in deploy/ansible/lookup_plugins/azure_keyvault_secret.py [0:0]
def lookup_secret_non_msi(terms, vault_url, kwargs):
import logging
logging.getLogger('msrestazure.azure_active_directory').addHandler(logging.NullHandler())
logging.getLogger('msrest.service_client').addHandler(logging.NullHandler())
try:
from azure.common.credentials import ServicePrincipalCredentials
from azure.keyvault import KeyVaultClient
from msrest.exceptions import AuthenticationError, ClientRequestError
from azure.keyvault.models.key_vault_error import KeyVaultErrorException
except ImportError:
raise AnsibleError('The azure_keyvault_secret lookup plugin requires azure.keyvault and azure.common.credentials to be installed.')
client_id = kwargs.pop('client_id', None)
secret = kwargs.pop('secret', None)
tenant_id = kwargs.pop('tenant_id', None)
try:
credentials = ServicePrincipalCredentials(
client_id=client_id,
secret=secret,
tenant=tenant_id
)
client = KeyVaultClient(credentials)
except AuthenticationError:
raise AnsibleError('Invalid credentials provided.')
ret = []
for term in terms:
try:
secret_val = client.get_secret(vault_url, term, '').value
ret.append(secret_val)
except ClientRequestError:
raise AnsibleError('Error occurred in request')
except KeyVaultErrorException:
raise AnsibleError('Failed to fetch secret ' + term + '.')
return ret