merge_variables: correct misleading short description (#8580)
The short description makes it sound like the plugin would only support
matching a given suffix, while the actual description clarifies the
actual matching capabilities (suffix, prefix or regular expression).
Update the short description accordingly.
(cherry picked from commit a3989095af)
Co-authored-by: Elias Probst <mail@eliasprobst.eu>
* bitwarden_secrets_manager: implement rate limit retry with backoff (#8238)
* bitwarden_secrets_manager: implement rate limit retry with backoff (#8230)
* bitwarden_secrets_manager: add changelog fragment for 90cd2d61 (#8238)
* bitwarden_secrets_manager: clarify "Too many requests" is an error condition (#8238)
* bitwarden_secrets_manager: avoid an extra _run_with_retry execution after the last (very long) delay
* bitwarden_secrets_manager: changelog fragment key and reference issue url
(cherry picked from commit a05a5982a6)
* Make Python 2 compatible.
---------
Co-authored-by: Matt Adams <matt@4dk.me>
Co-authored-by: Felix Fontein <felix@fontein.de>
fixes#7918 - onepassword lookup fails if field name contains uppercase letters and section is specified (#7919)
* fix#7918
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* onepassword lookup: transform field ids to lowercase
* #7918: added unit tests
* #7919: add changelog fragment
* Update changelogs/fragments/7919-onepassword-fieldname-casing.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Sam Doran <github@samdoran.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 6088e2dc0f)
Co-authored-by: Benjamin Mitzkus <b.mitzkus@gmx.de>
onepassword lookup - Make section and field case insensitive (#7564)
* onepassword lookup: Make section and field case insensitive
This was a regression in behavior when adding support for op v2.
* Return a string by default to avoid an exception if a field is missing
* Use a helper function to lower a value if possible
* Update changelog
(cherry picked from commit 241cc02fa8)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Fix more typos (#7439)
* Fix more typos in plugins/.
* Fix typos in tests/unit/.
* Fix typos in tests/integration/.
* Fix more typos.
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
---------
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
(cherry picked from commit 2b62826082)
Co-authored-by: Felix Fontein <felix@fontein.de>
Ignore similar chars in random_string (#7242)
* Added the option to ignore certain characters
This can be usefull for eliminating confusion.
* Removed the loop and added each char_sets
The variable name is not known inside the loop so updating it does not work.
* Changelog fragment file
* Forgot the file extention for the fragment yaml file
* Update plugins/lookup/random_string.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/random_string.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/random_string.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit c3fd14e18f)
Co-authored-by: Gustav Alerby <g.alerby@gmail.com>
Use `get(..)` instead of [..] for safe lookup of value (Fixes#7240) (#7241)
A OnePassword field item might not have a value (property) when the user has omitted it (on purpose).
(cherry picked from commit 1beb38ceff)
Co-authored-by: Wouter Klein Heerenbrink <wouter@fluxility.com>
Update my maintainer status for 1PW plugin (#7252)
* ignore notifications for scottsb on 1pw plugin; update email
* Also update maintainers list.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 7d97b37b21)
Co-authored-by: Scott Buchanan <scottiesb@gmail.com>
New lookup plug-in: Bitwarden Secrets Manager (#6389)
* add Bitwarden Secrets Manager lookup
* fix pep8 and yamllint complaints
* fix version_added, add maintainer and copyright notice
* document BWS_ACCESS_TOKEN env var and declare as required
* avoid returning nested list
* update 'value of a secret' example after f6c4492c
* update copyright notice in bitwarden_secrets_manager plugin
thx felixfontein
Co-authored-by: Felix Fontein <felix@fontein.de>
* rename classes to distinguish from existing bw plugin
* use AnsibleLookupError, formatting
* bump version_added to 7.0.0
Co-authored-by: Felix Fontein <felix@fontein.de>
* ci fix: python style guide calls for excessive blank lines
https://peps.python.org/pep-0008/#blank-lines
* first attempt at unit tests for bws lookup
* ci fix: remove trailing newline
* attempt to fix tests object not callable error
* address formatting, tests and pyright suggestions
* reduce scope of mocked code for more real test coverage
only the actual bws CLI call is mocked now, this should enable the
exception thrown test to succeed if I didn't add new problems
* fix undefined variable 'expected_rc'
* fix mocked _run method to return correct data types
* keep list of one element for test case comparison
* bump version_added to 7.2.0
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: jantari <jantari@github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 5365647ee7)
Co-authored-by: jantari <jantari@outlook.de>
random_string docs to say it's cryptographically secure (#6691)
Modify random_string docs to state that randomness is cryptographically secure
(cherry picked from commit 89ad18d1a7)
Co-authored-by: Matthew Davis <7035647+mdavis-xyz@users.noreply.github.com>
Fix multiple issues with the TSS lookup plugin when using fetch_attachments (#6720)
* Treat files as binary when downloading attachments
* Raise a warning when the attachment can't be read
* Set the 'itemValue' for files, even when they can't be read
