Add Secret Manager Lookup plugins

[levonet]

SUMMARY

I need to get the secret content and the resource id from GCP Secret Manager.
Lookup plugins are used because this format allows embedding Secret Manager queries in templates and files with variables (external configuration contour).

ISSUE TYPE

• New Module Pull Request

COMPONENT NAME

• gcp_secret_access
• gcp_secret_resource_id

ADDITIONAL INFORMATION

Examples:

- ansible.builtin.debug:
    msg: "{{ lookup('google.cloud.gcp_secret_access', secret='hola', project='test_project') }}"

- ansible.builtin.debug:
    msg: "{{ lookup('google.cloud.gcp_secret_access', 'hola', project='test_project') }}"

- name: using resource id instead of secret name
  ansible.builtin.debug:
    msg: "{{ lookup('google.cloud.gcp_secret_access', 'projects/112233445566/secrets/hola/versions/1') }}"

- name: using service account file
  ansible.builtin.debug:
    msg: "{{ lookup('google.cloud.gcp_secret_access', 'hola', project='test_project', service_account_file='/path/to/keyfile.json') }}"

- ansible.builtin.debug:
    msg: "{{ lookup('google.cloud.gcp_secret_resource_id', secret='hola', project='test_project') }}"
# Return 'projects/112233445566/secrets/hola/versions/1'

[whyman]

This is awesome, but it doesnt look like PRs for this repo get merged :/

[levonet]

Yes, it looks like this repo doesn't have a maintainer.
Here is an example of how a critical one-character hotfix is ​​still open #268

[smemsh]

it doesnt look like PRs for this repo get merged

not sure why the readme for this repo doesn't say that this repository is only the generated output of https://github.com/GoogleCloudPlatform/magic-modules

[whyman]

it doesnt look like PRs for this repo get merged

not sure why the readme for this repo doesn't say that this repository is only the generated output of https://github.com/GoogleCloudPlatform/magic-modules

Yes, but if you try to raise Ansible specific stuff (non generated like this) there they tell you to raise it here instead 🤷

[smemsh]

if you try to raise Ansible specific stuff (non generated like this) there they tell you to raise it here instead

Right, as in GoogleCloudPlatform/magic-modules#3933, apparently we're to use this repo for bugs, but submit PRs to the upstream repo. Yet most have no idea about magic-modules and waste time looking for bugs in the Python here, and/or submitting PRs that will never be looked at.

Even worse, look here: hashicorp/terraform-provider-google#9588 via GoogleCloudPlatform/magic-modules#5069, to wit:

mmv1 has not been supporting ansible/inspec for some time - i.e. we would not do work to add support for new resources, update resources due to API changes, or fix bugs in those codebases.

So basically @levonet was right that this collection is basically abandonware and we're supposed to use Terraform for provisioning and/or GCP-native automation.

It's not very nice to not even notify people about this and have them waste their time filing bugs/PRs and looking through auto-generated python code which isn't even updated anymore. I guess they don't care because it's a small number of users. The situation has been like this for multiple years with this collection... wonder if Ansible core team even knows about the defunct status. There's an interesting clue here:

Note: this has paused for now, based on internal dicussions

not sure what to make of that

[alexkleinfig]

@levonet You should make a merge request on the community google ?

[ushuz]

Fix #460

[toumorokoshi]

Thanks for the contribution! A couple minor changes, but otherwise LGTM.

Is there anything else that needs to be done besides put the lookup in the plugins directory?

[toumorokoshi]

I think this file needs a copyright / license notice too?

[toumorokoshi]

should scope be added?

[toumorokoshi]

could this be switched away from f-strings? we don't use them today, and I think that syntax-wise this repository is still python2 compatible.

Not that we can always have it be py2 compatible, but I'd like to avoid py3 syntax to make things py2-usable as much as possible for now.

[mimizone]

any chance it's getting merged?

[jack-rep]

is this a dup of #578?