2021-08-07 15:02:21 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
2020-03-09 10:11:07 +01:00
|
|
|
# (c) 2016, Samuel Boucher <boucher.samuel.c@gmail.com>
|
|
|
|
# (c) 2017 Ansible Project
|
2022-08-05 13:17:19 +02:00
|
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
from __future__ import (absolute_import, division, print_function)
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
|
|
DOCUMENTATION = '''
|
2021-01-12 07:12:03 +01:00
|
|
|
name: keyring
|
2020-03-09 10:11:07 +01:00
|
|
|
author:
|
2020-09-28 21:21:51 +02:00
|
|
|
- Samuel Boucher (!UNKNOWN) <boucher.samuel.c@gmail.com>
|
2020-03-09 10:11:07 +01:00
|
|
|
requirements:
|
|
|
|
- keyring (python library)
|
|
|
|
short_description: grab secrets from the OS keyring
|
|
|
|
description:
|
|
|
|
- Allows you to access data stored in the OS provided keyring/keychain.
|
|
|
|
'''
|
|
|
|
|
|
|
|
EXAMPLES = """
|
2022-06-03 18:51:13 +02:00
|
|
|
- name: output secrets to screen (BAD IDEA)
|
2020-07-14 17:28:08 +02:00
|
|
|
ansible.builtin.debug:
|
2020-03-09 10:11:07 +01:00
|
|
|
msg: "Password: {{item}}"
|
2020-08-08 22:04:34 +02:00
|
|
|
with_community.general.keyring:
|
2020-03-09 10:11:07 +01:00
|
|
|
- 'servicename username'
|
|
|
|
|
|
|
|
- name: access mysql with password from keyring
|
2020-08-08 22:04:34 +02:00
|
|
|
mysql_db: login_password={{lookup('community.general.keyring','mysql joe')}} login_user=joe
|
2020-03-09 10:11:07 +01:00
|
|
|
"""
|
|
|
|
|
|
|
|
RETURN = """
|
|
|
|
_raw:
|
2020-09-16 11:06:45 +02:00
|
|
|
description: Secrets stored.
|
|
|
|
type: list
|
|
|
|
elements: str
|
2020-03-09 10:11:07 +01:00
|
|
|
"""
|
|
|
|
|
|
|
|
HAS_KEYRING = True
|
|
|
|
|
|
|
|
from ansible.errors import AnsibleError
|
|
|
|
from ansible.utils.display import Display
|
|
|
|
|
|
|
|
try:
|
|
|
|
import keyring
|
|
|
|
except ImportError:
|
|
|
|
HAS_KEYRING = False
|
|
|
|
|
|
|
|
from ansible.plugins.lookup import LookupBase
|
|
|
|
|
|
|
|
display = Display()
|
|
|
|
|
|
|
|
|
|
|
|
class LookupModule(LookupBase):
|
|
|
|
|
|
|
|
def run(self, terms, **kwargs):
|
|
|
|
if not HAS_KEYRING:
|
|
|
|
raise AnsibleError(u"Can't LOOKUP(keyring): missing required python library 'keyring'")
|
|
|
|
|
|
|
|
display.vvvv(u"keyring: %s" % keyring.get_keyring())
|
|
|
|
ret = []
|
|
|
|
for term in terms:
|
|
|
|
(servicename, username) = (term.split()[0], term.split()[1])
|
|
|
|
display.vvvv(u"username: %s, servicename: %s " % (username, servicename))
|
|
|
|
password = keyring.get_password(servicename, username)
|
|
|
|
if password is None:
|
|
|
|
raise AnsibleError(u"servicename: %s for user %s not found" % (servicename, username))
|
|
|
|
ret.append(password.rstrip())
|
|
|
|
return ret
|