secretsmanager_secret - Support adding JSON (ansible-collections#1333)

secretsmanager_secret - Support adding JSON SUMMARY fixes: ansible-collections#656 Amazon supports passing JSON in as the secret as a mechanism for storing and retreiving more complex structures. While in theory it's possible to pass JSON in as a string to secretsmanager_secret. However, because Ansible often does funky things with when templated strings are passed to a parameter (ansible-collections#656) it's non-trivial to pass JSON into secretsmanager_secret. ISSUE TYPE Feature Pull Request COMPONENT NAME secretsmanager_secret ADDITIONAL INFORMATION Backstory: If Ansible sees {{ }} within a string it'll trigger the safe_eval handlers, automatically converting the JSON into a complex structure of lists/dicts, which is then converted to the python string representation of the complex structures - the python string representation is not valid JSON and breaks the AWS integration. Reviewed-by: Joseph Torcasso <None>
abikouo · Sep 18, 2023 · 03d8b6c · 03d8b6c
1 parent 50e525b
commit 03d8b6c
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/secretsmanager_secret.py b/secretsmanager_secret.py
@@ -54,8 +54,16 @@
   secret:
     description:
     - Specifies string or binary data that you want to encrypt and store in the new version of the secret.
+    - Mutually exclusive with the I(json_secret) option.
     default: ""
     type: str
+  json_secret:
+    description:
+    - Specifies JSON-formatted data that you want to encrypt and store in the new version of the
+      secret.
+    - Mutually exclusive with the I(secret) option.
+    type: json
+    version_added: 4.1.0
   resource_policy:
     description:
     - Specifies JSON-formatted resource policy to attach to the secret. Useful when granting cross-account access
@@ -423,13 +431,15 @@ def main():
             'kms_key_id': dict(),
             'secret_type': dict(choices=['binary', 'string'], default="string"),
             'secret': dict(default="", no_log=True),
+            'json_secret': dict(type='json', no_log=True),
             'resource_policy': dict(type='json', default=None),
             'tags': dict(type='dict', default=None, aliases=['resource_tags']),
             'purge_tags': dict(type='bool', default=True),
             'rotation_lambda': dict(),
             'rotation_interval': dict(type='int', default=30),
             'recovery_window': dict(type='int', default=30),
         },
+        mutually_exclusive=[['secret', 'json_secret']],
         supports_check_mode=True,
     )
 
@@ -440,7 +450,7 @@ def main():
     secret = Secret(
         module.params.get('name'),
         module.params.get('secret_type'),
-        module.params.get('secret'),
+        module.params.get('secret') or module.params.get('json_secret'),
         description=module.params.get('description'),
         kms_key_id=module.params.get('kms_key_id'),
         resource_policy=module.params.get('resource_policy'),