73 lines
2.0 KiB
Python
73 lines
2.0 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
"""Unseal Hashicorp Vault servers."""
|
|
|
|
from __future__ import (absolute_import, division, print_function)
|
|
|
|
__metaclass__ = type
|
|
|
|
ANSIBLE_METADATA = {"status": ["stableinterface"], "supported_by": "community", "version": "1.1"}
|
|
|
|
DOCUMENTATION = """
|
|
---
|
|
module: hashivault_unseal
|
|
short_description: Hashicorp Vault unseal module.
|
|
version_added: 1.2.0
|
|
description:
|
|
- "Module to unseal Hashicorp Vault."
|
|
options:
|
|
keys:
|
|
description:
|
|
- Vault key shard(s).
|
|
type: list
|
|
elements: str
|
|
required: true
|
|
author:
|
|
- ownCloud GmbH (@owncloud)
|
|
extends_documentation_fragment:
|
|
- owncloud.general.hashivault
|
|
"""
|
|
|
|
EXAMPLES = """
|
|
---
|
|
- name: Unseal vault
|
|
hashivault_unseal:
|
|
keys:
|
|
- 26479cc0-54bc-4252-9c34-baca54aa5de7
|
|
- 47f942e3-8525-4b44-ba2f-84a4ae81db7d
|
|
- 2ee9c868-4275-4836-8747-4f8fb7611aa0
|
|
url: https://vault.example.com
|
|
"""
|
|
|
|
from ansible_collections.owncloud.general.plugins.module_utils.hashivault import hashivault_argspec
|
|
from ansible_collections.owncloud.general.plugins.module_utils.hashivault import hashivault_client
|
|
from ansible_collections.owncloud.general.plugins.module_utils.hashivault import hashivault_init
|
|
from ansible_collections.owncloud.general.plugins.module_utils.hashivault import hashiwrapper
|
|
|
|
|
|
def main():
|
|
argspec = hashivault_argspec()
|
|
argspec["keys"] = dict(required=True, type="list", elements="str", no_log=True)
|
|
module = hashivault_init(argspec)
|
|
result = hashivault_unseal(module.params)
|
|
if result.get("failed"):
|
|
module.fail_json(**result)
|
|
else:
|
|
module.exit_json(**result)
|
|
|
|
|
|
@hashiwrapper
|
|
def hashivault_unseal(params):
|
|
keys = params.get("keys")
|
|
client = hashivault_client(params)
|
|
if client.sys.is_sealed():
|
|
return {"status": client.sys.submit_unseal_keys(keys), "changed": True}
|
|
|
|
return {"changed": False}
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|