??????????????
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 173
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 174
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 175
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 176
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 177
Warning: Cannot modify header information - headers already sent by (output started at /home/mybf1/public_html/mentol.bf1.my/SS1.php:4) in /home/mybf1/public_html/mentol.bf1.my/SS1.php on line 178
�ó
àUdac������������@`��sþ���d��d��l��m��Z��m��Z��m��Z���e��Z��d��Z��d��Z��d��Z��d��d��l �Z �d��d��l
�m��Z���d��d��l��m
�Z
��d��d��l��m��Z���e��Z��y��d��d��l��Z��e��Z��Wn���e��k
�r¥����e��Z��n��Xd �Z��e �j��d
�ƒ��d��k �rÑ�e �j��d
��Z��n��d��d��d��„��ƒ��YZ��d
�e��f��d��„��ƒ��YZ��d��S(����i����(����t����absolute_importt����divisiont����print_functions����
lookup: hashi_vault
author: Jonathan Davila
version_added: "2.0"
short_description: retrieve secrets from HashiCorp's vault
requirements:
- hvac (python library)
description:
- retrieve secrets from HashiCorp's vault
notes:
- Due to a current limitation in the HVAC library there won't necessarily be an error if a bad endpoint is specified.
options:
secret:
description: query you are making.
required: True
token:
description: vault token.
env:
- name: VAULT_TOKEN
url:
description: URL to vault service.
env:
- name: VAULT_ADDR
default: 'http://127.0.0.1:8200'
username:
description: Authentication user name.
password:
description: Authentication password.
role_id:
description: Role id for a vault AppRole auth.
env:
- name: VAULT_ROLE_ID
secret_id:
description: Secret id for a vault AppRole auth.
env:
- name: VAULT_SECRET_ID
auth_method:
description:
- Authentication method to be used.
- C(userpass) is added in version 2.8.
env:
- name: VAULT_AUTH_METHOD
choices:
- userpass
- ldap
- approle
mount_point:
description: vault mount point, only required if you have a custom mount point.
default: ldap
ca_cert:
description: path to certificate to use for authentication.
aliases: [ cacert ]
validate_certs:
description: controls verification and validation of SSL certificates, mostly you only want to turn off with self signed ones.
type: boolean
default: True
namespace:
version_added: "2.8"
description: namespace where secrets reside. requires HVAC 0.7.0+ and Vault 0.11+.
sA���
- debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/hello:value token=c975b780-d1be-8016-866b-01d0f9b688a5 url=http://myvault:8200')}}"
- name: Return all secrets from a path
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/hello token=c975b780-d1be-8016-866b-01d0f9b688a5 url=http://myvault:8200')}}"
- name: Vault that requires authentication via LDAP
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/hello:value auth_method=ldap mount_point=ldap username=myuser password=mypas url=http://myvault:8200')}}"
- name: Vault that requires authentication via username and password
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/hello:value auth_method=userpass username=myuser password=mypas url=http://myvault:8200')}}"
- name: Using an ssl vault
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/hola:value token=c975b780-d1be-8016-866b-01d0f9b688a5 url=https://myvault:8200 validate_certs=False')}}"
- name: using certificate auth
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/hi:value token=xxxx-xxx-xxx url=https://myvault:8200 validate_certs=True cacert=/cacert/path/ca.pem')}}"
- name: authenticate with a Vault app role
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/hello:value auth_method=approle role_id=myroleid secret_id=mysecretid url=http://myvault:8200')}}"
- name: Return all secrets from a path in a namespace
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/hello token=c975b780-d1be-8016-866b-01d0f9b688a5 url=http://myvault:8200 namespace=teama/admins')}}"
# to work with kv v2 (vault api - for kv v2 - GET method requires that PATH should be "secret/data/:path")
- name: Return all kv v2 secrets from a path
debug:
msg: "{{ lookup('hashi_vault', 'secret=secret/data/hello token=my_vault_token url=http://myvault_url:8200') }}"
s1���
_raw:
description:
- secrets(s) requested
N(����t����AnsibleError(����t����boolean(����t
���LookupBases����http://127.0.0.1:8200t
���VAULT_ADDRt
���HashiVaultc������������B`��sG���e��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��d��„��Z��RS(����c������������K`��sH���|��j��d��t��ƒ��|��_��|��j��d��d��ƒ��|��_��d��d��d��g��|��_��|��j��d��ƒ��}��|��d��k��rf�t��d��ƒ��‚��n��|��j��d��d �ƒ��}��|��d
