Merge pull request #13721 from sscheib-rh/feat-add_secret_field_dsv_l…

…ookup Add missing filtering mechanism for the Thycotic Devops Vault credential lookup
ansible · Apr 13, 2023 · 12a4c30 · 12a4c30
2 parents 8a1cdf8 + 2f68317
commit 12a4c30
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/awx/main/credential_plugins/dsv.py b/awx/main/credential_plugins/dsv.py
@@ -35,8 +35,14 @@
             'type': 'string',
             'help_text': _('The secret path e.g. /test/secret1'),
         },
+        {
+            'id': 'secret_field',
+            'label': _('Secret Field'),
+            'help_text': _('The field to extract from the secret'),
+            'type': 'string',
+        },
     ],
-    'required': ['tenant', 'client_id', 'client_secret', 'path'],
+    'required': ['tenant', 'client_id', 'client_secret', 'path', 'secret_field'],
 }
 
 if settings.DEBUG:
@@ -52,5 +58,5 @@
 dsv_plugin = CredentialPlugin(
     'Thycotic DevOps Secrets Vault',
     dsv_inputs,
-    lambda **kwargs: SecretsVault(**{k: v for (k, v) in kwargs.items() if k in [field['id'] for field in dsv_inputs['fields']]}).get_secret(kwargs['path']),
+    lambda **kwargs: SecretsVault(**{k: v for (k, v) in kwargs.items() if k in [field['id'] for field in dsv_inputs['fields']]}).get_secret(kwargs['path'])['data'][kwargs['secret_field']],  # fmt: skip
 )