search

ansible-collections / community.hashi_vault

Ansible collection for managing and working with HashiCorp Vault.
https://docs.ansible.com/ansible/devel/collections/community/hashi_vault/index.html
GNU General Public License v3.0
84 stars 62 forks source link

✨ Feature Request: Dedicated module for managing policies #332

Open nwerker opened 2 years ago

nwerker commented 2 years ago
SUMMARY

Although I am sure it could be archived with the vault_write module, maybe it would be beneficial to have a dedicated vault policies module. This, in tandem with the existing PKI certificate module, would be perfect to streamline the management of vault client certificates for client authentication against vault.

ISSUE TYPE
COMPONENT NAME

Not yet defined

ADDITIONAL INFORMATION

Additional module for the management (creation, management, deletion) of ACL Policies within vault. Supporting things like idempotence and maybe even ansible check mode.

briantist commented 2 years ago

Hi @nwerker , this certainly sounds like it would be a great addition!

For other readers I'll link to my comment on your other feature request so as not to repeat it:

tl;dr: I'd love to help a contributor add this kind of thing but I don't know if I'll have time to do it myself.

nwerker commented 2 years ago

@briantist completely understandable as mentioned in #331!

mathijswesterhof commented 1 year ago

I've been working with this module for a while now and willing to make a pr for this if it's still wanted. I've also been planning on building one for entities (with groups)

briantist commented 1 year ago

I've been working with this module for a while now and willing to make a pr for this if it's still wanted. I've also been planning on building one for entities (with groups)

That would be great! Please see the contributing guide in the collection docs and let me know if you have any questions or need help getting started.

mathijswesterhof commented 1 month ago

I'm currently working on this again now that HVAC error handling https://github.com/ansible-collections/community.hashi_vault/pull/391 is waiting to be reviewed. I saw that HVAC has a dedicated function for fetching policies and converting it with a hcl-parser if that is available. however the function only fetches from the api route sys/policy where /sys/policies/acl is more versatile and the policies route could be adjusted to also allow policies from rgp and egp (if the client has a enterprise subscription)

I'll have a look at how to solve this efficiently as the hvac client only implements parsed read. currently I've got: