Skip to content

Latest commit

 

History

History
86 lines (54 loc) · 5.91 KB

README.md

File metadata and controls

86 lines (54 loc) · 5.91 KB

community.hashi_vault Collection

CI Codecov

Tested with Ansible

External requirements

  • hvac (python library)
    • hvac 0.7.0+ (for namespace support)
    • hvac 0.9.6+ (to avoid all deprecation warnings)
    • hvac 0.10.5+ (for JWT auth support)
  • botocore (only if inferring aws params from boto)
  • boto3 (only if using a boto profile)

Included content

  • Lookup Plugins
    • hashi_vault

Using this collection

See Ansible Using collections for more details.

Contributing to this collection

Release notes

See the changelog.

FAQ

Q: Why not have a single collection of HashiCorp products instead of one just for Vault?

A: This was considered when the hashi_vault plugin was first moved from community.general to this collection. There are several reasons behind this:

  • The other known HashiCorp content at that time (covering Consul, Nomad, Terraform, etc.) does not share implementation or testing with Vault content.
  • The maintainers are also different. This being a community supported collection means separate maintainers are more likely to focus on goals that make sense for their particular plugins and user base.
  • The HashiCorp products serve different goals, and even when used together, they have their own APIs and interfaces that don't really have anything in common from the point of view of the Ansible codebase as a consumer.
  • It would complicate testing. One of the primary goals of moving to a new collection was the ability to increase the scope of Vault-focused testing without having to balance the impact to unrelated components.
  • It makes for a smaller package for consumers, that can hopefully release more quickly.

Q: Why is the collection named community.hashi_vault instead of community.vault or community.hashicorp_vault or hashicorp.vault or any number of other names?

A: This too was considered during formation. In the end, hashi_vault is a compromise of various concerns.

  • hashicorp.vault looks great, but implies the collection is supported by HashiCorp (which it is not). That doesn't follow the convention of denoting community supported namespaces with community.
  • community.vault looks great at first, but "Vault" is a very general and overloaded term, and in Ansible the first "Vault" one thinks of is Ansible Vault. So in the naming, and even in the future of this collection and its content, we have to be mindful of avoiding and removing ambiguities between these products (and other Vaults out there).
  • community.hashicorp_vault is descriptive and unambiguous but is unfortunately quite long.
  • community.hashicorp would be good for a collection that aims to contain community-supported content related to all HashiCorp products, but this collection is only focused on Vault (see above question).
  • community.hashicorp.vault (or any other 3-component name): not supported (also long).
  • community.hashi_vault isn't perfect, but has an established convention in the existing plugin name and isn't as long as hashicorp_vault.

Roadmap

More information

Licensing

GNU General Public License v3.0 or later.

See LICENSE to see the full text.