* Always return the original secret content
* Add changelog
* Fix changelog
* Update changelog
Co-authored-by: Felix Fontein <felix@fontein.de>
* Revert "Always return the original secret content"
This reverts commit a9fb96e165.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 6bff57ee6e)
Co-authored-by: laszlojau <49835454+laszlojau@users.noreply.github.com>
Onepassword lookup add service accounts (#6660)
* add service account token and bypass required fields when service account token is set
* add token to base class
* add Info
* add service_account_token
* add service_account_token
* add documentation
* add service_account_token
* fix E111: indentation is not a multiple of 4
* fix lint problems
* Update plugins/lookup/onepassword_raw.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/onepassword_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/onepassword.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* add changelog fragment
* change type service_account_token to align to domain option
* add fragment value
* Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/onepassword.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* remove service_account_token from onepassword_info.py
* adjust V1 to raise error if service_account_token is set
* adjust V1 to raise error if service_account_token is set
* adjust V1 to raise error if service_account_token is set
* adjust if assert_logged_in
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* remove double return
* remove new line
* remove new line
* remove new line
* remove spaces
* remove new line
* remove spaces
* Update plugins/lookup/onepassword_raw.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* add _check_required_params
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* remove _check_required_params
* remove spaces
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* remove code
---------
Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com>
Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sam Doran <github@samdoran.com>
(cherry picked from commit 473e557c2f)
Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
Use semantic markup (modules a-c) (#6671)
* Use semantic markup.
* E() now works better.
(cherry picked from commit 6fc1df9b83)
Co-authored-by: Felix Fontein <felix@fontein.de>
Semantic markup: use E() in more places (#6699)
Use semantic markup.
(cherry picked from commit 7ae8cc9902)
Co-authored-by: Felix Fontein <felix@fontein.de>
Start using semantic markup (#6627)
* Start using semantic markup.
* Forgot some places.
* Fix typo.
* Use 'ignore:' prefix until https://github.com/ansible-community/antsibull-docs/pull/155 is out.
* Break too long line.
(cherry picked from commit 011b2f8bdc)
Co-authored-by: Felix Fontein <felix@fontein.de>
Fetch secret id's which are in folder by folder id (#6652)
Added function to fetch secret id's by folder id
(cherry picked from commit eddd1ba4f2)
Co-authored-by: delinea-sagar <131447653+delinea-sagar@users.noreply.github.com>
Minor bitwarden plugin req. docs addition (#6613)
The Bitwarden CLI requires a `login` followed by an `unlock` operation.
The later will display a message regarding setting (and exporting) the
`$BW_SESSION` env. var. When using the `bitwarden` lookup plugin, having
the env. var. set and available (exported) to Ansible is critical.
Without it, the plugin will simply return the error:
`Bitwarden Vault locked. Run 'bw unlock'.`
Make this clearer in the requirement documentation.
Signed-off-by: Chris Evich <cevich@redhat.com>
(cherry picked from commit 36e8653cf7)
Co-authored-by: Chris Evich <1183438+cevich@users.noreply.github.com>
* dig: Support multiple domains in a single lookup (#6334)
The docs for this plugin indicated that multiple domains could be
specified at once, but the code did not support multiple domains.
* Address review feedback.
* stop passing loader/dataloader since it has been deprecated by ansible
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* add changelog fragment
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* explicitly pass None to keep compatibility to older Ansible versions
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* use try/except to keep things compatible
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* Update plugins/lookup/cartesian.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/flattened.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/flattened.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/cartesian.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/6074-loader_in_listify.yml.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add support to Bitwarden Lookup for filtering results by collection id (#5849)
* Debug
* Add support to Bitwarden Lookup for filtering results by collection id (#5849)
* Update comments
* Fix blank line issue
* Fix unit tests for bitwarden lookup plugin. Add changelog fragment file.
* Change collectionId to collection_id parameter on bitwarden plugin
* Fix collection id parameter name when used in bw cli
* Clarify Error message when vault not unlocked
You can be logged into the Bitwarden-CLI, but it can still be locked. This took me several hours to debug, since every time I ran 'bw login' it told me, that I am already logged in.
If you run 'bw unlock' without being logged in, you are prompted to log in.
This clarifies the Error occurring and can drastically reduce debugging time, since you don't have to look into the source code to get an understanding of whats wrong.
