mirror of
https://github.com/ansible/awx.git
synced 2026-02-26 07:26:03 -03:30
Fix DevOps Secrets Vault credential plugin to work with python-dsv-sdk>=1.0.4
Signed-off-by: Andrii Zakurenyi <andrii.zakurenyi@c.delinea.com>
This commit is contained in:
Andrii Zakurenyi
committed by
Seth Foster
Seth Foster
parent
a5f33456b6
commit
bef0a8b23a
@@ -2,29 +2,28 @@ from .plugin import CredentialPlugin
|
|||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
from delinea.secrets.vault import PasswordGrantAuthorizer, SecretsVault
|
||||||
try:
|
|
||||||
from delinea.secrets.vault import SecretsVault
|
|
||||||
except ImportError:
|
|
||||||
from thycotic.secrets.vault import SecretsVault
|
|
||||||
|
|
||||||
|
|
||||||
dsv_inputs = {
|
dsv_inputs = {
|
||||||
'fields': [
|
'fields': [
|
||||||
{
|
{
|
||||||
'id': 'tenant',
|
'id': 'tenant',
|
||||||
'label': _('Tenant'),
|
'label': _('Tenant'),
|
||||||
'help_text': _('The tenant e.g. "ex" when the URL is https://ex.secretservercloud.com'),
|
'help_text': _('The tenant e.g. "ex" when the URL is https://ex.secretsvaultcloud.com'),
|
||||||
'type': 'string',
|
'type': 'string',
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
'id': 'tld',
|
'id': 'tld',
|
||||||
'label': _('Top-level Domain (TLD)'),
|
'label': _('Top-level Domain (TLD)'),
|
||||||
'help_text': _('The TLD of the tenant e.g. "com" when the URL is https://ex.secretservercloud.com'),
|
'help_text': _('The TLD of the tenant e.g. "com" when the URL is https://ex.secretsvaultcloud.com'),
|
||||||
'choices': ['ca', 'com', 'com.au', 'com.sg', 'eu'],
|
'choices': ['ca', 'com', 'com.au', 'eu'],
|
||||||
'default': 'com',
|
'default': 'com',
|
||||||
},
|
},
|
||||||
{'id': 'client_id', 'label': _('Client ID'), 'type': 'string'},
|
{
|
||||||
|
'id': 'client_id',
|
||||||
|
'label': _('Client ID'),
|
||||||
|
'type': 'string',
|
||||||
|
},
|
||||||
{
|
{
|
||||||
'id': 'client_secret',
|
'id': 'client_secret',
|
||||||
'label': _('Client Secret'),
|
'label': _('Client Secret'),
|
||||||
@@ -55,12 +54,26 @@ if settings.DEBUG:
|
|||||||
'id': 'url_template',
|
'id': 'url_template',
|
||||||
'label': _('URL template'),
|
'label': _('URL template'),
|
||||||
'type': 'string',
|
'type': 'string',
|
||||||
'default': 'https://{}.secretsvaultcloud.{}/v1',
|
'default': 'https://{}.secretsvaultcloud.{}',
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
dsv_plugin = CredentialPlugin(
|
|
||||||
'Thycotic DevOps Secrets Vault',
|
def dsv_backend(**kwargs):
|
||||||
dsv_inputs,
|
tenant_name = kwargs['tenant']
|
||||||
lambda **kwargs: SecretsVault(**{k: v for (k, v) in kwargs.items() if k in [field['id'] for field in dsv_inputs['fields']]}).get_secret(kwargs['path'])['data'][kwargs['secret_field']], # fmt: skip
|
tenant_tld = kwargs.get('tld', 'com')
|
||||||
)
|
tenant_url_template = kwargs.get('url_template', 'https://{}.secretsvaultcloud.{}')
|
||||||
|
client_id = kwargs['client_id']
|
||||||
|
client_secret = kwargs['client_secret']
|
||||||
|
secret_path = kwargs['path']
|
||||||
|
secret_field = kwargs['secret_field']
|
||||||
|
|
||||||
|
tenant_url = tenant_url_template.format(tenant_name, tenant_tld.strip("."))
|
||||||
|
|
||||||
|
authorizer = PasswordGrantAuthorizer(tenant_url, client_id, client_secret)
|
||||||
|
dsv_secret = SecretsVault(tenant_url, authorizer).get_secret(secret_path)
|
||||||
|
|
||||||
|
return dsv_secret['data'][secret_field]
|
||||||
|
|
||||||
|
|
||||||
|
dsv_plugin = CredentialPlugin(name='Thycotic DevOps Secrets Vault', inputs=dsv_inputs, backend=dsv_backend)
|
||||||
|
|||||||
Reference in New Issue
Block a user