External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-14 03:10:42 -03:30
Code Issues Packages Projects Releases Wiki Activity

add credential plugin support for Azure Key Vault

Browse Source
This commit is contained in:
Ryan Petrello 2019-02-22 01:21:08 -05:00 committed by Jake McDermott
parent 0a87469225
commit 4ed5bca5e3
No known key found for this signature in database
GPG Key ID: 9A6F084352C3A0B7
5 changed files with 81 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
awx/main/credential_plugins/azure_kv.py Normal file
View File

@ -0,0 +1,62 @@
from .plugin import CredentialPlugin
from azure.keyvault import KeyVaultClient, KeyVaultAuthentication
from azure.common.credentials import ServicePrincipalCredentials
azure_keyvault_inputs = {
'fields': [{
'id': 'url',
'label': 'Vault URL (DNS Name)',
'type': 'string',
}, {
'id': 'client',
'label': 'Client ID',
'type': 'string'
}, {
'id': 'secret',
'label': 'Client Secret',
'type': 'string',
'secret': True,
}, {
'id': 'tenant',
'label': 'Tenant ID',
'type': 'string'
}, {
'id': 'secret_field',
'label': 'Secret Name',
'type': 'string',
'help_text': 'The name of the secret to look up.',
}, {
'id': 'secret_version',
'label': 'Secret Version',
'type': 'string',
'help_text': 'Used to specify a specific secret version (if left empty, the latest version will be used).',
}],
'required': ['url', 'client', 'secret', 'tenant'],
}
def azure_keyvault_backend(**kwargs):
url = kwargs['url']
def auth_callback(server, resource, scope):
credentials = ServicePrincipalCredentials(
url = url,
client_id = kwargs['client'],
secret = kwargs['secret'],
tenant = kwargs['tenant'],
resource = "https://vault.azure.net",
)
token = credentials.token
return token['token_type'], token['access_token']
kv = KeyVaultClient(KeyVaultAuthentication(auth_callback))
return kv.get_secret(url, kwargs['secret_field'], kwargs.get('secret_version', '')).value
azure_keyvault_plugin = CredentialPlugin(
'Microsoft Azure Key Vault',
inputs=azure_keyvault_inputs,
backend=azure_keyvault_backend
)

3
requirements/requirements.in
View File

@ -2,6 +2,7 @@ ansible-runner==1.3.1
appdirs==1.4.2
asgi-amqp==1.1.3
asgiref==1.1.2
azure-keyvault==1.1.0
boto==2.47.0
channels==1.1.8
celery==4.2.1
@ -39,7 +40,7 @@ python-radius==1.0
python3-saml==1.4.0
social-auth-core==3.0.0
social-auth-app-django==2.1.0
requests<2.16 # Older versions rely on certify
requests==2.21.0
requests-futures==0.9.7
service-identity==17.0.0
slackclient==1.1.2

21
requirements/requirements.txt
View File

@ -4,6 +4,7 @@
#
# pip-compile requirements/requirements.in
#
adal==1.2.1 # via msrestazure
amqp==2.3.2 # via kombu
ansible-runner==1.3.1
appdirs==1.4.2
@ -14,13 +15,18 @@ asn1crypto==0.24.0 # via cryptography
attrs==18.2.0 # via automat, service-identity, twisted
autobahn==19.2.1 # via daphne
automat==0.7.0 # via twisted
azure-common==1.1.18 # via azure-keyvault
azure-keyvault==1.1.0
azure-nspkg==3.0.2 # via azure-keyvault
billiard==3.5.0.5 # via celery
boto==2.47.0
celery==4.2.1
certifi==2018.11.29 # via msrest, requests
cffi==1.12.1 # via cryptography
channels==1.1.8
chardet==3.0.4 # via requests
constantly==15.1.0 # via twisted
cryptography==2.5 # via pyopenssl
cryptography==2.5 # via adal, azure-keyvault, pyopenssl
daphne==1.3.0
defusedxml==0.5.0
django-auth-ldap==1.7.0
@ -41,11 +47,11 @@ djangorestframework==3.7.7
future==0.16.0 # via django-radius
hvac==0.7.1
hyperlink==18.0.0 # via twisted
idna==2.8 # via hyperlink
idna==2.8 # via hyperlink, requests
incremental==17.5.0 # via twisted
inflect==2.1.0 # via jaraco.itertools
irc==16.2
isodate==0.6.0 # via python3-saml
isodate==0.6.0 # via msrest, python3-saml
jaraco.classes==2.0 # via jaraco.collections
jaraco.collections==2.0 # via irc, jaraco.text
jaraco.functools==2.0 # via irc, jaraco.text, tempora
@ -62,6 +68,8 @@ markdown==2.6.11
markupsafe==1.1.0 # via jinja2
more-itertools==6.0.0 # via irc, jaraco.functools, jaraco.itertools
msgpack-python==0.5.6 # via asgi-amqp
msrest==0.6.4 # via azure-keyvault, msrestazure
msrestazure==0.6.0 # via azure-keyvault
netaddr==0.7.19 # via pyrad
oauthlib==2.0.6 # via django-oauth-toolkit, requests-oauthlib, social-auth-core
ordereddict==1.1
@ -75,7 +83,7 @@ pyasn1==0.4.5 # via pyasn1-modules, python-ldap, service-identity
pycparser==2.19 # via cffi
pygerduty==0.37.0
pyhamcrest==1.9.0 # via twisted
pyjwt==1.7.1 # via social-auth-core, twilio
pyjwt==1.7.1 # via adal, social-auth-core, twilio
pyopenssl==19.0.0 # via service-identity
pyparsing==2.2.0
pyrad==2.1 # via django-radius
@ -90,8 +98,8 @@ python3-saml==1.4.0
pytz==2018.9 # via celery, django, irc, tempora, twilio
pyyaml==3.13 # via djangorestframework-yaml
requests-futures==0.9.7
requests-oauthlib==1.2.0 # via social-auth-core
requests[security]==2.15.1
requests-oauthlib==1.2.0 # via msrest, social-auth-core
requests[security]==2.21.0
service-identity==17.0.0
simplejson==3.16.0 # via uwsgitop
six==1.12.0 # via asgi-amqp, asgiref, autobahn, automat, cryptography, django-extensions, irc, isodate, jaraco.classes, jaraco.collections, jaraco.itertools, jaraco.logging, jaraco.stream, pygerduty, pyhamcrest, pyopenssl, pyrad, python-dateutil, python-memcached, slackclient, social-auth-app-django, social-auth-core, tacacs-plus, tempora, twilio, txaio, websocket-client
@ -104,6 +112,7 @@ twilio==6.10.4
twisted==18.9.0 # via daphne
txaio==18.8.1 # via autobahn
typing==3.6.6 # via django-extensions
urllib3==1.24.1 # via requests
uwsgi==2.0.17
uwsgitop==0.10.0
vine==1.2.0 # via amqp

1
setup.py
View File

@ -116,6 +116,7 @@ setup(
],
'awx.credential_plugins': [
'hashivault = awx.main.credential_plugins.hashivault:hashivault_plugin',
'azure_kv = awx.main.credential_plugins.azure_kv:azure_keyvault_plugin',
]
},
data_files = proc_data_files([

1
tools/docker-compose/awx.egg-info/entry_points.txt
View File

@ -4,3 +4,4 @@ awx-manage = awx:manage
[awx.credential_plugins]
hashivault = awx.main.credential_plugins.hashivault:hashivault_plugin
azure_kv = awx.main.credential_plugins.azure_kv:azure_keyvault_plugin