1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Commit graph

118 commits

Author SHA1 Message Date
Sam Doran
c604cc5ba9
onepassword_raw - Add missing parameter to doc string (#5511)
* onepassword_raw - Add missing parameter to doc string

* Remove redundant mention of default value

* Update changelogs/fragments/5506-onepassword_raw-missing-param.yml

Co-authored-by: Felix Fontein <felix@fontein.de>
2022-11-09 07:28:49 +01:00
Sam Doran
be0b5e5f8c
onepassword - Support v2 (#4728)
* Begin building out separate classes to support  different op cli versions

Create separet base classes for each major version.
Define the main interface in the base class.
Create methods for getting the current version and instantiating the
appropriate class based on the found version.

* First pass at mostly working CLI version classes

* Correct mismathched parameters

* Update _run() method to allow updating enviroment

This allows passing in the app secret as an env var, which is more
secure than using a command line arg.

* Continuing to improve the interface

* Tear existing tests down to the studs

These tests were based off of the LastPass unit tests. I’m going to
just start from scratch given the new plugin code is vastly diffenent.

* Fix sanity test

* CLI config file path can be None

* Improve required param checking

- only report missing params
- use proper grammer based on number of missing params

* Change assert_logged_in() method return value

Return a boolean value indicating whether or not account is signed in

* Improve full login for v2

Have to do a bit of a dance to avoid hitting the interactive prompt
if there are no accounts configured.

* Remove unused methods

* Add some tests

* Fix linting errors

* Move fixtures to separate file

* Restructure mock test data and add more tests

* Add boilerplate

* Add test scenario for op v2 and increase coverage

* Fix up copyright statements

* Test v1 and v2 in all cases

* Use a more descriptive variable name

* Use docstrings rather than pass in abstract class

This adds coverage to abstract methods with the least amount of hackery.

* Increase test coverage for CLI classes

* Sort test parameters to avoid collection errors

* Update version tested in docs

* Revere test parameter sorting for now

The parameters need to be sorted to avoid the issue in older Python
versions in CI, but I’m having trouble working out how to do that
currently.

* Allow passing kwargs to the lookup module under test

* Favor label over id for v2 when looking for values

Add tests

* Display a warning for section on op v2 or greater

There is no “value” in section fields. If we wanted to support sections
in v2, we would also have to allow specifying the field name in
order to override “value”.

* Move test cases to their own file

Getting a bit unwieldy having it in the test file

* Move output into JSON files fore easier reuse

* Switch to using get_options()

* Add licenses for fixture files

* Use get_option() since get_options() was added in Ansible Core 2.12

* Rearrange fixtures

* Add changelog

* Move common classes to module_utils

* Move common classes back to lookup

The plugin relies on AnsibleLookupError() quite a bit which is not available
in module code.

Remove use of display for errors since section isn’t actually deprecated.

* Properly handle sections

Still room for improvement, but this is at least a start.

* Remove some comments that won’t be addressed

* Make test gathering more deterministic to avoid failures

* Update changelog fragment

* Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
Felix Fontein
faf4ec7fa6
passwordstore lookup: allow to pass options as lookup options (#5444)
* Allow to pass options as lookup options.

* Adjust tests.
2022-11-02 20:17:08 +01:00
Jan-Philipp Litza
e4b9e098c7
Clearer error logging in passwordstore lookup (#5436)
* Clearer error logging in passwordstore lookup

* Add changelog fragment for passwordstore errmsgs

Co-authored-by: Sylvia van Os <sylvia@hackerchick.me>
2022-11-02 20:12:21 +01:00
Felix Fontein
47cc2a4e8e
dnstxt lookup - add option to return empty list. (#5457) 2022-11-01 22:19:33 +01:00
Felix Fontein
e718bd8445
Lookups: use Ansible's config manager whenever possible (#5440)
* Start using Ansible's config manager to handle options.

* Docs improvements.

* Fix documentation, make options actual lookup options.

* The cyberarkpassword lookup does too strange things.

* The onepassword lookups are converted in #4728, let's not interfere.

* Improve docs.

* Skip shelvefile as well.

* Convert lmdb_kv.

* Convert and fix credstash.

* Convert manifold.

* Drop chef_databag.

* Convert dig.

* Update examples.

* Forgot the most important part.

* Fix lmdb_kv docs.

* Python 2.6 compatibility.

* Convert AnsibleUnicode to str.

* Load lookup with lookup loader.

* Fix environment handling and error message checking.

* Improve docs formatting.
2022-11-01 21:58:46 +01:00
Felix Fontein
5f4e593116 Revert "Fix non-matching defaults in docs (#5446)"
This reverts commit a978bff2c7.
2022-11-01 19:12:21 +01:00
Felix Fontein
a978bff2c7
Fix non-matching defaults in docs (#5446)
* Allow to pass options as lookup options.

* Adjust tests.

* Fix non-matching defaults.
2022-11-01 18:11:02 +01:00
Jan-Piet Mens
df34a7b0f2 add option to force dig lookup to return empty list instead of list of empty strings. (#5439)
fixes https://github.com/ansible-collections/community.general/issues/5428
2022-10-29 10:51:03 +02:00
betuxy
394647df84
bitwarden: Add field to search for all item attributes, instead of on… (#5297)
* bitwarden: Add field to search for all item attributes, instead of only name.

* bitwarden: Add change to changelog.

* bitwarden: Update changelog entry.

* Update changelogs/fragments/5297-bitwarden-add-search-field.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/bitwarden.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/bitwarden.py

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Ole Pannbacker <opannbacker@cronon.net>
Co-authored-by: Felix Fontein <felix@fontein.de>
2022-10-01 18:19:39 +02:00
Felix Fontein
015566fb06
Normalize more booleans. (#5247) 2022-09-06 20:42:17 +02:00
Felix Fontein
19ce50f6b9
Adjust booleans in misc plugins. (#5161) 2022-08-24 20:00:39 +02:00
Tom Reeb
9f39294f50
adding nested try block for tss.py to import new Delinea library (#5151)
* adding nested try block to import delinea library

* whitespace

* Update plugins/lookup/tss.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* adding changelog fragment

* Update changelogs/fragments/5151-add-delinea-support-tss-lookup.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Tom Reeb <Thomas.Reeb_e@morganlewis.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
2022-08-23 21:53:06 +02:00
Michal Hybner
3c2d7eb193
dig: Fix evaluation of boolean parameters (#5129)
* Add lookup_dig tests

* Fix boolean evaluation

* Add changelog fragment

* Apply review changes

* Add license
2022-08-20 14:31:15 +02:00
Felix Fontein
424d706f92
Fix more copyright lines, add more default copyright lines (#5095)
* Fix copyright lines.

* Add default copyright line.
2022-08-08 14:24:58 +02:00
Felix Fontein
2a9fd7359f
Add more license statements (#5079)
* Add more license statements. These were modified manually incorporating existing data.

* Remove accidentally added line.
2022-08-07 13:37:23 +02:00
Felix Fontein
496bf27b5c
Fix copyright lines (make sure 'Copyright' is there). (#5083) 2022-08-05 22:12:10 +02:00
Felix Fontein
123c7efe5e
Move licenses to LICENSES/, run add-license.py, add LICENSES/MIT.txt (#5065)
* Move licenses to LICENSES/, run add-license.py, add LICENSES/MIT.txt.

* Replace 'Copyright:' with 'Copyright'

sed -i 's|Copyright:\(.*\)|Copyright\1|' $(rg -l 'Copyright:')

Co-authored-by: Maxwell G <gotmax@e.email>
2022-08-05 12:28:29 +02:00
Jonathan Lung
ab0cd83bb1
New lookup plug-in: bitwarden (#5012)
* Basic support for Bitwarden lookups

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Update plugins/lookup/bitwarden.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/bitwarden.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/bitwarden.py

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: jonathan lung <lungj@heresjono.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2022-08-01 10:00:05 +02:00
Jonathan Lung
e8e6b9bbd7
lastpass lookup: use config manager, improve documentation (#5022)
* LastPass lookup: use config manager, improve documentation

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update changelogs/fragments/5022-lastpass-lookup-cleanup.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: jonathan lung <lungj@heresjono.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
2022-08-01 09:36:07 +02:00
Sylvia van Os
3eb29eb4b6
Fix returnall for gopass (#5027)
* Fix returnall for gopass

Gopass was always given the --password flag, despite there being no need for this.

