ansible-collections/infisical.vault
1
0
Fork 0
mirror of https://github.com/Infisical/ansible-collection.git synced 2025-08-09 15:44:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add tag filtering

Browse source
This commit is contained in:
Alex Fomenko 2025-01-15 12:50:54 +03:00
commit 3f18746c56
1 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
plugins/lookup/read_secrets.py
View file

@ -61,6 +61,11 @@ options:
required: False
type: string
version_added: 1.0.0
tags:
description: The list of tags that filtering secrets
required: False
type: list[string]
version_added: 1.1.0
"""
EXAMPLES = r"""
@ -68,6 +73,9 @@ vars:
read_all_secrets_within_scope: "{{ lookup('infisical_vault', universal_auth_client_id='<>', universal_auth_client_secret='<>', project_id='<>', path='/', env_slug='dev', url='https://spotify.infisical.com') }}"
# [{ "key": "HOST", "value": "google.com" }, { "key": "SMTP", "value": "gmail.smtp.edu" }]
read_all_secrets_within_scope_filtred_by_tags: "{{ lookup('infisical_vault', universal_auth_client_id='<>', universal_auth_client_secret='<>', project_id='<>', path='/', env_slug='dev', url='https://spotify.infisical.com', tags=['smtp']) }}"
# [{ "key": "SMTP", "value": "gmail.smtp.edu" }]
read_secret_by_name_within_scope: "{{ lookup('infisical_vault', universal_auth_client_id='<>', universal_auth_client_secret='<>', project_id='<>', path='/', env_slug='dev', secret_name='HOST', url='https://spotify.infisical.com') }}"
# [{ "key": "HOST", "value": "google.com" }]
"""
@ -96,11 +104,12 @@ class LookupModule(LookupBase):
envSlug = kwargs.get('env_slug')
path = kwargs.get('path')
project_id = kwargs.get('project_id')
tags = kwargs.get('tags')
if secretName:
return self.get_single_secret(client, project_id, secretName, envSlug, path)
else:
return self.get_all_secrets(client, project_id, envSlug, path)
return self.get_all_secrets(client, project_id, envSlug, path, tags)
def get_single_secret(self, client, project_id, secret_name, environment, path):
try:
@ -115,7 +124,7 @@ class LookupModule(LookupBase):
except Exception as e:
raise AnsibleError(f"Error fetching single secret {e}")
def get_all_secrets(self, client, project_id, environment="dev", path="/"):
def get_all_secrets(self, client, project_id, environment="dev", path="/", tags=[]):
try:
secrets = client.secrets.list_secrets(
project_id=project_id,