1 files changed, 76 insertions, 0 deletions

diff --git a/awx_plugins/credentials/tss.py b/awx_plugins/credentials/tss.py
new file mode 100644
index 0000000000..e295072233
--- /dev/null
+++ b/awx_plugins/credentials/tss.py
@@ -0,0 +1,76 @@
+from .plugin import CredentialPlugin
+from .plugin import translate_function as _
+
+try:
+    from delinea.secrets.server import DomainPasswordGrantAuthorizer, PasswordGrantAuthorizer, SecretServer, ServerSecret
+except ImportError:
+    from thycotic.secrets.server import DomainPasswordGrantAuthorizer, PasswordGrantAuthorizer, SecretServer, ServerSecret
+
+tss_inputs = {
+    'fields': [
+        {
+            'id': 'server_url',
+            'label': _('Secret Server URL'),
+            'help_text': _('The Base URL of Secret Server e.g. https://myserver/SecretServer or https://mytenant.secretservercloud.com'),
+            'type': 'string',
+        },
+        {
+            'id': 'username',
+            'label': _('Username'),
+            'help_text': _('The (Application) user username'),
+            'type': 'string',
+        },
+        {
+            'id': 'domain',
+            'label': _('Domain'),
+            'help_text': _('The (Application) user domain'),
+            'type': 'string',
+        },
+        {
+            'id': 'password',
+            'label': _('Password'),
+            'help_text': _('The corresponding password'),
+            'type': 'string',
+            'secret': True,
+        },
+    ],
+    'metadata': [
+        {
+            'id': 'secret_id',
+            'label': _('Secret ID'),
+            'help_text': _('The integer ID of the secret'),
+            'type': 'string',
+        },
+        {
+            'id': 'secret_field',
+            'label': _('Secret Field'),
+            'help_text': _('The field to extract from the secret'),
+            'type': 'string',
+        },
+    ],
+    'required': ['server_url', 'username', 'password', 'secret_id', 'secret_field'],
+}
+
+
+def tss_backend(**kwargs):
+    if kwargs.get("domain"):
+        authorizer = DomainPasswordGrantAuthorizer(
+            base_url=kwargs['server_url'], username=kwargs['username'], domain=kwargs['domain'], password=kwargs['password']
+        )
+    else:
+        authorizer = PasswordGrantAuthorizer(kwargs['server_url'], kwargs['username'], kwargs['password'])
+    secret_server = SecretServer(kwargs['server_url'], authorizer)
+    secret_dict = secret_server.get_secret(kwargs['secret_id'])
+    secret = ServerSecret(**secret_dict)
+
+    if isinstance(secret.fields[kwargs['secret_field']].value, str) == False:
+        return secret.fields[kwargs['secret_field']].value.text
+    else:
+        return secret.fields[kwargs['secret_field']].value
+
+
+tss_plugin = CredentialPlugin(
+    'Thycotic Secret Server',
+    tss_inputs,
+    tss_backend,
+)