a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
44,104 Commits
16 Branches
186 Tags
290 MiB
Commit Graph

32 Commits (fa47bed71c66ef67efafca1a240fe22bee631a02)

Author SHA1 Message Date
James Cassell bc4ef99533 standardize TLS connection properties (#54315) 
* openstack: standardize tls params

* tower: tower_verify_ssl->validate_certs

* docker: use standard tls config params

- cacert_path -> ca_cert
- cert_path -> client_cert
- key_path -> client_key
- tls_verify -> validate_certs

* k8s: standardize tls connection params

- verify_ssl -> validate_certs
- ssl_ca_cert -> ca_cert
- cert_file -> client_cert
- key_file -> client_key

* ingate: verify_ssl -> validate_certs

* manageiq: standardize tls params

- verify_ssl -> validate_certs
- ca_bundle_path -> ca_cert

* mysql: standardize tls params

- ssl_ca -> ca_cert
- ssl_cert -> client_cert
- ssl_key -> client_key

* nios: ssl_verify -> validate_certs

* postgresql: ssl_rootcert -> ca_cert

* rabbitmq: standardize tls params

- cacert -> ca_cert
- cert -> client_cert
- key -> client_key

* rackspace: verify_ssl -> validate_certs

* vca: verify_certs -> validate_certs

* kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs

* lxd: standardize tls params

- key_file -> client_key
- cert_file -> client_cert

* get_certificate: ca_certs -> ca_cert

* get_certificate.py: clarify one or more certs in a file

Co-Authored-By: jamescassell <code@james.cassell.me>

* zabbix: tls_issuer -> ca_cert

* bigip_device_auth_ldap: standardize tls params

- ssl_check_peer -> validate_certs
- ssl_client_cert -> client_cert
- ssl_client_key -> client_key
- ssl_ca_cert -> ca_cert

* vdirect: vdirect_validate_certs -> validate_certs

* mqtt: standardize tls params

- ca_certs -> ca_cert
- certfile -> client_cert
- keyfile -> client_key

* pulp_repo: standardize tls params

remove `importer_ssl` prefix

* rhn_register: sslcacert -> ca_cert

* yum_repository: standardize tls params

The fix for yum_repository is not straightforward since this module is
only a thin wrapper for the underlying commands and config.  In this
case, we add the new values as aliases, keeping the old as primary,
only due to the internal structure of the module.

Aliases added:
- sslcacert -> ca_cert
- sslclientcert -> client_cert
- sslclientkey -> client_key
- sslverify -> validate_certs

* gitlab_hook: enable_ssl_verification -> hook_validate_certs

* Adjust arguments for docker_swarm inventory plugin.

* foreman callback: standardize tls params

- ssl_cert -> client_cert
- ssl_key -> client_key

* grafana_annotations: validate_grafana_certs -> validate_certs

* nrdp callback: validate_nrdp_certs -> validate_certs

* kubectl connection: standardize tls params

- kubectl_cert_file -> client_cert
- kubectl_key_file -> client_key
- kubectl_ssl_ca_cert -> ca_cert
- kubectl_verify_ssl -> validate_certs

* oc connection: standardize tls params

- oc_cert_file -> client_cert
- oc_key_file -> client_key
- oc_ssl_ca_cert -> ca_cert
- oc_verify_ssl -> validate_certs

* psrp connection: cert_trust_path -> ca_cert

TODO: cert_validation -> validate_certs (multi-valued vs bool)

* k8s inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* openshift inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* tower inventory: verify_ssl -> validate_certs

* hashi_vault lookup: cacert -> ca_cert

* k8s lookup: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* laps_passord lookup: cacert_file -> ca_cert

* changelog for TLS parameter standardization
 2019-03-28 00:19:28 -05:00
Tom Cooper 2b6413558b hashi_vault: Use mount_point kwarg for ldap/userpass login (#54358) 
Fixes: #54249
 2019-03-27 09:41:09 +05:30
Abhijeet Kasurde 32fce43311
hashi_vault: fix multiple spaces in params (#51524) 
Fixes param parsing in hashi_vault

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
 2019-02-13 18:32:00 +05:30
Abhijeet Kasurde 18ed84b877 hashi_vault: add support for userpass authentication (#51538) 
Added support for username and password authentication in hashi_vault
lookup plugin.

Fixes: #38878

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
 2019-02-02 12:32:53 +01:00
Semyon Deviatkin 618caf2168 add env variable VAULT_AUTH_METHOD (#50572) 2019-01-07 22:13:00 +01:00
drewmullen 04a9a887d5 allow for vault enterprise namespaces (#50462) 
* enable namespaces feature for hashi_vault lookup

* include version_added dict in options documentation
 2019-01-03 11:51:13 -05:00
Chad Anderson 6ff7797eaa Move verify up so approle and other methods work as intended. 2018-12-14 11:14:12 -08:00
Jonathan Davila a79b6ec8a2
Update my own author email in comments block 
my ansible/redhat email is not valid, replacing it with something that is.
 2018-06-18 16:15:31 -04:00
SerJ 0ceb717cae Fixed `'HashiVault' object has no attribute 'verify'"}` (#36513) 2018-05-23 16:59:49 -05:00
Markus Häll 58f9676d4b hashi_vault: fix for : in secret name (#39820) 2018-05-08 07:54:25 +02:00
Henri Salo b34ab6a0c4 hashi_vault: fix typo (#36368) 2018-02-19 08:34:05 +01:00
Gaël Lambert 82949f6e6f lookup hashi_vault: Add Vault App role in auth_method (#22403) 
Provide Vault App role method to the lookup.

