ansible-collections
Add Secret Manager Lookup plugins
SUMMARY
I need to get the secret content and the resource id from GCP Secret Manager. Lookup plugins are used because this format allows embedding Secret Manager queries in templates and files with variables (external configuration contour).
ISSUE TYPE
- New Module Pull Request
COMPONENT NAME
- gcp_secret_access
- gcp_secret_resource_id
ADDITIONAL INFORMATION
Examples:
- ansible.builtin.debug:
msg: "{{ lookup('google.cloud.gcp_secret_access', secret='hola', project='test_project') }}"
- ansible.builtin.debug:
msg: "{{ lookup('google.cloud.gcp_secret_access', 'hola', project='test_project') }}"
- name: using resource id instead of secret name
ansible.builtin.debug:
msg: "{{ lookup('google.cloud.gcp_secret_access', 'projects/112233445566/secrets/hola/versions/1') }}"
- name: using service account file
ansible.builtin.debug:
msg: "{{ lookup('google.cloud.gcp_secret_access', 'hola', project='test_project', service_account_file='/path/to/keyfile.json') }}"
- ansible.builtin.debug:
msg: "{{ lookup('google.cloud.gcp_secret_resource_id', secret='hola', project='test_project') }}"
# Return 'projects/112233445566/secrets/hola/versions/1'
Yes, it looks like this repo doesn't have a maintainer. Here is an example of how a critical one-character hotfix is still open #268
it doesnt look like PRs for this repo get merged
not sure why the readme for this repo doesn't say that this repository is only the generated output of https://github.com/GoogleCloudPlatform/magic-modules
it doesnt look like PRs for this repo get merged
not sure why the readme for this repo doesn't say that this repository is only the generated output of https://github.com/GoogleCloudPlatform/magic-modules
Yes, but if you try to raise Ansible specific stuff (non generated like this) there they tell you to raise it here instead :shrug:
if you try to raise Ansible specific stuff (non generated like this) there they tell you to raise it here instead
Right, as in GoogleCloudPlatform/magic-modules#3933, apparently we're to use this repo for bugs, but submit PRs to the upstream repo. Yet most have no idea about magic-modules and waste time looking for bugs in the Python here, and/or submitting PRs that will never be looked at.
Even worse, look here: hashicorp/terraform-provider-google#9588 via GoogleCloudPlatform/magic-modules#5069, to wit:
mmv1 has not been supporting ansible/inspec for some time - i.e. we would not do work to add support for new resources, update resources due to API changes, or fix bugs in those codebases.
So basically @levonet was right that this collection is basically abandonware and we're supposed to use Terraform for provisioning and/or GCP-native automation.
It's not very nice to not even notify people about this and have them waste their time filing bugs/PRs and looking through auto-generated python code which isn't even updated anymore. I guess they don't care because it's a small number of users. The situation has been like this for multiple years with this collection... wonder if Ansible core team even knows about the defunct status. There's an interesting clue here:
Note: this has paused for now, based on internal dicussions
not sure what to make of that
is this a dup of https://github.com/ansible-collections/google.cloud/pull/578?
