feat: add rbw plugin for secret management

2025-05-28 16:21:12 -04:00 · 2025-05-28 16:21:12 -04:00 · 033d3d6371
commit 033d3d6371
parent 205cf36feb
4 changed files with 60 additions and 6 deletions
--- a/lookup_plugins/rbw.py
+++ b/lookup_plugins/rbw.py
@ -0,0 +1,50 @@
+# python 3 headers, required if submitting to Ansible
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+import json
+import subprocess
+
+from ansible.errors import AnsibleError, AnsibleParserError
+from ansible.plugins.lookup import LookupBase
+from ansible.utils.display import Display
+from jinja2 import Environment
+
+DOCUMENTATION = r"""
+  name: rbw
+  short_description: get secrets using rbw
+  options:
+    _terms:
+      description: Name of the secret to get
+      required: True
+"""
+
+display = Display()
+
+
+def rbw(name: str):
+    sub = subprocess.run(["rbw", "get", name, "--raw"], capture_output=True)
+
+    secret = json.loads(sub.stdout)
+
+    display.debug(f'Obtaining data for "{secret["name"]}"')
+
+    return secret
+
+
+class LookupModule(LookupBase):
+    def run(self, terms, variables=None, **kwargs):
+        # First of all populate options,
+        # this will already take into account env vars and ini config
+        self.set_options(var_options=variables, direct=kwargs)
+
+        # lookups in general are expected to both take a list as input and output a list
+        # this is done so they work with the looping construct 'with_'.
+        ret = []
+        for term in terms:
+            secret = rbw(term)
+
+            ret.append(secret)
+
+        return ret