From afb2abf980a06a9a396075497855adea5d7ada22 Mon Sep 17 00:00:00 2001
From: Michel Alexandre Salim <michel@michel-slm.name>
Date: Sat, 2 Jan 2016 15:23:27 +0700
Subject: [PATCH] Make credstash lookup plugin support encryption contexts

Previously, the lookup plugin passes all its keyword arguments to
credstash's `getSecret`; while this works for passing the standard
parameters (version, region and table), this does not allow passing
a dictionary of key-value pairs as `getSecret`'s context parameter.

Instead, pop `version`, `region` and `table` from `kwargs`, supplying
the default value if they are not defined, and pass the rest of the `kwargs`
as the `context` parameter.
---
 lib/ansible/plugins/lookup/credstash.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/ansible/plugins/lookup/credstash.py b/lib/ansible/plugins/lookup/credstash.py
index 41cc6b894fe..66c8d9950ff 100644
--- a/lib/ansible/plugins/lookup/credstash.py
+++ b/lib/ansible/plugins/lookup/credstash.py
@@ -38,7 +38,11 @@ class LookupModule(LookupBase):
         ret = []
         for term in terms:
             try:
-                val = credstash.getSecret(term, **kwargs)
+                version = kwargs.pop('version', '')
+                region = kwargs.pop('region', None)
+                table = kwargs.pop('table', 'credential-store')
+                val = credstash.getSecret(term, version, region, table,
+                                          context=kwargs)
             except credstash.ItemNotFound:
                 raise AnsibleError('Key {0} not found'.format(term))
             except Exception as e: