feat: add hashivault_unseal module #5

Merged
xoxys merged 15 commits from add-hashivault into main 2023-07-30 10:43:37 +00:00
3 changed files with 117 additions and 10 deletions
Showing only changes of commit c0643c8043 - Show all commits

View File

@ -17,7 +17,7 @@ local PythonVersion(pyversion='3.8') = {
local AnsibleVersion(version='devel') = { local AnsibleVersion(version='devel') = {
local gitversion = if version == 'devel' then 'devel' else 'stable-' + version, local gitversion = if version == 'devel' then 'devel' else 'stable-' + version,
name: 'ansible-' + std.strReplace(version, '.', ''), name: 'ansible-' + std.strReplace(version, '.', ''),
image: 'python:3.9', image: 'python:3.10',
environment: { environment: {
PY_COLORS: 1, PY_COLORS: 1,
}, },
@ -106,8 +106,8 @@ local PipelineSanityTest = {
}, },
steps: [ steps: [
AnsibleVersion(version='devel'), AnsibleVersion(version='devel'),
AnsibleVersion(version='2.15'),
AnsibleVersion(version='2.14'), AnsibleVersion(version='2.14'),
AnsibleVersion(version='2.13'),
], ],
depends_on: [ depends_on: [
'unit-test', 'unit-test',

View File

@ -108,7 +108,7 @@ workspace:
steps: steps:
- name: ansible-devel - name: ansible-devel
image: python:3.9 image: python:3.10
commands: commands:
- pip install poetry -qq - pip install poetry -qq
- poetry install - poetry install
@ -120,12 +120,12 @@ steps:
depends_on: depends_on:
- clone - clone
- name: ansible-214 - name: ansible-215
image: python:3.9 image: python:3.10
commands: commands:
- pip install poetry -qq - pip install poetry -qq
- poetry install - poetry install
- poetry run pip install https://github.com/ansible/ansible/archive/stable-2.14.tar.gz --disable-pip-version-check - poetry run pip install https://github.com/ansible/ansible/archive/stable-2.15.tar.gz --disable-pip-version-check
- poetry run ansible --version - poetry run ansible --version
- poetry run ansible-test sanity --exclude .chglog/ --exclude .drone.yml --python 3.9 - poetry run ansible-test sanity --exclude .chglog/ --exclude .drone.yml --python 3.9
environment: environment:
@ -133,12 +133,12 @@ steps:
depends_on: depends_on:
- clone - clone
- name: ansible-213 - name: ansible-214
image: python:3.9 image: python:3.10
commands: commands:
- pip install poetry -qq - pip install poetry -qq
- poetry install - poetry install
- poetry run pip install https://github.com/ansible/ansible/archive/stable-2.13.tar.gz --disable-pip-version-check - poetry run pip install https://github.com/ansible/ansible/archive/stable-2.14.tar.gz --disable-pip-version-check
- poetry run ansible --version - poetry run ansible --version
- poetry run ansible-test sanity --exclude .chglog/ --exclude .drone.yml --python 3.9 - poetry run ansible-test sanity --exclude .chglog/ --exclude .drone.yml --python 3.9
environment: environment:
@ -279,6 +279,6 @@ depends_on:
--- ---
kind: signature kind: signature
hmac: 440b43b8ce15d152c7abdd936c77b25aeb978c5f63e7f7ac9895063afbdba384 hmac: d60a76cb5820c26f16756634312756f06a51c55d81aad7e863c6925a43ae2346
... ...

View File

@ -0,0 +1,107 @@
# -*- coding: utf-8 -*-
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
"""Implement documentation fragment for Hashivault module."""
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
class ModuleDocFragment:
# Standard documentation
DOCUMENTATION = r"""
requirements:
- hvac>=0.10.1
- ansible>=2.0.0
- requests
options:
url:
description:
- URL of the Vault server.
- You can use C(VAULT_ADDR) environment variable.
default: ""
type: str
ca_cert:
description:
- Path to a PEM-encoded CA cert file to use to verify the Vault server
TLS certificate.
- You can use C(VAULT_CACERT) environment variable.
default: ""
type: str
ca_path:
description:
- Path to a directory of PEM-encoded CA cert files to verify the Vault server
TLS certificate. If ca_cert is specified, its value will take precedence.
- You can use C(VAULT_CAPATH) environment variable.
default: ""
type: str
client_cert:
description:
- Path to a PEM-encoded client certificate for TLS authentication to the Vault
server.
- You can use C(VAULT_CLIENT_CERT) environment variable.
default: ""
type: str
client_key:
description:
- Path to an unencrypted PEM-encoded private key matching the client certificate.
- You can use C(VAULT_CLIENT_KEY) environment variable.
default: ""
type: str
verify:
description:
- If set, do not verify presented TLS certificate before communicating with Vault
server. Setting this variable is not recommended except during testing.
- You can use C(VAULT_SKIP_VERIFY) environment variable.
default: false
type: bool
authtype:
description:
- Authentication type.
- You can use C(VAULT_AUTHTYPE) environment variable.
default: "token"
type: str
choices: ["token", "userpass", "github", "ldap", "approle"]
login_mount_point:
description:
- Authentication mount point.
- You can use C(VAULT_LOGIN_MOUNT_POINT) environment variable.
type: str
token:
description:
- Token for vault.
- You can use C(VAULT_TOKEN) environment variable.
type: str
username:
description:
- Username to login to vault.
- You can use C(VAULT_USER) environment variable.
default: ""
type: str
password:
description:
- Password to login to vault.
- You can use C(VAULT_PASSWORD) environment variable.
type: str
role_id:
description:
- Role id for vault.
- You can use C(VAULT_ROLE_ID) environment variable.
type: str
secret_id:
description:
- Secret id for vault.
- You can use C(VAULT_SECRET_ID) environment variable.
type: str
aws_header:
description:
- X-Vault-AWS-IAM-Server-ID Header value to prevent replay attacks.
- You can use C(VAULT_AWS_HEADER) environment variable.
type: str
namespace:
description:
- Namespace for vault.
- You can use C(VAULT_NAMESPACE) environment variable.
type: str
"""