Added Secret Server Cloud support to the tss.py credential plugin #15280
Conversation
|
first looking over this @iwt-cmd looks pretty simple and straight forward . we don't have any coverage of it though it seems (for the plugin at all). @fosterseth I am not seeing anything for this, are you aware of anything? even unit coverage that I am looking over? kicking CI now just to get some things moving. note that it will need a rebase so whenever you can @iwt-cmd that would be good, since I am kicking now, a rebase should kick it again. |
thedoubl3j
added
the
community pull request
|
Thanks @thedoubl3j, I rebased from the current devel branch. I'm happy to help with any testing noting that neither the on-prem nor cloud versions of Secret Server appear to have a free tier which could make automating that process challenging. |
|
@iwt-cmd thank you sir. I will rekick CI but it was green before so we should be good. and yeah, i see that. can you provide some quick steps that you tested things with by chance if you have any? also versions of things etc (aside from awx which is devel). |
|
Thanks @thedoubl3j! To test the changes, I used a sandbox instance of Secret Server Cloud that I have access to and setup SS Cloud as a credential source in AWX, created a machine credential using the SS Cloud credential source then ran a basic playbook to confirm the data being pulled from SS Cloud was correct. I did not test the on-prem version as I don't have immediate access to a sandbox/test instance of Secret Server. If this is required, I could attempt to setup something using the free trial from Delinea. In my opinion, the changes made shouldn't effect the on-prem logic but can appreciate if this needs to be validated for project stability. |
|
@delinea-sagar and @delineaKrehl, can I nab one of you for a review? |
|
sign off from delinea contacts, re running CI and raising at PR triage meeting. @iwt-cmd might be a bit since we have a few things in flight but it is on the radar. I will cover the rebases etc but will ping ya again once I can get more eyes or time on it. Current CI failures are not from this PR, currently an issues all PRs are seeing. |
SUMMARY
This fixes an issue in the Thycotic Secret Server credential plugin to support Secret Server Cloud. While the documentation states that both the on-prem and cloud versions can be used, the original implementation did not have logic to use the "SecretServerCloud" function when generating the connection.
Secret Server Cloud requires an authorizer and the tenant ID to connect. Instead of adding an additional field to the form for the tenant ID, this is extracted from the URL via string methods.
The pop-up info for the "Domain" field was also updated to instruct the user to leave this blank if connecting to Secret Server Cloud.
Plugin location: /awx/main/credential_plugins/tss.py
related #15278
ISSUE TYPE
COMPONENT NAME
AWX VERSION
ADDITIONAL INFORMATION