plugin with side effects vs module
11 views
Skip to first unread message
Rob Wagner
Jun 25, 2019, 2:41:59 PM6/25/19
to Ansible Project
Hey all - looking for some advice. I need to write either a plugin or a module to interact with Thycotic Secret Server. In most cases, my code will simply retrieve a credential from Thycotic, so a lookup plugin makes perfect sense. However, there are cases where a specific credential doesn't yet exist in Thycotic, so my code will tell Thycotic to generate a credential, store it in Thycotic, and then return it. The rub here is then we have a side effect; if a credential doesn't exist, it gets created, stored, and returned. Generally speaking, I tend to view lookup plugins as being read only, so the idea that a lookup plugin would WRITE data is counterintuitive (to me). However, I see the passwordstore plugin also has side effects, so perhaps this isn't so bad. But I could also write a module (delegated to the control machine) to accomplish the functionality I need, and modules certainly can have side effects. Any opinions from the Core community on which way I should lean? Are lookup plugin side effects really that bad, or am I overreacting?
Appreciate your thoughts. Thanks.
Rob
Brian Coca
Jul 5, 2019, 9:53:06 AM7/5/19
to Ansible Project
Personally i would use a module if there is the possibility of a side
effect, it is 'surprising' to a user to get one in a lookup.
-
----------
Brian Coca
effect, it is 'surprising' to a user to get one in a lookup.
-
----------
Brian Coca
Rob Wagner
Jul 5, 2019, 9:54:02 AM7/5/19
to Ansible Project
Any thoughts on this? I've been mulling it over and (not to dump on passwordstore) it really seems like a lookup plugin shouldn't have side effects.
Rob
Reply all
Reply to author
Forward
0 new messages