https://www.vaultproject.io/docs/auth/approle.html

Usage :

`{{ lookup('hashi_vault', 'secret=secret/hello:value auth_method=approle role_id=myroleid secret_id=mysecretid url=http://myvault:8200')}}`

You can skip `role_id` and `secret_id` if you set `VAULT_ROLE_ID` and `VAULT_SECRET_ID` environment variables.
 2017-12-14 13:25:05 -06:00
Sam Doran 6a6ea663ea Return all elements in a more robust way 
If a trailing ':' is set or not, always return all secrets from a path. This was a bug mostly fixed by this PR.

Update examples.
 2017-10-26 13:24:39 -04:00
igor-pinchuk 6b6746dcee Update hashi_vault.py 
Add ability to lookup entire objects in HashiCorp Vault.
When used with auth_method allow skipping SSL verify.
 2017-10-26 13:24:39 -04:00
Brian Coca 24d4787b2d Lookup docs (#30280) 
* finalize lookup documentation
* minor fixes to ansible-doc
 - actually show which file caused error on when listing plugins
 - removed redundant display of type and name
* smart quote fixes from toshio
 2017-09-19 10:49:07 -04:00
flowerysong e2b2ba6bc7 hashi_vault: fix token logic again (#27863) 
The token is not mandatory, and there are more ways of setting it than
passing it in as a module arg.
 2017-08-09 10:53:30 -04:00
Toshio Kuratomi ff22528b07 Consolidate boolean/mk_boolean conversion functions into a single location 
Consolidate the module_utils, constants, and config functions that
convert values into booleans into a single function in module_utils.

Port code to use the module_utils.validate.convert_bool.boolean function
isntead of mk_boolean.
 2017-07-17 11:48:05 -07:00
Manuvaldi 3ff67fc217 hashi_vault module - Add verify param to support ssl Vault (#25159) 
* Fix conflic with HVAC library check

* Fix pep8 error

* hashi_vault add validate_certs parameter
 2017-07-11 12:17:04 -04:00
Adrian Likins 1cad0074f5 code cleanup and error improvement for hashi_vault (#17824) 
Use standard import error handling.
Make error messages more specific.
Use more python idiomatic code.
 2017-07-07 10:17:18 -04:00
Dag Wieers 5553b20828 Collated PEP8 fixes (#25293) 
- Make PEP8 compliant
 2017-06-02 12:14:11 +01:00
Paul Arthur 9c72d478ec hashi_vault: fix token logic 
The token should not be set and checked twice, especially when the
second time overrides a previously set token.
 2017-02-27 09:36:33 -05:00
Marc Abramowitz e2e4a69425 hashi_vault: Get token from env var or file 
This allows getting the Vault token from the `VAULT_TOKEN` env var or
from the file `$HOME/.vault-token`, as both of these are understood by
the Vault CLI and are a common place to put Vault tokens. This allows
avoiding hard-coding a Vault token into playbooks or having to include
lookups.

`HOME/.vault-token` is nice because a user can authenticate with the CLI
using `vault auth` and then the token will be stored in
`$HOME/.vault-token`. If we read this file, then we allow someone to do
`vault auth` "out of band" to set up Vault access.
 2017-02-20 10:10:22 -05:00
Matt Clay 524e5d2c39 PEP 8 cleanup. 2017-01-31 10:16:59 -08:00
Doug Bridgens 65f561e496 added ldap auth capability to hashi_vault plugin (#20244) 
* added ldap authentication capability
 2017-01-31 11:25:50 -05:00
Matt Clay cb76200c7d PEP 8 E111 & E114 cleanup. (#20838) 2017-01-30 15:01:47 -08:00
Matt Clay d0d1158c5e PEP 8 cleanup. (#20789) 
* PEP 8 E703 cleanup.
* PEP 8 E701 cleanup.
* PEP 8 E711 cleanup.
* PEP 8 W191 and E101 cleanup.
 2017-01-28 00:12:11 -08:00
Matt Clay 95789f3949 PEP 8 whitespace cleanup. (#20783) 
* PEP 8 E271 whitespace cleanup.
* PEP 8 W293 whitespace cleanup.
* Fix whitespace issue from recent PR.
 2017-01-27 15:45:23 -08:00
victoru 14901b65d9 raise AnsibleError in hashi_vault lookup plugin when hvac module is not installed (#16859) 2016-08-04 10:06:12 -07:00
feliksik 95cf095222 hashi_vault lookup: be more rebust, and allow fields with other name than 'value' (#13690) 
* more robust hashi_vault module, and allow querying specific field in secret-dict

* allow fetching entire secret dict with trailing ':'

* process comment by bcoca for PR #13690
 2016-05-14 21:48:31 -04:00
Toshio Kuratomi 7aa9f6754a Cleanup more pyflakes warnings (2 real problems) 2015-10-19 12:01:01 -07:00
Brian Coca 7666bde666 updated hashi_vault to new listify, added to changelog 2015-08-10 21:10:00 -04:00
Jonathan Davila 175068fdae Hashicorp Vault lookup Plugin 2015-08-10 19:35:28 -04:00