ansible-collections/infisical.vault
1
0
Fork 0
mirror of https://github.com/Infisical/ansible-collection.git synced 2025-04-04 17:50:33 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update read_secrets.py

Browse source
This commit is contained in:
Daniel Hougaard 2025-01-23 05:00:50 +01:00
parent 50e046d71e
commit 189c664df7
1 changed files with 32 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
plugins/lookup/read_secrets.py
View file

@ -3,9 +3,10 @@ from ansible.plugins.lookup import LookupBase
HAS_INFISICAL = False
try:
from infisical_client import InfisicalClient, ClientSettings, GetSecretOptions, ListSecretsOptions
from infisical_sdk import InfisicalSDKClient
HAS_INFISICAL = True
except ImportError as e:
print(e)
HAS_INFISICAL = False
DOCUMENTATION = r"""
@ -72,12 +73,12 @@ vars:
# [{ "key": "HOST", "value": "google.com" }]
"""
class LookupModule(LookupBase):
def run(self, terms, variables=None, **kwargs):
self.set_options(var_options=variables, direct=kwargs)
if not HAS_INFISICAL:
raise AnsibleError("Please pip install infisical-python to use the infisical_vault lookup module.")
raise AnsibleError("Please pip install infisicalsdk to use the infisical_vault lookup module.")
machine_identity_client_id = self.get_option("universal_auth_client_id")
machine_identity_client_secret = self.get_option("universal_auth_client_secret")
@ -87,56 +88,59 @@ class LookupModule(LookupBase):
if not machine_identity_client_id or not machine_identity_client_secret:
raise AnsibleError("Please provide the universal_auth_client_id and universal_auth_client_secret")
client = InfisicalSDKClient(host=url)
# Create the client settings
settings = ClientSettings(
client_id=machine_identity_client_id,
client_secret=machine_identity_client_secret,
site_url=url
client.auth.universal_auth.login(
machine_identity_client_id,
machine_identity_client_secret
)
# Initialize the Infisical client
client = InfisicalClient(settings=settings)
secretName = kwargs.get('secret_name')
envSlug = kwargs.get('env_slug')
path = kwargs.get('path')
project_id = kwargs.get('project_id')
if secretName:
return self.get_single_secret(client, project_id, secretName, envSlug, path)
return self.get_single_secret(
client,
project_id,
secretName,
envSlug,
path
)
else:
return self.get_all_secrets(client, project_id, envSlug, path)
def get_single_secret(self, client, project_id, secret_name, environment, path):
def get_single_secret(
self,
client,
project_id,
secret_name,
environment,
path
):
try:
options = GetSecretOptions(
environment=environment,
project_id=project_id,
secret = client.secrets.get_secret_by_name(
secret_name=secret_name,
path=path,
type="shared"
project_id=project_id,
environment_slug=environment,
secret_path=path
)
secret = client.getSecret(options=options)
return [{"value": secret.secret_value, "key": secret.secret_key}]
return [{"value": secret.secretValue, "key": secret.secretKey}]
except Exception as e:
print(e)
raise AnsibleError(f"Error fetching single secret {e}")
def get_all_secrets(self, client, project_id, environment="dev", path="/"):
try:
options = ListSecretsOptions(
environment=environment,
secrets = client.secrets.list_secrets(
project_id=project_id,
path=path,
environment_slug=environment,
secret_path=path
)
secrets = client.listSecrets(options=options)
return [{"value": s.secret_value, "key": s.secret_key} for s in secrets]
return [{"value": s.secretValue, "key": s.secretKey} for s in secrets.secrets]
except Exception as e:
raise AnsibleError(f"Error fetching all secrets {e}")