Make credstash lookup plugin support encryption contexts

Previously, the lookup plugin passes all its keyword arguments to credstash's `getSecret`; while this works for passing the standard parameters (version, region and table), this does not allow passing a dictionary of key-value pairs as `getSecret`'s context parameter. Instead, pop `version`, `region` and `table` from `kwargs`, supplying the default value if they are not defined, and pass the rest of the `kwargs` as the `context` parameter.
9 years ago · afb2abf980
parent 210cf06d9a
commit afb2abf980
1 changed files with 5 additions and 1 deletions
--- a/lib/ansible/plugins/lookup/credstash.py
+++ b/lib/ansible/plugins/lookup/credstash.py
@ -38,7 +38,11 @@ class LookupModule(LookupBase):
        ret = []
        for term in terms:
            try:
-                val = credstash.getSecret(term, **kwargs)
+                version = kwargs.pop('version', '')
+                region = kwargs.pop('region', None)
+                table = kwargs.pop('table', 'credential-store')
+                val = credstash.getSecret(term, version, region, table,
+                                          context=kwargs)
            except credstash.ItemNotFound:
                raise AnsibleError('Key {0} not found'.format(term))
            except Exception as e: