New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add plugins to list objects in Vault #343
Conversation
Docs Build 📝Thank you for contribution!✨ This PR has been merged and the docs are now incorporated into |
Codecov Report
@@ Coverage Diff @@
## main #343 +/- ##
==========================================
+ Coverage 98.75% 98.82% +0.06%
==========================================
Files 76 80 +4
Lines 3862 4086 +224
Branches 250 258 +8
==========================================
+ Hits 3814 4038 +224
Misses 39 39
Partials 9 9
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tomkivlin this a fantastic first contribution, thank you!
There's some inline comments that are mostly small things.
The vault action group in meta/runtime.yml
also needs the module added there:
https://github.com/ansible-collections/community.hashi_vault/blob/main/meta/runtime.yml#L4
The only other thing that I think would be nice is a couple of extra examples for using the lookup in a way where you loop over the actual thing being listed. Since this is the "generic" list lookup, you are (correctly!) returning the raw result, which is always a dictionary, but somewhere inside the dictionary (possibly nested) is a list.
So for example, an example showing how to loop over a list of policies might show a loop like this:
loop: "{{ query('community.hashi_vault.vault_list', 'sys/policies/acl').keys }}"
and an example for kv2 might look like this:
loop: "{{ query('community.hashi_vault.vault_list', 'secret/metadata/path').data.keys }}"
(EDIT I just realized fixing the above path that the examples should also have their "secret" listing paths updates to include metadata
and some path)
These types of examples that show how to do specific things tend to be highly used, and in fact sometimes people try to do these operations, get failures, and open issues about it, even if they only needed to tweak their path, or massage the output data.
One last thing just in case you haven't seen it before. Several of my comments have suggested edits, which you can commit from the comment. If you click that on each comment separately, they will all be separate tiny commits that make the CI take forever.
If you view the comments on the "Files" tab instead, you'll see an option to "Add suggestion to batch" and then you click wait until you've added all the suggestions you want to keep, and commit them at once.
You can also make any changes including changes to things I suggested, locally on your branch instead.
Thanks again! Really looking forward to adding these to the collection.
tests/integration/targets/lookup_vault_list/tasks/lookup_vault_list_test.yml
Outdated
Show resolved
Hide resolved
tests/integration/targets/lookup_vault_list/tasks/lookup_vault_list_test.yml
Outdated
Show resolved
Hide resolved
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Thanks - great idea! However, I have come across some unexpected (to me) behaviour, possibly because 'keys' is a built-in method - hope my alternatives make sense. (In tomkivlin@cd583f9). |
@briantist thanks for your comprehensive feedback on this, really helpful. I've added some updates, hopefully that covers it all? |
ah! yes that makes sense, I might tweak it further with jinja in a way that will work even with multiple terms, I'll give it a closer look
Pretty much yeah, I see a little bit I'd like to update in the fixture tests, and we're missing a tiny bit of coverage that I want to fill. I aim for 100% coverage on everything new, and we're missing just one line I think (a 404/missing path response). I have some time today so I'm going to pull this down and see if I button up these last little things, and then give it another over. I'll push something up soon. |
hey @tomkivlin ,
EDIT: please disregard, I didn't realize you opened the PR from |
@tomkivlin would you take a look at the commits I've pushed up and see if everything looks ok to you? Let me know if there are any questions or things I missed. There's some weirdness zuul right now (ansible third party check), but that's because of anything in this PR as far as I can tell. |
tests/integration/targets/lookup_vault_list/tasks/lookup_vault_list_test.yml
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks! a few very small things, otherwise it's really just the merge resolution commit that I'm confused about
I really appreciate the extra tests and attention to detail on the scenarios!
tests/integration/targets/lookup_vault_list/tasks/lookup_vault_list_test.yml
Outdated
Show resolved
Hide resolved
tests/integration/targets/module_vault_list/tasks/module_vault_list_test.yml
Outdated
Show resolved
Hide resolved
tests/integration/targets/module_vault_list/tasks/module_vault_list_test.yml
Outdated
Show resolved
Hide resolved
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Thanks very much @tomkivlin ! Great work, I hope you'll stick and around consider contributing more in the future :) I'll look to get version |
Me too, thanks for your support 👍 |
* read -> list * lookup and module for vault_list - initial tests * unit tests for list lookup/module * copyright - not sure if done correctly * add new plugins to codecov.yml * update documentation block for both plugins * Apply suggestions from @briantist code review Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com> * add vault_list to meta/runtime.yml * add extra examples as per suggestion * new fixtures for unit tests * dedup unit test for fixtures * update module units with new fixtures * more list lookup examples and formatting * update secret path in list module examples * fix policies to test inexistant path response * fix inexistant path integration tests * missed variable substitution * update paths and add comments explaining * correct the path for lookup plugin * Update tests/integration/targets/setup_vault_configure/vars/main.yml * add further tests and comments * Apply suggestions from code review Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com> Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
SUMMARY
Two plugins: one lookup, one module to list objects from a given path.
e.g.
Fixes #295
ISSUE TYPE
COMPONENT NAME
vault_list (lookup and module)