secretsmanager_secret: add 'overwrite' parameter

Adds an 'overwrite' parameter - If set to True, an existing secret with the same name will be overwritten. - If set to False, a secret with the given name will only be created if none exists. Closes ansible-collections#1626 Signed-off-by: Brad Solomon <[email protected]>
brsolomon-deloitte · Feb 8, 2023 · ceba264 · ceba264
1 parent 88872b3
commit ceba264
Showing 1 changed file with 21 additions and 2 deletions.
diff --git a/plugins/modules/secretsmanager_secret.py b/plugins/modules/secretsmanager_secret.py
@@ -29,6 +29,13 @@
     default: 'present'
     choices: ['present', 'absent']
     type: str
+  overwrite:
+    description:
+    - Whether to overwrite an existing secret with the same name.
+    - If set to True, an existing secret with the same I(name) will be overwritten.
+    - If set to False, a secret with the given I(name) will only be created if none exists.
+    type: bool
+    default: True
   recovery_window:
     description:
     - Only used if state is absent.
@@ -130,6 +137,14 @@
     state: absent
     secret_type: 'string'
     secret: "{{ super_secret_string }}"
+
+- name: Only create a new secret, but do not update if alredy exists by name
+  community.aws.secretsmanager_secret:
+    name: 'random_string'
+    state: present
+    secret_type: 'string'
+    secret: "{{ lookup('community.general.random_string', length=16, special=false) }}"
+    overwrite: false
 '''
 
 RETURN = r'''
@@ -524,6 +539,7 @@ def main():
         argument_spec={
             'name': dict(required=True),
             'state': dict(choices=['present', 'absent'], default='present'),
+            'overwrite': dict(type='bool', default=True),
             'description': dict(default=""),
             'replica': dict(type='list', elements='dict', options=replica_args),
             'kms_key_id': dict(),
@@ -580,12 +596,15 @@ def main():
                 result = secrets_mgr.put_resource_policy(secret)
             changed = True
         else:
+            # current_secret exists; decide what to do with it
             if current_secret.get("DeletedDate"):
                 secrets_mgr.restore_secret(secret.name)
                 changed = True
             if not secrets_mgr.secrets_match(secret, current_secret):
-                result = secrets_mgr.update_secret(secret)
-                changed = True
+                overwrite = module.params.get('overwrite')
+                if not overwrite:
+                    result = secrets_mgr.update_secret(secret)
+                    changed = True
             if not rotation_match(secret, current_secret):
                 result = secrets_mgr.update_rotation(secret)
                 changed = True