Add username and password to handle_auth and updated exception message

Add LDAP info to the base inputs Update awx/main/credential_plugins/hashivault.py Co-authored-by: Rick Elrod <[email protected]> Add LDAP auth method Separate username and password into two different fields Change LDAP username secret to false Add awx_host to vars Fixing spacing issue Revised naming of lDAP username and password
djyasin · Jan 4, 2024 · 2c8c491 · 2c8c491
1 parent b831dbd
commit 2c8c491
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/awx/main/credential_plugins/hashivault.py b/awx/main/credential_plugins/hashivault.py
@@ -59,6 +59,20 @@
                 ' see https://www.vaultproject.io/docs/auth/kubernetes#configuration'
             ),
         },
+        {
+            'id': 'username',
+            'label': _('Username'),
+            'type': 'string',
+            'secret': False,
+            'help_text': _('Username for authentication.'),
+        },
+        {
+            'id': 'password',
+            'label': _('Password'),
+            'type': 'string',
+            'secret': True,
+            'help_text': _('Password for user authentication.'),
+        },
         {
             'id': 'default_auth_path',
             'label': _('Path to Auth'),
@@ -157,19 +171,24 @@
 
 def handle_auth(**kwargs):
     token = None
-
     if kwargs.get('token'):
         token = kwargs['token']
     elif kwargs.get('role_id') and kwargs.get('secret_id'):
         token = method_auth(**kwargs, auth_param=approle_auth(**kwargs))
     elif kwargs.get('kubernetes_role'):
         token = method_auth(**kwargs, auth_param=kubernetes_auth(**kwargs))
+    elif kwargs.get('username') and kwargs.get('password'):
+        token = method_auth(**kwargs, auth_param=ldap_auth(**kwargs))
     else:
-        raise Exception('Either token or AppRole/Kubernetes authentication parameters must be set')
+        raise Exception('Token, LDAP, AppRole, Kubernetes, or TLS authentication parameters must be set')
 
     return token
 
 
+def ldap_auth(**kwargs):
+    return {'username': kwargs['username'], 'password': kwargs['password']}
+
+
 def approle_auth(**kwargs):
     return {'role_id': kwargs['role_id'], 'secret_id': kwargs['secret_id']}
 

diff --git a/tools/docker-compose/ansible/plumb_vault.yml b/tools/docker-compose/ansible/plumb_vault.yml
@@ -2,6 +2,8 @@
 - name: Plumb AWX for Vault
   hosts: localhost
   gather_facts: False
+  vars:
+    awx_host: "https://127.0.0.1:8043"
   tasks:
     - include_role:
         name: vault