diff --git a/plugins/module_utils/_auth_method_approle.py b/plugins/module_utils/_auth_method_approle.py index 0c261d3a9..15c356254 100644 --- a/plugins/module_utils/_auth_method_approle.py +++ b/plugins/module_utils/_auth_method_approle.py @@ -38,3 +38,6 @@ def authenticate(self, client, use_token=True): response = client.auth_approle(use_token=use_token, **params) return response + + def should_revoke_token(self): + return True diff --git a/plugins/module_utils/_auth_method_aws_iam.py b/plugins/module_utils/_auth_method_aws_iam.py index e3bb004ba..b6eae8f58 100644 --- a/plugins/module_utils/_auth_method_aws_iam.py +++ b/plugins/module_utils/_auth_method_aws_iam.py @@ -95,3 +95,6 @@ def authenticate(self, client, use_token=True): client.auth_aws_iam(use_token=use_token, **params) return response + + def should_revoke_token(self): + return True diff --git a/plugins/module_utils/_auth_method_jwt.py b/plugins/module_utils/_auth_method_jwt.py index da2919426..f446b34c8 100644 --- a/plugins/module_utils/_auth_method_jwt.py +++ b/plugins/module_utils/_auth_method_jwt.py @@ -49,3 +49,6 @@ def authenticate(self, client, use_token=True): client.token = response['auth']['client_token'] return response + + def should_revoke_token(self): + return True diff --git a/plugins/module_utils/_auth_method_ldap.py b/plugins/module_utils/_auth_method_ldap.py index 7fcb6b38e..03e21e89c 100644 --- a/plugins/module_utils/_auth_method_ldap.py +++ b/plugins/module_utils/_auth_method_ldap.py @@ -38,3 +38,6 @@ def authenticate(self, client, use_token=True): response = client.auth_ldap(use_token=use_token, **params) return response + + def should_revoke_token(self): + return True diff --git a/plugins/module_utils/_auth_method_none.py b/plugins/module_utils/_auth_method_none.py index 22c3e28f9..db38cfd2e 100644 --- a/plugins/module_utils/_auth_method_none.py +++ b/plugins/module_utils/_auth_method_none.py @@ -31,3 +31,6 @@ def validate(self): def authenticate(self, client, use_token=False): return None + + def should_revoke_token(self): + return False diff --git a/plugins/module_utils/_auth_method_token.py b/plugins/module_utils/_auth_method_token.py index 11d8fdccc..ae636e76e 100644 --- a/plugins/module_utils/_auth_method_token.py +++ b/plugins/module_utils/_auth_method_token.py @@ -111,3 +111,6 @@ def authenticate(self, client, use_token=True, lookup_self=False): raise HashiVaultValueError("Invalid Vault Token Specified.") return self._simulate_login_response(token, response) + + def should_revoke_token(self): + return False diff --git a/plugins/module_utils/_auth_method_userpass.py b/plugins/module_utils/_auth_method_userpass.py index f9ba58f60..ee1ea61ba 100644 --- a/plugins/module_utils/_auth_method_userpass.py +++ b/plugins/module_utils/_auth_method_userpass.py @@ -45,3 +45,6 @@ def authenticate(self, client, use_token=True): client.token = response['auth']['client_token'] return response + + def should_revoke_token(self): + return True diff --git a/plugins/module_utils/_authenticator.py b/plugins/module_utils/_authenticator.py index 85d03d12d..8d8ebfc5e 100644 --- a/plugins/module_utils/_authenticator.py +++ b/plugins/module_utils/_authenticator.py @@ -94,3 +94,10 @@ def validate(self, *args, **kwargs): def authenticate(self, *args, **kwargs): method = self._get_method_object(kwargs.pop('method', None)) return method.authenticate(*args, **kwargs) + + def should_revoke_token(self, **kwargs): + method = self._get_method_object(kwargs.pop('method', None)) + return method.should_revoke_token(**kwargs) + + def logout(self, client, **kwargs): + client.logout(revoke_token=self.should_revoke_token(**kwargs)) diff --git a/plugins/module_utils/_hashi_vault_common.py b/plugins/module_utils/_hashi_vault_common.py index d348e94e4..b6641517c 100644 --- a/plugins/module_utils/_hashi_vault_common.py +++ b/plugins/module_utils/_hashi_vault_common.py @@ -249,3 +249,6 @@ def warn(self, message): def deprecate(self, message, version=None, date=None, collection_name=None): self._deprecator(message, version=version, date=date, collection_name=collection_name) + + def should_revoke_token(self, **kwargs): + return False