Closed brsolomon-deloitte closed 1 year ago
Files identified in the description:
lib/ansible/plugins/lookup
](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/lib/ansible/plugins/lookup)plugins/modules/secretsmanager_secret.py
](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/plugins/modules/secretsmanager_secret.py)If these files are inaccurate, please update the component name
section of the description or use the !component
bot command.
cc @jillr @markuman @rrey @s-hertel @tremble click here for bot help
Summary
The
community.aws.secretsmanager_secret
module currently offers no option to not overwrite a Secret if it exists with the same name but a different value. This forces the user to first try to check if the Secret exists and then skip the task if it does. It will simply callsecrets_mgr.update_secret(secret)
and overwrite the existing one. If the intended Secret value itself is, for example, a random password, the option to only lookup that the Secret exists (but not that its values match) would be a nice feature.Relevant code: https://github.com/ansible-collections/community.aws/blob/99978ef51ce1372d2f36b501b084b2bf54381073/plugins/modules/secretsmanager_secret.py#L479
Issue Type
Feature Idea
Component Name
secretsmanager_secret
Additional Information
Code of Conduct