mirror of
https://github.com/Infisical/ansible-collection.git
synced 2025-04-06 10:40:37 -07:00
Update read_secrets.py
This commit is contained in:
Daniel Hougaard
parent
50e046d71e
commit
189c664df7
1 changed files with 32 additions and 28 deletions
|
|
@ -3,9 +3,10 @@ from ansible.plugins.lookup import LookupBase
|
||||||
|
|
||||||
HAS_INFISICAL = False
|
HAS_INFISICAL = False
|
||||||
try:
|
try:
|
||||||
from infisical_client import InfisicalClient, ClientSettings, GetSecretOptions, ListSecretsOptions
|
from infisical_sdk import InfisicalSDKClient
|
||||||
HAS_INFISICAL = True
|
HAS_INFISICAL = True
|
||||||
except ImportError as e:
|
except ImportError as e:
|
||||||
|
print(e)
|
||||||
HAS_INFISICAL = False
|
HAS_INFISICAL = False
|
||||||
|
|
||||||
DOCUMENTATION = r"""
|
DOCUMENTATION = r"""
|
||||||
|
|
@ -72,12 +73,12 @@ vars:
|
||||||
# [{ "key": "HOST", "value": "google.com" }]
|
# [{ "key": "HOST", "value": "google.com" }]
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
class LookupModule(LookupBase):
|
class LookupModule(LookupBase):
|
||||||
def run(self, terms, variables=None, **kwargs):
|
def run(self, terms, variables=None, **kwargs):
|
||||||
self.set_options(var_options=variables, direct=kwargs)
|
self.set_options(var_options=variables, direct=kwargs)
|
||||||
|
|
||||||
if not HAS_INFISICAL:
|
if not HAS_INFISICAL:
|
||||||
raise AnsibleError("Please pip install infisical-python to use the infisical_vault lookup module.")
|
raise AnsibleError("Please pip install infisicalsdk to use the infisical_vault lookup module.")
|
||||||
|
|
||||||
machine_identity_client_id = self.get_option("universal_auth_client_id")
|
machine_identity_client_id = self.get_option("universal_auth_client_id")
|
||||||
machine_identity_client_secret = self.get_option("universal_auth_client_secret")
|
machine_identity_client_secret = self.get_option("universal_auth_client_secret")
|
||||||
|
|
@ -87,56 +88,59 @@ class LookupModule(LookupBase):
|
||||||
if not machine_identity_client_id or not machine_identity_client_secret:
|
if not machine_identity_client_id or not machine_identity_client_secret:
|
||||||
raise AnsibleError("Please provide the universal_auth_client_id and universal_auth_client_secret")
|
raise AnsibleError("Please provide the universal_auth_client_id and universal_auth_client_secret")
|
||||||
|
|
||||||
|
client = InfisicalSDKClient(host=url)
|
||||||
|
|
||||||
|
client.auth.universal_auth.login(
|
||||||
|
machine_identity_client_id,
|
||||||
# Create the client settings
|
machine_identity_client_secret
|
||||||
settings = ClientSettings(
|
|
||||||
client_id=machine_identity_client_id,
|
|
||||||
client_secret=machine_identity_client_secret,
|
|
||||||
site_url=url
|
|
||||||
)
|
)
|
||||||
|
|
||||||
# Initialize the Infisical client
|
|
||||||
client = InfisicalClient(settings=settings)
|
|
||||||
|
|
||||||
secretName = kwargs.get('secret_name')
|
secretName = kwargs.get('secret_name')
|
||||||
envSlug = kwargs.get('env_slug')
|
envSlug = kwargs.get('env_slug')
|
||||||
path = kwargs.get('path')
|
path = kwargs.get('path')
|
||||||
project_id = kwargs.get('project_id')
|
project_id = kwargs.get('project_id')
|
||||||
|
|
||||||
if secretName:
|
if secretName:
|
||||||
return self.get_single_secret(client, project_id, secretName, envSlug, path)
|
return self.get_single_secret(
|
||||||
|
client,
|
||||||
|
project_id,
|
||||||
|
secretName,
|
||||||
|
envSlug,
|
||||||
|
path
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
return self.get_all_secrets(client, project_id, envSlug, path)
|
return self.get_all_secrets(client, project_id, envSlug, path)
|
||||||
|
|
||||||
def get_single_secret(self, client, project_id, secret_name, environment, path):
|
def get_single_secret(
|
||||||
|
self,
|
||||||
|
client,
|
||||||
|
project_id,
|
||||||
|
secret_name,
|
||||||
|
environment,
|
||||||
|
path
|
||||||
|
):
|
||||||
try:
|
try:
|
||||||
|
secret = client.secrets.get_secret_by_name(
|
||||||
options = GetSecretOptions(
|
|
||||||
environment=environment,
|
|
||||||
project_id=project_id,
|
|
||||||
secret_name=secret_name,
|
secret_name=secret_name,
|
||||||
path=path,
|
project_id=project_id,
|
||||||
type="shared"
|
environment_slug=environment,
|
||||||
|
secret_path=path
|
||||||
)
|
)
|
||||||
|
|
||||||
secret = client.getSecret(options=options)
|
return [{"value": secret.secretValue, "key": secret.secretKey}]
|
||||||
return [{"value": secret.secret_value, "key": secret.secret_key}]
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(e)
|
print(e)
|
||||||
raise AnsibleError(f"Error fetching single secret {e}")
|
raise AnsibleError(f"Error fetching single secret {e}")
|
||||||
|
|
||||||
def get_all_secrets(self, client, project_id, environment="dev", path="/"):
|
def get_all_secrets(self, client, project_id, environment="dev", path="/"):
|
||||||
try:
|
try:
|
||||||
options = ListSecretsOptions(
|
secrets = client.secrets.list_secrets(
|
||||||
environment=environment,
|
|
||||||
project_id=project_id,
|
project_id=project_id,
|
||||||
path=path,
|
environment_slug=environment,
|
||||||
|
secret_path=path
|
||||||
)
|
)
|
||||||
secrets = client.listSecrets(options=options)
|
|
||||||
|
|
||||||
return [{"value": s.secret_value, "key": s.secret_key} for s in secrets]
|
return [{"value": s.secretValue, "key": s.secretKey} for s in secrets.secrets]
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
raise AnsibleError(f"Error fetching all secrets {e}")
|
raise AnsibleError(f"Error fetching all secrets {e}")
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue