From c308bb01268de07b4c0368e177d364d7443867a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Denis=20Krienb=C3=BChl?= <denis.krienbuehl@cloudscale.ch>
Date: Thu, 21 Nov 2024 16:06:51 +0100
Subject: [PATCH] Add support for token_bound_cidrs to hashivault_auth_ldap

---
 ansible/modules/hashivault/hashivault_auth_ldap.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ansible/modules/hashivault/hashivault_auth_ldap.py b/ansible/modules/hashivault/hashivault_auth_ldap.py
index eeddc13d..7400bd67 100644
--- a/ansible/modules/hashivault/hashivault_auth_ldap.py
+++ b/ansible/modules/hashivault/hashivault_auth_ldap.py
@@ -102,6 +102,10 @@
     userfilter:
         description:
             - LDAP filter that will determine if a user has permission to authenticate to Vault
+    token_bound_cidrs:
+        description:
+            - List of CIDR blocks; if set, specifies blocks of IP addresses which can authenticate successfully, and
+              ties the resulting token to these blocks as well.
 extends_documentation_fragment: hashivault
 '''
 EXAMPLES = '''
@@ -157,6 +161,7 @@ def main():
     argspec['use_token_groups'] = dict(required=False, type='bool', default=False)
     argspec['token_ttl'] = dict(required=False, type='int', default=0)
     argspec['token_max_ttl'] = dict(required=False, type='int', default=0)
+    argspec['token_bound_cidrs'] = dict(required=False, type='list', default=[])
 
     module = hashivault_init(argspec, supports_check_mode=True)
     result = hashivault_auth_ldap(module)
@@ -194,6 +199,7 @@ def hashivault_auth_ldap(module):
     desired_state['use_token_groups'] = params.get('use_token_groups')
     desired_state['token_ttl'] = params.get('token_ttl')
     desired_state['token_max_ttl'] = params.get('token_max_ttl')
+    desired_state['token_bound_cidrs'] = params.get('token_bound_cidrs')
 
     # if bind pass is None, remove it from desired state since we can't compare
     if desired_state['bind_pass'] is None:
@@ -225,6 +231,7 @@ def hashivault_auth_ldap(module):
         current_state['starttls'] = result['starttls']
         current_state['token_ttl'] = result['token_ttl']
         current_state['token_max_ttl'] = result['token_max_ttl']
+        current_state['token_bound_cidrs'] = result['token_bound_cidrs']
     except InvalidPath:
         pass