-
Notifications
You must be signed in to change notification settings - Fork 336
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
lookup/secretsmanager_secret - fix issue with missing nested secret a…
…nd on_missing=warn (#1972) (#1975) [PR #1972/08e7d700 backport][stable-7] lookup/secretsmanager_secret - fix issue with missing nested secret and on_missing=warn This is a backport of PR #1972 as merged into main (08e7d70). SUMMARY Fixes #1781 The lookup was raising an error instead of a warning message ISSUE TYPE Bugfix Pull Request COMPONENT NAME lookup/secretsmanager_secret Reviewed-by: Alina Buzachis Reviewed-by: Mark Chappell
- Loading branch information
1 parent
b9d09e0
commit eabda39
Showing
6 changed files
with
432 additions
and
6 deletions.
There are no files selected for viewing
3 changes: 3 additions & 0 deletions
3
...secretsmanager_secret-fix-issue-when-nested-is-missing-and-on_missing-is-set-to-warn.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
bugfixes: | ||
- lookup/secretsmanager_secret - fix the issue when the nested secret is missing and on_missing is set to warn, the lookup was raising an error instead of a warning message (https://github.com/ansible-collections/amazon.aws/issues/1781). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
tests/integration/targets/lookup_secretsmanager_secret/defaults/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
--- | ||
json_secret: '{"resource_prefix": "{{ resource_prefix }}"}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
59 changes: 59 additions & 0 deletions
59
tests/integration/targets/lookup_secretsmanager_secret/tasks/nested.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
--- | ||
- vars: | ||
json_secret_name: "ansible-test-{{ tiny_prefix }}-secret-json" | ||
json_secret_value: "{{ json_secret | to_json }}" | ||
block: | ||
- name: create secret "{{ json_secret_name }}" | ||
community.aws.secretsmanager_secret: | ||
name: "{{ json_secret_name }}" | ||
secret: "{{ json_secret_value }}" | ||
state: present | ||
|
||
- name: Validate nested secret value | ||
assert: | ||
that: | ||
- lookup('amazon.aws.secretsmanager_secret', json_secret_name + '.resource_prefix', nested=True, **connection_args) == resource_prefix | ||
|
||
- name: Read missing secret variable using 'on_missing==error' | ||
set_fact: | ||
missing_err_secret: "{{ lookup('amazon.aws.secretsmanager_secret', json_secret_name + '.missing_err_secret', nested=True, on_missing='error', **connection_args) }}" | ||
register: on_missing_error | ||
ignore_errors: true | ||
|
||
- name: Ensure the lookup raised an error | ||
assert: | ||
that: | ||
- on_missing_error is failed | ||
- on_missing_error.msg == "Successfully retrieved secret but there exists no key missing_err_secret in the secret" | ||
- missing_err_secret is undefined | ||
|
||
- name: Read missing secret variable using 'on_missing==error' | ||
set_fact: | ||
resource_prefix_child: "{{ lookup('amazon.aws.secretsmanager_secret', json_secret_name + '.resource_prefix.child', nested=True, on_missing='error', **connection_args) }}" | ||
register: nested_child | ||
ignore_errors: true | ||
|
||
- name: Ensure the lookup raised an error | ||
assert: | ||
that: | ||
- nested_child is failed | ||
- nested_child.msg == "Successfully retrieved secret but there exists no key resource_prefix.child in the secret" | ||
- resource_prefix_child is undefined | ||
|
||
- name: Read missing secret variable using 'on_missing==warn' | ||
set_fact: | ||
missing_wrn_secret: "{{ lookup('amazon.aws.secretsmanager_secret', json_secret_name + '.missing_wrn_secret', nested=True, on_missing='warn', **connection_args) }}" | ||
|
||
- name: Ensure that the variable has not been defined | ||
assert: | ||
that: | ||
- missing_wrn_secret == [] | ||
|
||
always: | ||
# delete secret created | ||
- name: Delete secret '{{ json_secret_name }}' | ||
community.aws.secretsmanager_secret: | ||
name: "{{ json_secret_name }}" | ||
state: absent | ||
recovery_window: 0 | ||
ignore_errors: true |
Oops, something went wrong.