):
|
||||||
self._display = Display()
|
self._display = Display()
|
||||||
if not HAS_GOOGLE_CLOUD_COLLECTION:
|
if not HAS_GOOGLE_CLOUD_COLLECTION:
|
||||||
raise AnsibleError(
|
raise AnsibleError(
|
||||||
"gcp_secret lookup needs a supported version of the google.cloud collection installed. Use `ansible-galaxy collection install google.cloud` to install it"
|
"""gcp_secret lookup needs a supported version of the google.cloud
|
||||||
)
|
collection installed. Use `ansible-galaxy collection install google.cloud`
|
||||||
|
to install it"""
|
||||||
|
)
|
||||||
self.set_options(var_options=variables, direct=kwargs)
|
self.set_options(var_options=variables, direct=kwargs)
|
||||||
params = {
|
params = {
|
||||||
"key": self.get_option("key"),
|
"key": self.get_option("key"),
|
||||||
"version": self.get_option("version"),
|
"version": self.get_option("version"),
|
||||||
"access_token": self.get_option("access_token"),
|
"access_token": self.get_option("access_token"),
|
||||||
"scopes": self.get_option("scopes"),
|
"scopes": self.get_option("scopes"),
|
||||||
"on_error": self.get_option("on_error")
|
"on_error": self.get_option("on_error")
|
||||||
}
|
}
|
||||||
|
|
||||||
params['name'] = params['key']
|
params['name'] = params['key']
|
||||||
|
|
@ -184,7 +184,7 @@ class LookupModule(LookupBase):
|
||||||
fake_module = GcpMockModule(params)
|
fake_module = GcpMockModule(params)
|
||||||
result = self.get_secret(fake_module)
|
result = self.get_secret(fake_module)
|
||||||
return [base64.b64decode(result)]
|
return [base64.b64decode(result)]
|
||||||
|
|
||||||
def fallback_from_env(self, arg):
|
def fallback_from_env(self, arg):
|
||||||
if self.get_option(arg):
|
if self.get_option(arg):
|
||||||
return self.get_option(arg)
|
return self.get_option(arg)
|
||||||
|
|
@ -193,10 +193,9 @@ class LookupModule(LookupBase):
|
||||||
if env_name in os.environ:
|
if env_name in os.environ:
|
||||||
self.set_option(arg, os.environ[env_name])
|
self.set_option(arg, os.environ[env_name])
|
||||||
return self.get_option(arg)
|
return self.get_option(arg)
|
||||||
|
|
||||||
|
|
||||||
# set version to the latest version because
|
# set version to the latest version because
|
||||||
# we can't be sure that "latest" is always going
|
# we can't be sure that "latest" is always going
|
||||||
# to be set if secret versions get disabled
|
# to be set if secret versions get disabled
|
||||||
# see https://issuetracker.google.com/issues/286489671
|
# see https://issuetracker.google.com/issues/286489671
|
||||||
def get_latest_version(self, module, auth):
|
def get_latest_version(self, module, auth):
|
||||||
|
|
@ -213,15 +212,14 @@ class LookupModule(LookupBase):
|
||||||
else:
|
else:
|
||||||
self.raise_error(module, f"Unable to list secret versions via {response.request.url}: {response.json()}")
|
self.raise_error(module, f"Unable to list secret versions via {response.request.url}: {response.json()}")
|
||||||
|
|
||||||
|
|
||||||
def raise_error(self, module, msg):
|
def raise_error(self, module, msg):
|
||||||
if module.params['on_error'] == 'strict':
|
if module.params['on_error'] == 'strict':
|
||||||
raise GcpLookupException(msg)
|
raise GcpLookupException(msg)
|
||||||
elif module.params['on_error'] == 'warn':
|
elif module.params['on_error'] == 'warn':
|
||||||
self._display.warning(msg)
|
self._display.warning(msg)
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def get_secret(self, module):
|
def get_secret(self, module):
|
||||||
auth = GcpSession(module, "secretmanager")
|
auth = GcpSession(module, "secretmanager")
|
||||||
if module.params['version'] == "latest":
|
if module.params['version'] == "latest":
|
||||||
|
|
@ -241,12 +239,5 @@ class LookupModule(LookupBase):
|
||||||
if response.status_code != 200:
|
if response.status_code != 200:
|
||||||
self.raise_error(module, f"Failed to lookup secret value via {response.request.url} {response.status_code}")
|
self.raise_error(module, f"Failed to lookup secret value via {response.request.url} {response.status_code}")
|
||||||
return ''
|
return ''
|
||||||
|
|
||||||
return response.json()['payload']['data']
|
return response.json()['payload']['data']
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue