RunDeck: Key Storage secrets at Custom Option Plugin

43 Views Asked by Sergii Nosko At 24 February 2024 at 19:27

Doesn't RunDeck support Key Storage access at custom plugin OptionValues level?

RunDeck provides ability to develop custom plugin for option at workflow. With "help" of official docs and help! of other stackoverflower's post the plugin has been develop. What I do struggle with is to remove secrets from plugin code into Key Storage. Despite's all attempts plugin doesn't render\get secrete from Key Storage.

Here is a simplified plugin code

name: Custom Rundeck option plugin
version: 1
rundeckPluginVersion: 1.2
author: Sergii Nosko
date: 2024-02-23
providers:
  - name: Zabbix HostGroup
    service: OptionValues
    plugin-type: script
    script-interpreter: /usr/bin/python3
    script-file: get_zabbix_hostgroups.py
    script-args: ${config.zabbix_url} ${config.zabbix_token}
    config:
      - name: zabbix_url
        type: Select
        title: Zabbix URL
        description: Provide a predefined list of Zabbix servers
        values: "zabbix-frontend:8080"
        default: "zabbix-frontend:8080"
      - name: zabbix_token
        type: String
        title: Zabbix API token
        description: Securely pass zabbix API token to the script
        required: false
        renderingOptions:
          selectionAccessor: "STORAGE_PATH"
          valueConversion: "STORAGE_PATH_AUTOMATIC_READ"
          storage-path-root: "keys/project/Zabbix/zabbix_token"

The idea is simple - feed script with zabbix url and token and obtain available hostgroups from zabbix API.

Here is a debug logs from get_zabbix_hostgroups.py to review what env variables and args are:

18:09:07,921 root INFO Running Debug
18:09:07,924 root INFO RD_PLUGIN_SCRIPTFILE: /home/rundeck/libext/cache/zabbix-hostgroup-option-plugin/get_zabbix_hostgroups.py
18:09:07,924 root INFO RD_CONFIG_ZABBIX_URL: zabbix-frontend:8080
18:09:07,925 root INFO RD_PLUGIN_FILE: /home/rundeck/libext/zabbix-hostgroup-option-plugin.zip
18:09:07,925 root INFO RD_PLUGIN_BASE: /home/rundeck/libext/cache/zabbix-hostgroup-option-plugin
18:09:07,925 root INFO LC_CTYPE: C.UTF-8
18:09:07,925 root INFO zabbix_url value:
18:09:07,925 root INFO zabbix-frontend:8080
18:09:07,925 root INFO zabbix_api_token value:
18:09:07,926 root INFO '${config.zabbix_token}'
18:09:07,926 zabbix_utils.api DEBUG Executing apiinfo.version method

So the first arg - zabbix_url works well and is passed as expected but second zabbix_token shows just ${config.zabbix_token}

Official documentation doesn't provide much and what I left is to poke around available options and ACL.

Original Q&A

RunDeck: Key Storage secrets at Custom Option Plugin

There are 0 best solutions below

Related Questions in RUNDECK

Trending Questions

Popular # Hahtags

Popular Questions