-
Notifications
You must be signed in to change notification settings - Fork 157
/
hashivault_namespace.py
86 lines (73 loc) · 2.45 KB
/
hashivault_namespace.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/bin/python
# -*- coding: utf-8 -*-
from ansible.module_utils.hashivault import hashivault_argspec
from ansible.module_utils.hashivault import hashivault_auth_client
from ansible.module_utils.hashivault import hashivault_init
from ansible.module_utils.hashivault import hashiwrapper
ANSIBLE_METADATA = {'status': ['stableinterface'], 'supported_by': 'community', 'version': '1.1'}
DOCUMENTATION = '''
---
module: hashivault_namespace
version_added: "4.0.1"
short_description: Hashicorp Vault create / delete namespaces
description:
- Module to create or delete Hashicorp Vault namespaces (enterprise only)
options:
name:
description:
- name of the namespace
state:
description:
- state of secret backend. choices: present, disabled
extends_documentation_fragment: hashivault
'''
EXAMPLES = '''
---
- hosts: localhost
tasks:
- hashivault_namespace:
name: teama
- name: "create a child namespace 'team1' in 'teama' ns: teama/team1"
hashivault_namespace:
name: team1
namespace: teama
'''
def main():
argspec = hashivault_argspec()
argspec['name'] = dict(required=True, type='str')
argspec['state'] = dict(required=False, type='str', choices=['present', 'absent'], default='present')
module = hashivault_init(argspec)
result = hashivault_secret_engine(module)
if result.get('failed'):
module.fail_json(**result)
else:
module.exit_json(**result)
@hashiwrapper
def hashivault_secret_engine(module):
params = module.params
client = hashivault_auth_client(params)
name = params.get('name')
state = params.get('state')
current_state = dict()
exists = False
changed = False
try:
# does the ns exist already?
current_state = client.sys.list_namespaces()['data']['keys']
if (name + '/') in current_state:
exists = True
except Exception:
# doesnt exist
pass
# doesnt exist and should or does exist and shouldnt
if (exists and state == 'absent') or (not exists and state == 'present'):
changed = True
# create
if changed and not exists and state == 'present' and not module.check_mode:
client.sys.create_namespace(path=name)
# delete
elif changed and (state == 'absent' or state == 'disabled') and not module.check_mode:
client.sys.delete_namespace(path=name)
return {'changed': changed}
if __name__ == '__main__':
main()