* Namespace the lockfile
When passwordstore needs to grab a lock, it creates a statically file (within /tmp, typically). This is unfortunate, when there might be more than one user using the passwordstore functionality on that machine. Prepend the user to the filename, to bypass further issues.
* Update plugins/lookup/passwordstore.py
specifically reference the argument number in the format string.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add changelog fragment for PR#8689
* Update 8689-passwordstore-lock-naming.yml
I was sure that was a copy/paste.
* Update changelogs/fragments/8689-passwordstore-lock-naming.yml
specify the type of plugin
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
The short description makes it sound like the plugin would only support
matching a given suffix, while the actual description clarifies the
actual matching capabilities (suffix, prefix or regular expression).
Update the short description accordingly.
* manually prepare variables of foreign host including hostvars property
* render variables from context of current host
* add integration test for cross host merge
* lint fixes
* adjust cross host merge unit tests to provide a tiny bit of the HostVars Class API
* add license information
* lint
* add changelog fragment
* Update tests/integration/targets/lookup_merge_variables/test_cross_host_merge_play.yml
Okay
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* Update tests/integration/targets/lookup_merge_variables/test_cross_host_merge_play.yml
Okay
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* Update tests/integration/targets/lookup_merge_variables/test_cross_host_merge_play.yml
Okay
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* rename _HostVars to HostVarsMock
* removing unnecessary task
---------
Co-authored-by: Gitlab CI <alexander.petrenz@posteo.de>
Co-authored-by: Mark <40321020+m-a-r-k-e@users.noreply.github.com>
* bitwarden_secrets_manager: implement rate limit retry with backoff (#8230)
* bitwarden_secrets_manager: add changelog fragment for 90cd2d61 (#8238)
* bitwarden_secrets_manager: clarify "Too many requests" is an error condition (#8238)
* bitwarden_secrets_manager: avoid an extra _run_with_retry execution after the last (very long) delay
* bitwarden_secrets_manager: changelog fragment key and reference issue url
* bitwarden - add support for filtering by organization_id
* Update changelogs/fragments/8188-bitwarden-add-organization_id.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* implement PR discussion result on wording
* rewrite search_field filtering
To correctly handle organization_id and collection_id by passing both to bw.
Tests needed to be extended to filter organizations / collections and
the testdata needed changes to reflect that a collection always belongs to a
single organizaion
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* passwordstore: Add missing_subkey parameter
Add ability to trigger error or warning when a subkey is missing in pass file.
By default the behavior is unchanged (if subkey is missing, None is returned).
This option can also be set in ansible.cfg
* passwordstore - missing_subkey: Update changelog/fragments file with PR number
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add github_app_access_token lookup plugin
* Fix a typo in short_description
* Remove unused MockOpenUrl
* Fix MockJWT to be used on jwt_instance instead
* Fix a bunch of pep8 and pylint issue
* Remove JWT from requirements, also default jwt_instance and jwk_from_pem so they can be mocked
* Update version added
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update git reference in doc
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/github_app_access_token.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Expose token expiry as a configurable option
* Update BOTMETA.yml
* Update documentation
* Update example with var, so it is more readable
Co-authored-by: Felix Fontein <felix@fontein.de>
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* onepassword lookup: Make section and field case insensitive
This was a regression in behavior when adding support for op v2.
* Return a string by default to avoid an exception if a field is missing
* Use a helper function to lower a value if possible
* Update changelog
* Add onepassword_doc lookup plugin
* Switch to a doc fragment
* Add unit test
* Update docs
* Move parameter validation to the OnePass object
This makes it built in for other lookup plugins using this class.
* Use kwargs for OnePass instantiation
There are enough parameters now that using them positionally can result in
odd behavior.
* Update tests
Correct conftest file name so fixtures are discovered and loaded correctly
Move constant so it doesn’t need to be imported
Add a patch since the parameter validation moved to part of the class init
* Use a lookup docs fragment
* Correct plugin description
* Support 1Password Connect (#5588)
- Support 1Password Connect with the opv2 client
* Follow pep8, be less explicit
* Update changelog to include PR
* 1Password Connect host and token are now also parameters
* Get argument values from the environment or lookup arguments
* Move imports
* Force using Connect token and host at the same time
* Update unit tests
* Update documentation
* Additional tests
* Improve performance of the bitwarden lookup plugin
When looking for items using an item id, we can access the item directly with
bw get item instead of searching through all items. This doubles the lookup
speed.
* Update changelogs/fragments/bitwarden-lookup-performance.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix indentation
* Ensure backwards compatible behavior in case of errors when doing bitwarden lookup by id
* chore: Link to correct PR in changelog fragment
* Use identity check when comparing with None
---------
Co-authored-by: Richard Klose <richard.klose@gec.io>
Co-authored-by: Richard Klose <richard@klose.dev>
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: Add options for password generation.
