diff options
Diffstat (limited to 'lib/ansible/modules/cloud/azure/azure_rm_keyvaultkey_info.py')
-rw-r--r-- | lib/ansible/modules/cloud/azure/azure_rm_keyvaultkey_info.py | 466 |
1 files changed, 0 insertions, 466 deletions
diff --git a/lib/ansible/modules/cloud/azure/azure_rm_keyvaultkey_info.py b/lib/ansible/modules/cloud/azure/azure_rm_keyvaultkey_info.py deleted file mode 100644 index 14251e8748..0000000000 --- a/lib/ansible/modules/cloud/azure/azure_rm_keyvaultkey_info.py +++ /dev/null @@ -1,466 +0,0 @@ -#!/usr/bin/python -# -# Copyright (c) 2019 Yunge Zhu, <yungez@microsoft.com> -# -# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -ANSIBLE_METADATA = {'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community'} - - -DOCUMENTATION = ''' ---- -module: azure_rm_keyvaultkey_info -version_added: "2.9" -short_description: Get Azure Key Vault key facts -description: - - Get facts of Azure Key Vault key. - -options: - vault_uri: - description: - - Vault uri where the key stored in. - required: True - type: str - name: - description: - - Key name. If not set, will list all keys in I(vault_uri). - type: str - version: - description: - - Key version. - - Set it to C(current) to show latest version of a key. - - Set it to C(all) to list all versions of a key. - - Set it to specific version to list specific version of a key. eg. fd2682392a504455b79c90dd04a1bf46. - default: current - type: str - show_deleted_key: - description: - - Set to C(true) to show deleted keys. Set to C(false) to show not deleted keys. - type: bool - default: false - tags: - description: - - Limit results by providing a list of tags. Format tags as 'key' or 'key:value'. - type: list - -extends_documentation_fragment: - - azure - -author: - - Yunge Zhu (@yungezz) - -''' - -EXAMPLES = ''' - - name: Get latest version of specific key - azure_rm_keyvaultkey_info: - vault_uri: "https://myVault.vault.azure.net" - name: myKey - - - name: List all versions of specific key - azure_rm_keyvaultkey_info: - vault_uri: "https://myVault.vault.azure.net" - name: myKey - version: all - - - name: List specific version of specific key - azure_rm_keyvaultkey_info: - vault_uri: "https://myVault.vault.azure.net" - name: myKey - version: fd2682392a504455b79c90dd04a1bf46 - - - name: List all keys in specific key vault - azure_rm_keyvaultkey_info: - vault_uri: "https://myVault.vault.azure.net" - - - name: List deleted keys in specific key vault - azure_rm_keyvaultkey_info: - vault_uri: "https://myVault.vault.azure.net" - show_deleted_key: True -''' - -RETURN = ''' -keyvaults: - description: - - List of keys in Azure Key Vault. - returned: always - type: complex - contains: - kid: - description: - - Key identifier. - returned: always - type: str - sample: "https://myVault.vault.azure.net/keys/key1/fd2682392a504455b79c90dd04a1bf46" - permitted_operations: - description: - - Permitted operations on the key. - type: list - returned: always - sample: encrypt - type: - description: - - Key type. - type: str - returned: always - sample: RSA - version: - description: - - Key version. - type: str - returned: always - sample: fd2682392a504455b79c90dd04a1bf46 - key: - description: - - public part of a key. - contains: - n: - description: - - RSA modules. - type: str - e: - description: - - RSA public exponent. - type: str - crv: - description: - - Elliptic curve name. - type: str - x: - description: - - X component of an EC public key. - type: str - y: - description: - - Y component of an EC public key. - type: str - managed: - description: - - C(True) if the key's lifetime is managed by key vault. - type: bool - sample: True - tags: - description: - - Tags of the key. - returned: always - type: list - sample: [foo, ] - attributes: - description: - - Key attributes. - contains: - created: - description: - - Creation datetime. - returned: always - type: str - sample: "2019-04-25T07:26:49+00:00" - not_before: - description: - - Not before datetime. - type: str - sample: "2019-04-25T07:26:49+00:00" - expires: - description: - - Expiration datetime. - type: str - sample: "2019-04-25T07:26:49+00:00" - updated: - description: - - Update datetime. - returned: always - type: str - sample: "2019-04-25T07:26:49+00:00" - enabled: - description: - - Indicate whether the key is enabled. - returned: always - type: str - sample: true - recovery_level: - description: - - Reflects the deletion recovery level currently in effect for keys in the current vault. - - If it contains C(Purgeable) the key can be permanently deleted by a privileged user. - - Otherwise, only the system can purge the key, at the end of the retention interval. - returned: always - type: str - sample: Purgable -''' - - -from ansible.module_utils.azure_rm_common import AzureRMModuleBase - -try: - from azure.keyvault import KeyVaultClient, KeyVaultId, KeyVaultAuthentication, KeyId - from azure.keyvault.models import KeyAttributes, JsonWebKey - from azure.common.credentials import ServicePrincipalCredentials - from azure.keyvault.models.key_vault_error import KeyVaultErrorException - from msrestazure.azure_active_directory import MSIAuthentication -except ImportError: - # This is handled in azure_rm_common - pass - - -def keybundle_to_dict(bundle): - return dict( - tags=bundle.tags, - managed=bundle.managed, - attributes=dict( - enabled=bundle.attributes.enabled, - not_before=bundle.attributes.not_before, - expires=bundle.attributes.expires, - created=bundle.attributes.created, - updated=bundle.attributes.updated, - recovery_level=bundle.attributes.recovery_level - ), - kid=bundle.key.kid, - version=KeyVaultId.parse_key_id(bundle.key.kid).version, - type=bundle.key.kty, - permitted_operations=bundle.key.key_ops, - key=dict( - n=bundle.key.n if hasattr(bundle.key, 'n') else None, - e=bundle.key.e if hasattr(bundle.key, 'e') else None, - crv=bundle.key.crv if hasattr(bundle.key, 'crv') else None, - x=bundle.key.x if hasattr(bundle.key, 'x') else None, - y=bundle.k.y if hasattr(bundle.key, 'y') else None - ) - ) - - -def deletedkeybundle_to_dict(bundle): - keybundle = keybundle_to_dict(bundle) - keybundle['recovery_id'] = bundle.recovery_id, - keybundle['scheduled_purge_date'] = bundle.scheduled_purge_date, - keybundle['deleted_date'] = bundle.deleted_date - return keybundle - - -def keyitem_to_dict(keyitem): - return dict( - kid=keyitem.kid, - version=KeyVaultId.parse_key_id(keyitem.kid).version, - tags=keyitem.tags, - manged=keyitem.managed, - attributes=dict( - enabled=keyitem.attributes.enabled, - not_before=keyitem.attributes.not_before, - expires=keyitem.attributes.expires, - created=keyitem.attributes.created, - updated=keyitem.attributes.updated, - recovery_level=keyitem.attributes.recovery_level - ) - ) - - -def deletedkeyitem_to_dict(keyitem): - item = keyitem_to_dict(keyitem) - item['recovery_id'] = keyitem.recovery_id, - item['scheduled_purge_date'] = keyitem.scheduled_purge_date, - item['deleted_date'] = keyitem.deleted_date - return item - - -class AzureRMKeyVaultKeyInfo(AzureRMModuleBase): - - def __init__(self): - self.module_arg_spec = dict( - version=dict(type='str', default='current'), - name=dict(type='str'), - vault_uri=dict(type='str', required=True), - show_deleted_key=dict(type='bool', default=False), - tags=dict(type='list') - ) - - self.vault_uri = None - self.name = None - self.version = None - self.show_deleted_key = False - self.tags = None - - self.results = dict(changed=False) - self._client = None - - super(AzureRMKeyVaultKeyInfo, self).__init__(derived_arg_spec=self.module_arg_spec, - supports_check_mode=False, - supports_tags=False) - - def exec_module(self, **kwargs): - """Main module execution method""" - - for key in list(self.module_arg_spec.keys()): - if hasattr(self, key): - setattr(self, key, kwargs[key]) - - self._client = self.get_keyvault_client() - - if self.name: - if self.show_deleted_key: - self.results['keys'] = self.get_deleted_key() - else: - if self.version == 'all': - self.results['keys'] = self.get_key_versions() - else: - self.results['keys'] = self.get_key() - else: - if self.show_deleted_key: - self.results['keys'] = self.list_deleted_keys() - else: - self.results['keys'] = self.list_keys() - - return self.results - - def get_keyvault_client(self): - try: - self.log("Get KeyVaultClient from MSI") - credentials = MSIAuthentication(resource='https://vault.azure.net') - return KeyVaultClient(credentials) - except