internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-03-26 21:33:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update TSS lookup plugin documentation and add Delinea Platform authentication examples (#11031)

Browse Source 
* - Update documentation from Thycotic to Delinea branding
- Add comprehensive Platform authentication examples
- Enhance existing examples with clearer task names
- Improve RETURN section documentation
- Fix AccessTokenAuthorizer initialization with base_url parameter
- Add support for both Secret Server and Platform authentication methods

* Fixed lintitng issue and added changelog fragment file.

* Removed documentation changes from changelog file.
This commit is contained in:
delinea-sagar
2025-11-10 00:31:37 -05:00
committed by GitHub
parent 60828e82a4
commit 3cbe44e269
2 changed files with 57 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/11031-tss-lookup-delinea-rebranding.yml Normal file
View File

@@ -0,0 +1,2 @@
minor_changes:
- "tss lookup plugin - fixed ``AccessTokenAuthorizer`` initialization to include ``base_url`` parameter for proper token authentication (https://github.com/ansible-collections/community.general/pull/11031)."

66
plugins/lookup/tss.py
View File

@@ -7,7 +7,7 @@ from __future__ import annotations
DOCUMENTATION = r""" DOCUMENTATION = r"""
name: tss name: tss
author: Adam Migus (@amigus) <adam@migus.org> author: Adam Migus (@amigus) <adam@migus.org>
short_description: Get secrets from Thycotic Secret Server short_description: Get secrets from Delinea Secret Server
version_added: 1.0.0 version_added: 1.0.0
description: description:
- Uses the Thycotic Secret Server Python SDK to get Secrets from Secret Server using token authentication with O(username) - Uses the Thycotic Secret Server Python SDK to get Secrets from Secret Server using token authentication with O(username)
@@ -119,14 +119,16 @@ options:
RETURN = r""" RETURN = r"""
_list: _list:
description: description:
- The JSON responses to C(GET /secrets/{id}). - The JSON responses to C(GET /secrets/{id}) and C(GET /secrets/{path}).
- See U(https://updates.thycotic.net/secretserver/restapiguide/TokenAuth/#operation--secrets--id--get). - See U(https://updates.thycotic.net/secretserver/restapiguide/TokenAuth/#operation--secrets--id--get).
type: list type: list
elements: dict elements: dict
""" """
EXAMPLES = r""" EXAMPLES = r"""
- hosts: localhost # Using Secret Server Authentication
- name: Lookup secret using Secret Server user credentials
hosts: localhost
vars: vars:
secret: >- secret: >-
{{ {{
@@ -147,7 +149,8 @@ EXAMPLES = r"""
value_name='itemValue'))['password'] value_name='itemValue'))['password']
}} }}
- hosts: localhost - name: Lookup secret with domain user
hosts: localhost
vars: vars:
secret: >- secret: >-
{{ {{
@@ -169,7 +172,8 @@ EXAMPLES = r"""
value_name='itemValue'))['password'] value_name='itemValue'))['password']
}} }}
- hosts: localhost - name: Lookup secret using Secret Server token
hosts: localhost
vars: vars:
secret_password: >- secret_password: >-
{{ {{
@@ -187,7 +191,8 @@ EXAMPLES = r"""
# Private key stores into certificate file which is attached with secret. # Private key stores into certificate file which is attached with secret.
# If fetch_attachments=True then private key file will be download on specified path # If fetch_attachments=True then private key file will be download on specified path
# and file content will display in debug message. # and file content will display in debug message.
- hosts: localhost - name: Lookup secret and fetch attachments using Secret Server token
hosts: localhost
vars: vars:
secret: >- secret: >-
{{ {{
@@ -210,7 +215,8 @@ EXAMPLES = r"""
}} }}
# If fetch_secret_ids_from_folder=true then secret IDs are in a folder is fetched based on folder ID # If fetch_secret_ids_from_folder=true then secret IDs are in a folder is fetched based on folder ID
- hosts: localhost - name: Lookup secret IDs by folder ID using Secret Server token
hosts: localhost
vars: vars:
secret: >- secret: >-
{{ {{
@@ -230,7 +236,8 @@ EXAMPLES = r"""
}} }}
# If secret ID is 0 and secret_path has value then secret is fetched by secret path # If secret ID is 0 and secret_path has value then secret is fetched by secret path
- hosts: localhost - name: Lookup secret by secret path using Secret Server user credentials
hosts: localhost
vars: vars:
secret: >- secret: >-
{{ {{
@@ -251,6 +258,45 @@ EXAMPLES = r"""
| items2dict(key_name='slug', | items2dict(key_name='slug',
value_name='itemValue'))['password'] value_name='itemValue'))['password']
}} }}
# Using Platform Authentication
- name: Lookup secret using Platform service user credentials
hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
base_url='https://platform.delinea.app/',
username='platform_service_username',
password='platform_service_user_password'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
- name: Lookup secret using platform token
hosts: localhost
vars:
secret_password: >-
{{
((lookup(
'community.general.tss',
102,
base_url='https://platform.delinea.app/',
token='delinea_platform_access_token',
) | from_json).get('items') | items2dict(key_name='slug', value_name='itemValue'))['password']
}}
tasks:
- ansible.builtin.debug:
msg: the password is {{ secret_password }}
""" """
import abc import abc
@@ -394,9 +440,7 @@ class TSSClientV1(TSSClient):
@staticmethod @staticmethod
def _get_authorizer(**server_parameters): def _get_authorizer(**server_parameters):
if server_parameters.get("token"): if server_parameters.get("token"):
return AccessTokenAuthorizer( return AccessTokenAuthorizer(server_parameters["token"], server_parameters["base_url"])
server_parameters["token"],
)
if server_parameters.get("domain"): if server_parameters.get("domain"):
return DomainPasswordGrantAuthorizer( return DomainPasswordGrantAuthorizer(