* RM: negation
Nobody needs negation
* Update function name
* FIX: tests
* ADD: changelog
* Update changelogs/fragments/5811-clarify-bitwarden-error.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add Support to Bitwarden Lookup for Custom Fields
This adds support to the Bitwarden lookup for retrieving values from
custom fields, such as api keys.
* Need to Return Whole Record if Field is Not Defined
* whitespace
* Add Changelog Fragment
* Need to Make Sure All Login Fields are Represented
We need to make sure that all login fields are accounted for, since
there will be no other way to retrieve them with this change, and we
don't want to break backwards compatibility. Looking at this code from
the official client,
https://github.com/bitwarden/clients/blob/master/libs/common/spec/models/domain/login.spec.ts,
autofillOnPageLoad might be another login field.
* Update changelogs/fragments/5694-add-custom-fields-to-bitwarden.yml
Clarify changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/bitwarden.py
Fix logic. Should only error if matches were found, but are missing the custom field.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Begin building out separate classes to support different op cli versions
Create separet base classes for each major version.
Define the main interface in the base class.
Create methods for getting the current version and instantiating the
appropriate class based on the found version.
* First pass at mostly working CLI version classes
* Correct mismathched parameters
* Update _run() method to allow updating enviroment
This allows passing in the app secret as an env var, which is more
secure than using a command line arg.
* Continuing to improve the interface
* Tear existing tests down to the studs
These tests were based off of the LastPass unit tests. I’m going to
just start from scratch given the new plugin code is vastly diffenent.
* Fix sanity test
* CLI config file path can be None
* Improve required param checking
- only report missing params
- use proper grammer based on number of missing params
* Change assert_logged_in() method return value
Return a boolean value indicating whether or not account is signed in
* Improve full login for v2
Have to do a bit of a dance to avoid hitting the interactive prompt
if there are no accounts configured.
* Remove unused methods
* Add some tests
* Fix linting errors
* Move fixtures to separate file
* Restructure mock test data and add more tests
* Add boilerplate
* Add test scenario for op v2 and increase coverage
* Fix up copyright statements
* Test v1 and v2 in all cases
* Use a more descriptive variable name
* Use docstrings rather than pass in abstract class
This adds coverage to abstract methods with the least amount of hackery.
* Increase test coverage for CLI classes
* Sort test parameters to avoid collection errors
* Update version tested in docs
* Revere test parameter sorting for now
The parameters need to be sorted to avoid the issue in older Python
versions in CI, but I’m having trouble working out how to do that
currently.
* Allow passing kwargs to the lookup module under test
* Favor label over id for v2 when looking for values
Add tests
* Display a warning for section on op v2 or greater
There is no “value” in section fields. If we wanted to support sections
in v2, we would also have to allow specifying the field name in
order to override “value”.
* Move test cases to their own file
Getting a bit unwieldy having it in the test file
* Move output into JSON files fore easier reuse
* Switch to using get_options()
* Add licenses for fixture files
* Use get_option() since get_options() was added in Ansible Core 2.12
* Rearrange fixtures
* Add changelog
* Move common classes to module_utils
* Move common classes back to lookup
The plugin relies on AnsibleLookupError() quite a bit which is not available
in module code.
Remove use of display for errors since section isn’t actually deprecated.
* Properly handle sections
Still room for improvement, but this is at least a start.
* Remove some comments that won’t be addressed
* Make test gathering more deterministic to avoid failures
* Update changelog fragment
* Simple fix for making tests reliable
* Clearer error logging in passwordstore lookup
* Add changelog fragment for passwordstore errmsgs
Co-authored-by: Sylvia van Os <sylvia@hackerchick.me>
* Start using Ansible's config manager to handle options.
* Docs improvements.
* Fix documentation, make options actual lookup options.
* The cyberarkpassword lookup does too strange things.
* The onepassword lookups are converted in #4728, let's not interfere.
* Improve docs.
* Skip shelvefile as well.
* Convert lmdb_kv.
* Convert and fix credstash.
* Convert manifold.
* Drop chef_databag.
* Convert dig.
* Update examples.
* Forgot the most important part.
* Fix lmdb_kv docs.
* Python 2.6 compatibility.
* Convert AnsibleUnicode to str.
* Load lookup with lookup loader.
* Fix environment handling and error message checking.
* Improve docs formatting.
* bitwarden: Add field to search for all item attributes, instead of only name.
* bitwarden: Add change to changelog.
* bitwarden: Update changelog entry.
* Update changelogs/fragments/5297-bitwarden-add-search-field.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/bitwarden.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/bitwarden.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Ole Pannbacker <opannbacker@cronon.net>
Co-authored-by: Felix Fontein <felix@fontein.de>