Added support for username and password authentication in hashi_vault
lookup plugin.
Fixes: #38878
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Provide Vault App role method to the lookup.
https://www.vaultproject.io/docs/auth/approle.html
Usage :
`{{ lookup('hashi_vault', 'secret=secret/hello:value auth_method=approle role_id=myroleid secret_id=mysecretid url=http://myvault:8200')}}`
You can skip `role_id` and `secret_id` if you set `VAULT_ROLE_ID` and `VAULT_SECRET_ID` environment variables.
* finalize lookup documentation
* minor fixes to ansible-doc
- actually show which file caused error on when listing plugins
- removed redundant display of type and name
* smart quote fixes from toshio
Consolidate the module_utils, constants, and config functions that
convert values into booleans into a single function in module_utils.
Port code to use the module_utils.validate.convert_bool.boolean function
isntead of mk_boolean.
This allows getting the Vault token from the `VAULT_TOKEN` env var or
from the file `$HOME/.vault-token`, as both of these are understood by
the Vault CLI and are a common place to put Vault tokens. This allows
avoiding hard-coding a Vault token into playbooks or having to include
lookups.
`HOME/.vault-token` is nice because a user can authenticate with the CLI
using `vault auth` and then the token will be stored in
`$HOME/.vault-token`. If we read this file, then we allow someone to do
`vault auth` "out of band" to set up Vault access.
* more robust hashi_vault module, and allow querying specific field in secret-dict
* allow fetching entire secret dict with trailing ':'
* process comment by bcoca for PR #13690
Abhijeet Kasurde
Semyon Deviatkin
drewmullen
Chad Anderson
Jonathan Davila
SerJ
Markus Häll
Henri Salo
Gaël Lambert
Sam Doran
igor-pinchuk
Brian Coca
flowerysong
Toshio Kuratomi
Manuvaldi
Adrian Likins
Dag Wieers
Paul Arthur
Marc Abramowitz
Matt Clay
Doug Bridgens
victoru
feliksik
Toshio Kuratomi
Brian Coca
Jonathan Davila