Support fetching full attributes (ARN, Description, LastChangedDate, Tags... etc) #2538
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Docs Build 📝Thank you for contribution!✨ The docsite for this PR is available for download as an artifact from this run: You can compare to the docs for the File changes:
Click to see the diff comparison.NOTE: only file modifications are shown here. New and deleted files are excluded. diff --git a/home/runner/work/amazon.aws/amazon.aws/docsbuild/base/collections/amazon/aws/secretsmanager_secret_lookup.html b/home/runner/work/amazon.aws/amazon.aws/docsbuild/head/collections/amazon/aws/secretsmanager_secret_lookup.html
index 201fcc2..fc389b4 100644
--- a/home/runner/work/amazon.aws/amazon.aws/docsbuild/base/collections/amazon/aws/secretsmanager_secret_lookup.html
+++ b/home/runner/work/amazon.aws/amazon.aws/docsbuild/head/collections/amazon/aws/secretsmanager_secret_lookup.html
@@ -164,7 +164,8 @@ see <a class="reference internal" href="#ansible-collections-amazon-aws-secretsm
<ul class="simple">
<li><p>Look up secrets stored in AWS Secrets Manager provided the caller has the appropriate permissions to read the secret.</p></li>
<li><p>Lookup is based on the secret’s <em>Name</em> value.</p></li>
-<li><p>Optional parameters can be passed into this lookup; <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-version-id"><span class="std std-ref"><span class="pre">version_id</span></span></a></strong></code> and <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-version-stage"><span class="std std-ref"><span class="pre">version_stage</span></span></a></strong></code>.</p></li>
+<li><p>Supports fetching full attributes (ARN, Description, LastChangedDate, Tags) aka boto’s describe_secret.</p></li>
+<li><p>Optional parameters for get value include <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-version-id"><span class="std std-ref"><span class="pre">version_id</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-version-stage"><span class="std std-ref"><span class="pre">version_stage</span></span></a></strong></code>.</p></li>
<li><p>Prior to release 6.0.0 this module was known as <code class="docutils literal notranslate"><span class="pre">aws_ssm</span></code>, the usage remains the same.</p></li>
</ul>
<p>Aliases: aws_secret</p>
@@ -253,6 +254,19 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-get_attributes"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-get-attributes"><strong>get_attributes</strong></p>
+<a class="ansibleOptionLink" href="#parameter-get_attributes" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
+<p><em class="ansible-option-versionadded">added in amazon.aws 9.4.0</em></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>Whether to return full attributes instead of just the secret value.</p>
+<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
+<ul class="simple">
+<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">false</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">true</span></code></p></li>
+</ul>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-join"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-join"><strong>join</strong></p>
<a class="ansibleOptionLink" href="#parameter-join" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
@@ -266,7 +280,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
</ul>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-nested"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-nested"><strong>nested</strong></p>
<a class="ansibleOptionLink" href="#parameter-nested" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in amazon.aws 1.4.0</em></p>
@@ -279,7 +293,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
</ul>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-on_deleted"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-on-deleted"><strong>on_deleted</strong></p>
<a class="ansibleOptionLink" href="#parameter-on_deleted" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in amazon.aws 2.0.0</em></p>
@@ -296,7 +310,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
</ul>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-on_denied"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-on-denied"><strong>on_denied</strong></p>
<a class="ansibleOptionLink" href="#parameter-on_denied" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -312,7 +326,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
</ul>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-on_missing"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-on-missing"><strong>on_missing</strong></p>
<a class="ansibleOptionLink" href="#parameter-on_missing" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -328,7 +342,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
</ul>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-profile"></div>
<div class="ansibleOptionAnchor" id="parameter-aws_profile"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-profile"><span id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-aws-profile"></span><strong>profile</strong></p>
<a class="ansibleOptionLink" href="#parameter-profile" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: aws_profile</span></p>
@@ -344,7 +358,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
</ul>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-region"></div>
<div class="ansibleOptionAnchor" id="parameter-aws_region"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-region"><span id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-aws-region"></span><strong>region</strong></p>