* feat: Add documentations for options for password generation.
* fix: Remove newline from the end of the stored raw password
* fix: Define 'msg' variable before the reference inside the condition block
* feat: Add information when the 'timestamp' parameter was added
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: Add information when the 'preserve' parameter was added
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: Add changelog fragment for adding new parameters to the 'passwordstore' module
* feat: Change the evaluation of password modification conditions.
* feat: Change version of parameter 'timestamp' from 8.0.0 to 8.0.1
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: Change version of parameter 'preserve' from 8.0.0 to 8.0.1
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix: Remove newline character from the timestamp message
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix: Add newline character to the end of 'preserve' message.
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Michal Drobny <494056@muni.cz>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix more typos in plugins/.
* Fix typos in tests/unit/.
* Fix typos in tests/integration/.
* Fix more typos.
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
---------
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
* Drop support for ansible-core 2.11 and 2.12.
Also move ansible-core 2.13 from regular CI to EOL CI.
* Remove some compatibility code.
* Remove no longer needed import.
* Update README.
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Added the option to ignore certain characters
This can be usefull for eliminating confusion.
* Removed the loop and added each char_sets
The variable name is not known inside the loop so updating it does not work.
* Changelog fragment file
* Forgot the file extention for the fragment yaml file
* Update plugins/lookup/random_string.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/random_string.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/random_string.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* ignore notifications for scottsb on 1pw plugin; update email
* Also update maintainers list.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* add Bitwarden Secrets Manager lookup
* fix pep8 and yamllint complaints
* fix version_added, add maintainer and copyright notice
* document BWS_ACCESS_TOKEN env var and declare as required
* avoid returning nested list
* update 'value of a secret' example after f6c4492c
* update copyright notice in bitwarden_secrets_manager plugin
thx felixfontein
Co-authored-by: Felix Fontein <felix@fontein.de>
* rename classes to distinguish from existing bw plugin
* use AnsibleLookupError, formatting
* bump version_added to 7.0.0
Co-authored-by: Felix Fontein <felix@fontein.de>
* ci fix: python style guide calls for excessive blank lines
https://peps.python.org/pep-0008/#blank-lines
* first attempt at unit tests for bws lookup
* ci fix: remove trailing newline
* attempt to fix tests object not callable error
* address formatting, tests and pyright suggestions
* reduce scope of mocked code for more real test coverage
only the actual bws CLI call is mocked now, this should enable the
exception thrown test to succeed if I didn't add new problems
* fix undefined variable 'expected_rc'
* fix mocked _run method to return correct data types
* keep list of one element for test case comparison
* bump version_added to 7.2.0
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: jantari <jantari@github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Treat files as binary when downloading attachments
* Raise a warning when the attachment can't be read
* Set the 'itemValue' for files, even when they can't be read
* Always return the original secret content
* Add changelog
* Fix changelog
* Update changelog
Co-authored-by: Felix Fontein <felix@fontein.de>
* Revert "Always return the original secret content"
This reverts commit a9fb96e165.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* add service account token and bypass required fields when service account token is set
* add token to base class
* add Info
* add service_account_token
* add service_account_token
* add documentation
* add service_account_token
* fix E111: indentation is not a multiple of 4
* fix lint problems
* Update plugins/lookup/onepassword_raw.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/onepassword_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/onepassword.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* add changelog fragment
* change type service_account_token to align to domain option
* add fragment value
* Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/onepassword.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* remove service_account_token from onepassword_info.py
* adjust V1 to raise error if service_account_token is set
* adjust V1 to raise error if service_account_token is set
* adjust V1 to raise error if service_account_token is set
* adjust if assert_logged_in
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* remove double return
* remove new line
* remove new line
* remove new line
* remove spaces
* remove new line
* remove spaces
* Update plugins/lookup/onepassword_raw.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* add _check_required_params
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* remove _check_required_params
* remove spaces
* Update plugins/lookup/onepassword.py
Co-authored-by: Sam Doran <github@samdoran.com>
* remove code
---------
Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com>
Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sam Doran <github@samdoran.com>
The Bitwarden CLI requires a `login` followed by an `unlock` operation.
The later will display a message regarding setting (and exporting) the
`$BW_SESSION` env. var. When using the `bitwarden` lookup plugin, having
the env. var. set and available (exported) to Ansible is critical.
Without it, the plugin will simply return the error:
`Bitwarden Vault locked. Run 'bw unlock'.`
Make this clearer in the requirement documentation.
Signed-off-by: Chris Evich <cevich@redhat.com>
* dig: Support multiple domains in a single lookup (#6334)
The docs for this plugin indicated that multiple domains could be
specified at once, but the code did not support multiple domains.
* Address review feedback.