* Add changelog fragment

Co-authored-by: Sylvia van Os <sylvia.van.os@politie.nl>
2022-07-29 14:24:15 +02:00
Benjamin
2662bc881f
Introduce dig lookup argument fail_on_error (#4973)
with default False for backwards compatibility.

Allows fail-fast behavior on lookup failures instead of returning strings and continuing.
2022-07-24 12:08:47 +02:00
Sylvia van Os
c31e6413f2
Fix path detection for gopass (#4955)
* Fix path detection for gopass

As per fc8c9a2286/docs/features.md (initializing-a-password-store), gopass defaults to ~/.local/share/gopass/stores/root for its password store root location.

However, the user can also override this, and this will be stored in the gopass config file (ed7451678c/docs/config.md (configuration-options)).

This patch ensures that the config setting in gopass is respected, falling back to the default gopass path. pass' behaviour remains unchanged.

* Formatting improvements

Co-authored-by: Felix Fontein <felix@fontein.de>

* Add changelog fragment

* Formatting improvement

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2022-07-21 07:19:31 +02:00
andrii-zakurenyi
7ffa2b525c
Do not ignore tld option in DSV lookup plugin (#4911)
* Do not ignore tld option in DSV lookup plugin

* add changelog fragment

* Update changelogs/fragments/4911-dsv-honor-tld-option.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
2022-07-04 20:25:34 +02:00
Felix Fontein
aa4c994dfd
Fix docs. (#4881) 2022-06-22 13:36:23 +02:00
grembo
006f3bfa89
passwordstore: Make compatible with shims (#4780)
* passwordstore: Make compatible with shims, add backend config

This allows using the passwordstore plugin with scripts that wrap other
password managers. Also adds an explicit configuration (`backend` in
`ini` and `passwordstore_backend` in `vars`) to set the backend to `pass`
(the default) or `gopass`, which allows using gopass as the backend
without the need of a wrapper script. Please be aware that gopass
support is currently limited, but will work for basic operations.

Includes integrations tests.

Resolves #4766

* Apply suggestions from code review
2022-06-15 08:08:04 +02:00
Markus Bergholz
b6e652b440
fix trailing whitespace after parameter (#4765) 2022-06-03 18:41:04 +02:00
Jan-Piet Mens
511e8e27ac
dig: remove support for the DLV record as the registry was decomissioned (#4613)
* Remove support for the DLV record as the registry was decomissioned

The DLV registry was decomissioned in 2017 (https://www.isc.org/blogs/dlv/) so it's high time we remove support for DLV records.

* Remove DLV deprecation.

Co-authored-by: Felix Fontein <felix@fontein.de>
2022-05-23 11:50:39 +02:00
Sam Doran
9e1af2d1bc
onepassword - Get first found config file (#4640)
* Get first found configuration file

There are three valid places to get the configuration.

https://developer.1password.com/docs/cli/about-biometric-unlock#remove-old-account-information

* Use common config class

* Add changelog fragment

* Explicitly use new style classes for Python 2.7 compatibility

This shouldn’t matter for lookups, but does matter for module_utils
and modules since Python 2.7 is still supported on the managed node.

* Update changelogs/fragments/4065-onepassword-config.yml

Co-authored-by: Felix Fontein <felix@fontein.de>
2022-05-09 07:24:35 +02:00
Felix Fontein
b711038b3b
dig lookup: deprecate DLV record type (#4618)
* Deprecate DLV record type.

* Use correct name.
2022-05-05 08:18:04 +02:00
Felix Fontein
f055f47161
Document all filter and test plugins (#4597)
* Fix/improve docs.

* Document the a_module test.

* Document the dict filter.

* Linting.

* Add more filter docs.

* More filters.

* Update BOTMETA.

* Add another plugin.

* Fix typos.

* Add explicit entries.

