add read_secret lookup function

.github/workflows/distribute.yaml

@@ -0,0 +1,21 @@
+---
+name: Deploy Collection
+
+# Trigger the workflow however you prefer
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Get the version name from the tags
+        run: echo "RELEASE_VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
+      - name: Build and Deploy Collection
+        uses: artis3n/ansible_galaxy_collection@v2
+        with:
+          api_key: "${{ secrets.GALAXY_API_KEY }}"
+          galaxy_version: "${{ env.RELEASE_VERSION }}"

README.md

@@ -1,3 +1,38 @@
-# Ansible Collection - maidul98.infisical
+# Infisical Collection
+This Ansible Infisical collection includes a variety of Ansible content to help automate the management of Infisical services. This collection is maintained by the Infisical team.
+
+## Ansible version compatibility
+
+Tested with the Ansible Core >= 2.12.0 versions, and the current development version of Ansible. Ansible Core versions prior to 2.12.0 have not been tested.
+
+## Python version compatibility
+
+This collection depends on the Infisical SDK for Python. 
+
+Requires Python 3.7 or greater.
+
+## Installing this collection
+
+You can install the Infisical collection with the Ansible Galaxy CLI:
+
+    ansible-galaxy collection install maidul98.infisical_vault
+
+The python module dependencies are not installed by `ansible-galaxy`.  They can
+be manually installed using pip:
+
+    pip install infisical
+
+## Using this collection
+
+You can either call modules by their Fully Qualified Collection Name (FQCN), such as `infisical.vault.read_secrets`, or you can call modules by their short name if you list the `infisical.vault` collection in the playbook's `collections` keyword:
+
+```yaml
+---
+vars:
+  read_all_secrets_within_scope: "{{ lookup('infisical.vault.read_secrets', token='<>', path='/', env_slug='dev', url='https://spotify.infisical.com') }}"
+  # [{ "key": "HOST", "value": "google.com" }, { "key": "SMTP", "value": "gmail.smtp.edu" }]
+
+  read_secret_by_name_within_scope: "{{ lookup('infisical.vault.read_secrets', token='<>', path='/', env_slug='dev', name='HOST', url='https://spotify.infisical.com') }}"
+  # [{ "key": "HOST", "value": "google.com" }]
+```
 
-Documentation for the collection.

galaxy.yml

@@ -5,7 +5,7 @@
 namespace: maidul98
 
 # The name of the collection. Has the same character restrictions as 'namespace'
-name: infisical
+name: vault
 
 # The version of the collection. Must be compatible with semantic versioning
 version: 1.0.0

plugins/README.md

@@ -1,10 +0,0 @@
-# Collections Plugins Directory
-
-This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that
-is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that
-would contain module utils and modules respectively.
-
-```
-└── plugins
-    ├── lookup
-```

plugins/lookup/fetch_data.py

@@ -1,17 +0,0 @@
-from ansible.errors import AnsibleError
-from ansible.plugins.lookup import LookupBase
-import requests
-
-class LookupModule(LookupBase):
-    
-    def run(self, terms, variables=None, **kwargs):
-        # URL from the terms or you can define it within the plugin
-        url = terms[0]
-
-        try:
-            response = requests.get(url)
-            response.raise_for_status()  # Raise HTTPError for bad responses (4xx and 5xx)
-            return [response.json()]
-        except requests.RequestException as e:
-            raise AnsibleError("Error fetching data from {}: {}".format(url, e))
-

plugins/lookup/read_secrets.py

@@ -0,0 +1,103 @@
+from ansible.errors import AnsibleError
+from ansible.plugins.lookup import LookupBase
+
+HAS_INFISICAL = False
+try:
+    from infisical import InfisicalClient
+    HAS_INFISICAL = True
+except ImportError:
+    HAS_INFISICAL = False
+
+DOCUMENTATION = r"""
+name: read_secrets
+author:
+  - Infisical Inc.
+
+short_description: Look up secrets stored in Infisical
+description:
+  - Retrieve secrets from Infisical, granted the caller has the right permissions to access the secret.
+  - Secrets can be located either by their name for individual secret loopups or by environment/folder path to return all secrets within the given scope.
+
+options:
+  token:
+    description: The Infisical token used to authenticate 
+    env:
+      - name: INFISICAL_TOKEN
+    required: True
+    type: string
+    version_added: 1.0.0
+  url:
+    description: Point to your self hosted instance of Infisical
+    default: "https://app.infisical.com"
+    env:
+      - name: INFISICAL_URL
+    required: False
+    type: string
+    version_added: 1.0.0
+  path:
+    description: "The folder path where the requested secret resides. For example: /services/backend"
+    required: True
+    type: string
+    version_added: 1.0.0
+  env_slug:
+    description: "Used to select from which environment (environment slug) secrets should be fetched from. Environment slug is the short name of a given environment"
+    required: True
+    type: string
+    version_added: 1.0.0
+  secret_name:
+    description: The name of the secret that should be fetched. The name should be exactly as it appears in Infisical
+    required: False
+    type: string
+    version_added: 1.0.0
+"""
+
+EXAMPLES = r"""
+vars:
+  read_all_secrets_within_scope: "{{ lookup('infisical_vault', token='<>', path='/', env_slug='dev', url='https://spotify.infisical.com') }}"
+  # [{ "key": "HOST", "value": "google.com" }, { "key": "SMTP", "value": "gmail.smtp.edu" }]
+
+  read_secret_by_name_within_scope: "{{ lookup('infisical_vault', token='<>', path='/', env_slug='dev', name='HOST', url='https://spotify.infisical.com') }}"
+  # [{ "key": "HOST", "value": "google.com" }]
+"""
+
+class LookupModule(LookupBase):
+    def run(self, terms, variables=None, **kwargs):
+        self.set_options(var_options=variables, direct=kwargs)
+
+        if not HAS_INFISICAL:
+          raise AnsibleError("Please pip install infisical to use the infisical_vault lookup module.")
+
+        infisical_token = self.get_option("token")
+        url = self.get_option("url")
+
+        if not infisical_token:
+            raise AnsibleError("Infisical token is required")
+
+        # Initialize the Infisical client
+        client = InfisicalClient(token=infisical_token, site_url=url)
+
+        secretName = kwargs.get('secret_name')
+        envSlug = kwargs.get('env_slug')
+        path = kwargs.get('path')
+
+        if secretName:
+            return self.get_single_secret(client, secretName, envSlug, path)
+        else:
+            return self.get_all_secrets(client, envSlug, path)
+
+    def get_single_secret(self, client, secret_name, environment, path):
+        try:
+            print(secret_name, environment, path)
+            secret = client.get_secret(secret_name=secret_name, environment=environment, path=path)
+            return [{"value": s.secret_value, "key": s.secret_name}]
+        except Exception as e:
+            print(e)
+            raise AnsibleError(f"Error fetching all secrets {e}")
+
+    def get_all_secrets(self, client, environment="dev", path="/"):
+        try:
+            secrets = client.get_all_secrets(environment=environment, path=path)
+            return [{"value": s.secret_value, "key": s.secret_name} for s in secrets]
+        except Exception as e:
+            raise AnsibleError(f"Error fetching all secrets {e}")
+