<a class="ansibleOptionLink" href="#parameter-region" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: aws_region</span></p>
@@ -358,7 +372,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
</ul>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-secret_key"></div>
<div class="ansibleOptionAnchor" id="parameter-aws_secret_access_key"></div>
<div class="ansibleOptionAnchor" id="parameter-aws_secret_key"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-secret-key"><span id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-aws-secret-key"></span><span id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-aws-secret-access-key"></span><strong>secret_key</strong></p>
@@ -376,7 +390,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
</ul>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-session_token"></div>
<div class="ansibleOptionAnchor" id="parameter-aws_session_token"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-session-token"><span id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-aws-session-token"></span><strong>session_token</strong></p>
<a class="ansibleOptionLink" href="#parameter-session_token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-aliases">aliases: aws_session_token</span></p>
@@ -391,14 +405,14 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
</ul>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-version_id"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-version-id"><strong>version_id</strong></p>
<a class="ansibleOptionLink" href="#parameter-version_id" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Version of the secret(s).</p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-version_stage"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-parameter-version-stage"><strong>version_stage</strong></p>
<a class="ansibleOptionLink" href="#parameter-version_stage" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -425,6 +439,9 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
<div class="highlight-yaml+jinja notranslate"><div class="highlight"><pre><span></span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Lookup secretsmanager secret in the current region</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">msg="</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">'amazon.aws.aws_secret'</span><span class="o">,</span> <span class="s1">'/path/to/secrets'</span><span class="o">,</span> <span class="nv">bypath</span><span class="o">=</span><span class="kp">true</span><span class="o">)</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">"</span>
+<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Lookup secretsmanager secret attributes in the current region</span>
+<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">msg="</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">'amazon.aws.aws_secret'</span><span class="o">,</span> <span class="s1">'/path/to/secrets'</span><span class="o">,</span> <span class="nv">get_attributes</span><span class="o">=</span><span class="kp">true</span><span class="o">)</span> <span class="cp">}}</span><span class="l l-Scalar l-Scalar-Plain">"</span>
+
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Create RDS instance with aws_secret lookup for password param</span>
<span class="w"> </span><span class="nt">amazon.aws.rds_instance</span><span class="p">:</span>
<span class="w"> </span><span class="nt">state</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">present</span>
@@ -470,7 +487,7 @@ examples: <code class="docutils literal notranslate"><span class="pre">lookup('a
<div class="ansibleOptionAnchor" id="return-_raw"></div><p class="ansible-option-title" id="ansible-collections-amazon-aws-secretsmanager-secret-lookup-return-raw"><strong>Return value</strong></p>
<a class="ansibleOptionLink" href="#return-_raw" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
-<td><div class="ansible-option-cell"><p>Returns the value of the secret stored in AWS Secrets Manager.</p>
+<td><div class="ansible-option-cell"><p>Returns either the secret value or a dictionary containing attributes stored in AWS Secrets Manager.</p>
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> success</p>
</div></td>
</tr>
|
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 3m 23s |
8a8al00ey
changed the title
8a8al00ey
changed the title
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 5m 14s |
abikouo
reviewed
Mar 26, 2025
There was a problem hiding this comment.
@8a8al00ey, thanks for submitting this new feature. Please add a changelog fragment describing the change and update the integration tests lookup_secretsmanager_secret to test the new feature.
Co-authored-by: Bikouo Aubin <[email protected]>
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 5m 09s |
|
Build succeeded. ✔️ ansible-galaxy-importer SUCCESS in 8m 22s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Supports fetching full attributes (ARN, Description, LastChangedDate, Tags)
SUMMARY
Supports fetching full attributes (ARN, Description, LastChangedDate, Tags)
The community.aws version has the ability but it is very hacky and dangerous. You'd need to match rotation, resource policy, tags and replication options.
ISSUE TYPE
COMPONENT NAME
Supports fetching full attributes (ARN, Description, LastChangedDate, Tags)
ADDITIONAL INFORMATION
Supports fetching full attributes (ARN, Description, LastChangedDate, Tags)
Currently there isn't a safe way to describe a secret to obtain ie: LastChangedDate