* Fix lookup documentation.
2022-05-02 07:25:45 +02:00
Ricky White
e7ffa76db6
Bug fix: Warns user if incorrect SDK version is installed (#4422)
* Add error handling to check correct SDK version installed

* Fix CI errors

* Added changelog fragment

* Changed exeption type

* Update changelogs fragment

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
2022-04-05 07:25:41 +02:00
Felix Fontein
ca2c64b5ca
Fix sanity issues. (#4346) 2022-03-14 20:56:27 +01:00
Josef Fuchs
c0415b9fae
Update doc. tss.py (env REQUESTS_CA_BUNDLE) (#4338)
* Update doc. tss.py (env REQUESTS_CA_BUNDLE)

Add a reference to environment variable REQUESTS_CA_BUNDLE to enable using self signed certificates (on-prem server) in documentation.

* Update tss.py

Remove trailing blank

* Update plugins/lookup/tss.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/tss.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/tss.py

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
2022-03-11 06:55:08 +01:00
grembo
2416b81aa4
passwordstore: Add configurable locking (#4194)
* passwordstore: Add configurable locking

Passwordstore cannot be accessed safely in parallel, which causes
various issues:

- When accessing the same path, multiple different secrets are
  returned when the secret didn't exist (missing=create).
- When accessing the same _or different_ paths, multiple pinentry
  dialogs will be spawned by gpg-agent sequentially, having to enter
  the password for the same gpg key multiple times in a row.
- Due to issues in gpg dependencies, accessing gpg-agent in parallel
  is not reliable, causing plays to fail (this can be fixed by adding
  `auto-expand-secmem` to _~/.gnupg/gpg-agent.conf_ though).

These problems have been described in various github issues in the past,
e.g., ansible/ansible#23816 and ansible/ansible#27277.

This cannot be worked around in playbooks by users in a non-error-prone
way.

It is addressed by adding new configuration options:

- lock:
  - readwrite: Lock all operations
  - write: Only lock write operations (default)
  - none: Disable locking
- locktimeout: Time to wait for getting a lock (s/m/h suffix)
  (defaults to 15m)

These options can also be set in ansible.cfg, e.g.:

    [passwordstore_lookup]
    lock=readwrite
    locktimeout=30s

Also, add a note about modifying gpg-agent.conf.

* Tidy up locking config

There is no reason why lock configuration should be part of self.paramvals.
Now locking and its configuration happen all in one place.

* Change timeout description wording to the suggested value.

* Rearrange plugin setup, apply PR feedback
2022-02-21 21:14:17 +01:00
grembo
77a0c139c9
passwordstore: Fix error detection for non-English locales (#4219)
The passwordstore lookup plugin depends on parsing GnuPG's
error messages in English language. As a result, detection of
a specific error failes when users set a different locale.

This change corrects this by setting the `LANGUAGE` environment
variable to `C` when invoking `pass`, as this only affects
gettext translations.

See
https://www.gnu.org/software/gettext/manual/html_node/The-LANGUAGE-variable.html
2022-02-17 22:00:02 +01:00
grembo
da49c0968d
passwordstore: Prevent using path as password (#4192)
Given a password stored in _path/to/secret_, requesting the password
_path/to_ will literally return `path/to`. This can lead to using
weak passwords by accident/mess up logic in code, based on the
state of the password store.

This is worked around by applying the same logic `pass` uses:
If a password was returned, check if there is a .gpg file it could
have come from. If not, treat it as missing.

Fixes ansible-collections/community.general#4185
2022-02-17 20:58:36 +01:00
Lee Garrett
d19ab93faf
Fix example code for flattened lookup (#4013)
Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
2022-01-09 11:11:56 +01:00
Felix Fontein
77b7b4f75b
Get rid of distutils.spawn and distutils.util (#3934)
* Replace distutils.spawn.find_executable.

