Merge pull request #10632 from The-Migus-Group/tss-plugin-amigus

Add Thycotic SecretServer support
2026-04-13 05:59:23 -02:30 · 2021-07-22 08:57:39 -04:00
parent d68c118fd4 edd3554c36
commit 7bfc1702ab
7 changed files with 469 additions and 0 deletions
--- a/awx/main/credential_plugins/tss.py
+++ b/awx/main/credential_plugins/tss.py
@@ -0,0 +1,59 @@
+from .plugin import CredentialPlugin
+from django.utils.translation import ugettext_lazy as _
+
+from thycotic.secrets.server import PasswordGrantAuthorizer, SecretServer, ServerSecret
+
+tss_inputs = {
+    'fields': [
+        {
+            'id': 'server_url',
+            'label': _('Secret Server URL'),
+            'help_text': _('The Base URL of Secret Server e.g. https://myserver/SecretServer or https://mytenant.secretservercloud.com'),
+            'type': 'string',
+        },
+        {
+            'id': 'username',
+            'label': _('Username'),
+            'help_text': _('The (Application) user username'),
+            'type': 'string',
+        },
+        {
+            'id': 'password',
+            'label': _('Password'),
+            'help_text': _('The corresponding password'),
+            'type': 'string',
+            'secret': True,
+        },
+    ],
+    'metadata': [
+        {
+            'id': 'secret_id',
+            'label': _('Secret ID'),
+            'help_text': _('The integer ID of the secret'),
+            'type': 'string',
+        },
+        {
+            'id': 'secret_field',
+            'label': _('Secret Field'),
+            'help_text': _('The field to extract from the secret'),
+            'type': 'string',
+        },
+    ],
+    'required': ['server_url', 'username', 'password', 'secret_id', 'secret_field'],
+}
+
+
+def tss_backend(**kwargs):
+    authorizer = PasswordGrantAuthorizer(kwargs['server_url'], kwargs['username'], kwargs['password'])
+    secret_server = SecretServer(kwargs['server_url'], authorizer)
+    secret_dict = secret_server.get_secret(kwargs['secret_id'])
+    secret = ServerSecret(**secret_dict)
+
+    return secret.fields[kwargs['secret_field']]
+
+
+tss_plugin = CredentialPlugin(
+    'Thycotic Secret Server',
+    tss_inputs,
+    tss_backend,
+)
--- a/awx/main/tests/functional/test_credential.py
+++ b/awx/main/tests/functional/test_credential.py
@@ -98,6 +98,7 @@ def test_default_cred_types():
        'scm',
        'ssh',
        'thycotic_dsv',
+        'thycotic_tss',
        'vault',
        'vmware',
    ]