Exception: - self.log("Get KeyVaultClient from service principal") - - # Create KeyVault Client using KeyVault auth class and auth_callback - def auth_callback(server, resource, scope): - if self.credentials['client_id'] is None or self.credentials['secret'] is None: - self.fail('Please specify client_id, secret and tenant to access azure Key Vault.') - - tenant = self.credentials.get('tenant') - if not self.credentials['tenant']: - tenant = "common" - - authcredential = ServicePrincipalCredentials( - client_id=self.credentials['client_id'], - secret=self.credentials['secret'], - tenant=tenant, - cloud_environment=self._cloud_environment, - resource="https://vault.azure.net") - - token = authcredential.token - return token['token_type'], token['access_token'] - - return KeyVaultClient(KeyVaultAuthentication(auth_callback)) - - def get_key(self): - ''' - Gets the properties of the specified key in key vault. - - :return: deserialized key state dictionary - ''' - self.log("Get the key {0}".format(self.name)) - - results = [] - try: - if self.version == 'current': - response = self._client.get_key(vault_base_url=self.vault_uri, - key_name=self.name, - key_version='') - else: - response = self._client.get_key(vault_base_url=self.vault_uri, - key_name=self.name, - key_version=self.version) - - if response and self.has_tags(response.tags, self.tags): - self.log("Response : {0}".format(response)) - results.append(keybundle_to_dict(response)) - - except KeyVaultErrorException as e: - self.log("Did not find the key vault key {0}: {1}".format(self.name, str(e))) - return results - - def get_key_versions(self): - ''' - Lists keys versions. - - :return: deserialized versions of key, includes key identifier, attributes and tags - ''' - self.log("Get the key versions {0}".format(self.name)) - - results = [] - try: - response = self._client.get_key_versions(vault_base_url=self.vault_uri, - key_name=self.name) - self.log("Response : {0}".format(response)) - - if response: - for item in response: - if self.has_tags(item.tags, self.tags): - results.append(keyitem_to_dict(item)) - except KeyVaultErrorException as e: - self.log("Did not find key versions {0} : {1}.".format(self.name, str(e))) - return results - - def list_keys(self): - ''' - Lists keys in specific key vault. - - :return: deserialized keys, includes key identifier, attributes and tags. - ''' - self.log("Get the key vaults in current subscription") - - results = [] - try: - response = self._client.get_keys(vault_base_url=self.vault_uri) - self.log("Response : {0}".format(response)) - - if response: - for item in response: - if self.has_tags(item.tags, self.tags): - results.append(keyitem_to_dict(item)) - except KeyVaultErrorException as e: - self.log("Did not find key vault in current subscription {0}.".format(str(e))) - return results - - def get_deleted_key(self): - ''' - Gets the properties of the specified deleted key in key vault. - - :return: deserialized key state dictionary - ''' - self.log("Get the key {0}".format(self.name)) - - results = [] - try: - response = self._client.get_deleted_key(vault_base_url=self.vault_uri, - key_name=self.name) - - if response and self.has_tags(response.tags, self.tags): - self.log("Response : {0}".format(response)) - results.append(deletedkeybundle_to_dict(response)) - - except KeyVaultErrorException as e: - self.log("Did not find the key vault key {0}: {1}".format(self.name, str(e))) - return results - - def list_deleted_keys(self): - ''' - Lists deleted keys in specific key vault. - - :return: deserialized keys, includes key identifier, attributes and tags. - ''' - self.log("Get the key vaults in current subscription") - - results = [] - try: - response = self._client.get_deleted_keys(vault_base_url=self.vault_uri) - self.log("Response : {0}".format(response)) - - if response: - for item in response: - if self.has_tags(item.tags, self.tags): - results.append(deletedkeyitem_to_dict(item)) - except KeyVaultErrorException as e: - self.log("Did not find key vault in current subscription {0}.".format(str(e))) - return results - - -def main(): - """Main execution""" - AzureRMKeyVaultKeyInfo() - - -if __name__ == '__main__': - main() |