* Replace distutils.util.strtobool.
2022-01-04 06:56:28 +01:00
Felix Fontein
59bbaeed77
Docs improvements. (#3893) 2021-12-12 11:01:14 +01:00
RevBits, LLC
25e80762aa
RevBits PAM Secret Server Plugin (#3405)
* RevBits PAM Secret Server Plugin

* Update revbitspss.py

* Update plugins/lookup/revbitspss.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/revbitspss.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/revbitspss.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/revbitspss.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/revbitspss.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/revbitspss.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Fixes based on feedback from Ansible

* Fixes for auto tests

* module updated

* f string changed

* maintainer added

* maintainer added

* maintainer added

* review updates

* test added

* test added

* test added

* revisions updtes

* revisions updtes

* revisions updtes

* file removed

* unit test added

* suggestions updated

* suggestions updated

* Update plugins/lookup/revbitspss.py

* Update plugins/lookup/revbitspss.py

* Update plugins/lookup/revbitspss.py

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Zubair Hassan <zubair.hassan@invozone.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2021-11-22 13:49:51 +01:00
Felix Fontein
5b10f8234c
Add collection_version lookup (#3633)
* Add collection_verison lookup plugin.

* Document ansible-base 2.10 and ansible-core 2.11 special case.

* Add default for result_not_found.

* Simplify not existing test.

* Move metadata loading to function.

* Update plugins/lookup/collection_version.py

Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>

* Extend tests.

* Fix tests for ansible-core < 2.12.

Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
2021-11-01 19:01:52 +01:00
Thomas Sjögren
c40db6789a
add random_words lookup plugin, based on the xkcdpass module (#3588)
* add random_words lookup plugin, based on the xkcdpass module

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>

* add maintainer in BOTMETA

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>

* Update plugins/lookup/random_words.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/random_words.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/random_words.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/random_words.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/lookup/random_words.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update tests/integration/targets/lookup_random_words/test.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update tests/integration/targets/lookup_random_words/test.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* ignore E402, place imports below documentation

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>

Co-authored-by: Felix Fontein <felix@fontein.de>
2021-10-27 22:37:28 +02:00
Felix Fontein
a68445486e
Remove and redirect all infoblox/nios content (#3592)
* Remove and redirect all infoblox/nios content.

* Remove ignore.txt entries.

* Update BOTMETA.
2021-10-21 08:02:06 +02:00
Martin Vician
dc8d076a25
tss: add option for token authorization (#3327)
* Added token parameter for AccessTokenAuthorizer

Parameters username and password are not required anymore because of
this.

* Added changelog fragments

* Apply suggestions from code review

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>

* token authorizer is prioritized

token authorizer is prioritized when token parameter is set

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* domain optional if token not provided

* Updated examples

- `base_url` is required everywhere
- examples for user, name + domain authorization included
- token authorization included

* Update 3327-tss-token-authorization.yml

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
2021-09-14 13:34:59 +02:00
Ajpantuso
cbcb942b0e
tss_lookup_plugin - Refactor and decoupling (#3252)
* Initial commit

* Adding changelog fragment

* Applying initial review suggestions

* Increasing unit coverage

* Removed unneccessary constant

* Improving test readability

* Cleanup constants
2021-08-25 06:41:05 +02:00
Matt 'Archer' Vaughn
23e7ef0255
Add option for retry_servfail (#3247)
* Add option for retry_servfail

cf. https://dnspython.readthedocs.io/en/latest/resolver-class.html#dns.resolver.Resolver.retry_servfail

Setting this option to `True` allows for the possibility of the lookup plugin to retry and thereby recover from potentially transient lookup failures, which would otherwise cause the task or play to bail with an unrecoverable exception.

* Create 3247-retry_servfail-for-dig

* documentation for `retry_servfail` option

* Rename 3247-retry_servfail-for-dig to 3247-retry_servfail-for-dig.yaml

* fix whitespace

* Update plugins/lookup/dig.py

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>

* Update plugins/lookup/dig.py

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>

* rm try/except block

Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
2021-08-21 21:57:28 +02:00
Martin Vician
bcccf4e388
Add option for domain authorization (#3228)
Use DomainPasswordGrantAuthorizer if parameter `domain` is used.
2021-08-20 13:54:29 +02:00
Ricky White
6ac410b3f6
tss: added fix for bug report in issue #3192 (#3199)
* Added fix for bug report in issue #3192

* Added changelog fragment

* Typo fix

* Added Importerror to exception - as req by linters

* Moved the conditional import statement to try/except block
2021-08-18 09:26:44 +02:00
Alexei Znamensky
771e9de010
mass-added the utf-8 marker (#3163)
* added the utf-8 marker

* fixed the utf-8 marker where it was missde before
2021-08-08 10:40:22 +02:00