��|��_��t �|��ƒ��d��k��r§�|��d ��|��_
�n �d��|��_
�|��j��|��j��d
�t��ƒ��|��j��d��d��ƒ��ƒ��|��_
�|��j��d��t��j��j��d��ƒ��ƒ��|��_��|��j��|��j��d
�t��ƒ��|��j��d��d��ƒ��ƒ��|��_
�|��j��rñ�|��j��d��k��rñ�y{�|��j��d��k �r‚�t��j��d��|��j��d��|��j
�d��|��j��ƒ��|��_��n!�t��j��d��|��j��d��|��j
�ƒ��|��_��t��|��d��|��j���ƒ��|�����Wq&��t��k
�rí����t��d��|��j��|��j��f���ƒ��‚��q&�Xn5�|��j��d��t��j��j��d��d��ƒ��ƒ��|��_��|��j��d��k��r™�t��j��j��d��ƒ��r™�t��j��j��t��j��j��d��ƒ��d��ƒ��}��t��j��j��|��ƒ��r™�t��|��ƒ����}��|��j��ƒ��j��ƒ��|��_��Wd��QXq™�n��|��j��d��k��r·�t��d��ƒ��‚��n��|��j��d��k �rü�t��j��d��|��j��d��|��j��d��|��j
�d��|��j��ƒ��|��_��n*�t��j��d��|��j��d��|��j��d��|��j
�ƒ��|��_��|��j��j��ƒ��sD�t��d��ƒ��‚��n��d��S(����Nt����urlt ���namespacet����approlet����userpasst����ldapt����secrets*���No secret specified for hashi_vault lookupt����:i����i����i����t����t����validate_certst����cacertt����auth_methodt����VAULT_AUTH_METHODt����tokent����verifyt����auth_sB���Authentication method '%s' not supported. Available options are %rt����VAULT_TOKENt����HOMEs����.vault-tokens����No Vault Token specifieds>���Invalid Hashicorp Vault Token Specified for hashi_vault lookup(����t����gett����ANSIBLE_HASHI_VAULT_ADDRR����t����NoneR ���t����avail_auth_methodR����t����rsplitR
���t����lent����secret_fieldt����boolean_or_cacertt����TrueR����t����ost����environR����t����hvact����Clientt����clientt����getattrt����AttributeErrorR����t����patht����joint����existst����opent����readt����stript����is_authenticated(����t����selft����kwargst����st����s_ft����token_filenamet
���token_file(����(����sF���/usr/lib/python2.7/site-packages/ansible/plugins/lookup/hashi_vault.pyt����__init__ˆ���sL�������������������
����� �-�!�-�������-�!���
�����$�!� ��� �����!�������6�*���c������������C`��s���|��j��j��|��j��ƒ��}��|��d��k��r7�t��d��|��j���ƒ��‚��n��|��j��d��k��rN�|��d���S|��j��|��d���k��r€�t��d��|��j��|��j��f���ƒ��‚��n��|��d���|��j���S(����Ns:���The secret %s doesn't seem to exist for hashi_vault lookupR����t����datasE���The secret %s does not contain the field '%s'. for hashi_vault lookup(����R&���R-���R
���R����R����R����(����R0���R7���(����(����sF���/usr/lib/python2.7/site-packages/ansible/plugins/lookup/hashi_vault.pyR����Å���s��������������������c������������K`��s~���|��j��d��ƒ��}��|��d��k��r1�t��d��|��j���ƒ��‚��n��|��j��d��ƒ��}��|��d��k��rb�t��d��|��j���ƒ��‚��n��|��j��d��ƒ��}��|��|��|��f��S(����Nt����usernames,���Authentication method %s requires a usernamet����passwords,���Authentication method %s requires a passwordt����mount_point(����R����R����R����R����(����R0���R1���R8���R9���R:���(����(����sF���/usr/lib/python2.7/site-packages/ansible/plugins/lookup/hashi_vault.pyt����check_paramsÓ���s��������������������c������������K`��sJ���|��j��|����\��}��}��}��|��d��k��r-�d��}��n��|��j��j��|��|��d��|��ƒ���d��S(����NR����R:���(����R;���R����R&���t
���auth_userpass(����R0���R1���R8���R9���R:���(����(����sF���/usr/lib/python2.7/site-packages/ansible/plugins/lookup/hashi_vault.pyR<���à���s���������� �c������������K`��sJ���|��j��|����\��}��}��}��|��d��k��r-�d��}��n��|��j��j��|��|��d��|��ƒ���d��S(����NR����R:���(����R;���R����R&���t ���auth_ldap(����R0���R1���R8���R9���R:���(����(����sF���/usr/lib/python2.7/site-packages/ansible/plugins/lookup/hashi_vault.pyR=���ç���s���������� �c������������C`��s=���t��|��d��t��ƒ��}��|��t��k��r5�|��d��k��r.�|��St��Sn��t��Sd��S(����Nt����strictR����(����R����t����FalseR!���(����R0���R����R����(����(����sF���/usr/lib/python2.7/site-packages/ansible/plugins/lookup/hashi_vault.pyR ���î���s����������������c������������K`��s���|��j��d��t��j��j��d��d��ƒ��ƒ��}��|��d��k��r<�t��d��ƒ��‚��n��|��j��d��t��j��j��d��d��ƒ��ƒ��}��|��d��k��rx�t��d��ƒ��‚��n��|��j��j��|��|��ƒ���d��S(����Nt����role_idt
���VAULT_ROLE_IDs1���Authentication method app role requires a role_idt ���secret_idt����VAULT_SECRET_IDs3���Authentication method app role requires a secret_id(����R����R"���R#���R����R����R&���t����auth_approle(����R0���R1���R@���RB���(����(����sF���/usr/lib/python2.7/site-packages/ansible/plugins/lookup/hashi_vault.pyRD���ù���s������!�����!�����( ���t����__name__t
���__module__R6���R����R;���R<���R=���R ���RD���(����(����(����sF���/usr/lib/python2.7/site-packages/ansible/plugins/lookup/hashi_vault.pyR����‡���s������ = �
� � �t����LookupModulec������������B`��s����e��Z��d��d��„��Z��RS(����c������������K`��s ���t��s��t��d��ƒ��‚��n��|��d���j��ƒ��}��i��}��g��}��xX�|��D]P�}��y��|��j��d��d��ƒ��\��}��} �Wn!��t��k
�r}����t��d��|���ƒ��‚��n��X| �|��|������s&������=�(������������������
�
�
��������~