I imagine this will be the most pressing question on everybody's mind, so let me document it here.
Basically, you follow what I did in this commit.
That means:
- Create a secret of the specific type through the Web UI of the secret server
- Get your Secret via the REST API with
curl --location '$BASE_URL/api/v2/secrets/$SECRET_ID' --header 'Content-Type: application/json' --header 'Authorization: Bearer $TOKEN' - Expand the
type_mappingdict of theget_secret_bodymethod with the info you just got from the API. Implement every field except for file upload types. When it comes time to name the type, use the same name as outlined in thetype_mappingdict oflookup_single_secret. - Expand the method signatures to include the fields you just added
- Update the documentation (both on top of
library/secretserver.pyand inREADME.md) - Add a nice example in
README.md - Test your code
- Done
Ansible makes it really hard to get good insight into a module.
There are two ways i found to debug:
You can use print within your code and then before the module.exit_json call you just exit(1).
This will cause Ansible to think your module encountered an error and dump all the stout to your console.
Much of the formatting will be lost, so you'll have to dig a bit to fid the line you were looking for.
You can set the debug environment variable
export ANSIBLE_DEBUG=TrueThis will then print all kind of debug info to your screen.
In this mode, you can simply use print within your python code to have it show up during the run.
I heavily encourage turning debug mode back off in production, because passwords will be printed to your screen, even if they are specified as no-log.