* Adding another example for tss lookup
A more detailed example using self-hosted secrets server as investigated in #1943
* Update plugins/lookup/tss.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Better line breaking
* Update plugins/lookup/tss.py
Seconded!
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove newline to pass tests
* Update plugins/lookup/tss.py
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 677ab8e383)
Co-authored-by: Jim Speir <jimbo80982@gmail.com>
* fix passwordstore.py to be compatible with gopass.
...even when used with create=true.
The same output snippet matches for both, `pass` and `gopass`, but while `pass` returns `1` on a non-existant password, `gopass` returns `10`, or `11`, depending on whether a similar named password was stored.
So I'd propose to change `e.returncode == 1` to `e.returncode != 0` to cover both cases here.
What do you think?
* Update passwordstore.py, fix typo
* Add changelog fragment.
* Update changelogs/fragments/1589-passwordstore-fix-passwordstore.py-to-be-compatible-with-gopass.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/1589-passwordstore-fix-passwordstore.py-to-be-compatible-with-gopass.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 73b3ec09e5)
Co-authored-by: Paul Haerle <hello@phaer.org>
* Find the password field out of the fields list
With the command line utility `op` version 1.8, the password field exists, while the fields list is empty. This will look for the desired field without it being listed in the fields list.
* Add changelog fragment
* Update changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/onepassword.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 5b1bede4cb)
Co-authored-by: Roberto Aguilar <r@rreboto.com>
* Update tss.py - multiline for an example
Extended line runs past the side of the browser window
* Moved multiline to after the msg.
Cannot believe I missed that again.
* Updated tss.py
Using > as multiline joiner with spaces
* Added umask option to passwordstore lookup plugin.
* Added umask documentation and changelog fragment.
* Added default values to paramvals within the run method.
* removed blank lines (PEP8)
* Update changelogs/fragments/lookup-passwordstore-umask.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/passwordstore.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/lookup-passwordstore-umask.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* passwordstore lookup plugin: changelog fragment update
* passing environment variables to subprocess.Popen()
* Update plugins/lookup/passwordstore.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* rm trailing whitespace
* Don't force default umask in the plugin, pass will take care of this.
* remove default from the documentation string
* remove trailing whitespaces
* prevent KeyErrors when checking if key exits in paramvals.
* Update plugins/lookup/passwordstore.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix for TypeError
* revert back to old directory test
Co-authored-by: bratw0rst <c.chmiel@speakup.nl>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 28ac4b79e2)
Co-authored-by: bratw0rst <42434435+bratw0rst@users.noreply.github.com>
As per the plugin documentation and the Hashicorp Vault documentation (https://www.vaultproject.io/docs/auth/approle#secretid)
secret_id is not mandatory.
Moreover, using this lookup plugin without a secret_id used to work in
Ansible 2.9.
Co-authored-by: Jonathan Piron <jonathanpiron@gmail.com>
(cherry picked from commit 6cec8759d0)
Co-authored-by: Jonathan Piron <jonathan@piron.at>
* Add support for Hashicorp Vault JWT auth
* Add support for HashiCorp Vault JWT auth (continued)
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Co-authored-by: Mike Brancato <mike@mikebrancato.com>
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
(cherry picked from commit 64c6f20b55)
Co-authored-by: Erik Godding Boye <egboye@gmail.com>
* callback_type -> type.
* Mark authors as unknown.
* Add author field forgotten in #627.
* Fix author entries.
* Add author field forgotten in #127.
* Fix some types.
(cherry picked from commit e5da25915d)
Co-authored-by: Felix Fontein <felix@fontein.de>
As per https://learn.hashicorp.com/tutorials/vault/namespaces, setting VAULT_NAMESPACE env var is a completely supported mechanism to make all vault command use said namespace, so hashi_vault lookup function should do the same.
Co-authored-by: Holt Wilkins <hwilkins@palantir.com>
(cherry picked from commit 1a5702cf21)
Co-authored-by: holtwilkins <5665043+holtwilkins@users.noreply.github.com>
* Fix deprecation of callables.
* Fix various sanity errors.
* Revert callback_type -> type transform.
* Fix stat_result times: these are float according to https://github.com/python/typeshed/blob/master/stdlib/3/os/__init__.pyi
* Apply suggestions from code review
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
(cherry picked from commit 7cf472855c)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add the Thycotic Secret Server lookup plugin.
* Update plugins/lookup/tss.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix import error check per code review.
* Apply suggestions from code review
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Trivial changes based on suggestions from code review.
* Add a unittest for plugins/lookup/tss.py
* Add copyrights.
* Fixed formatting bug in test_tss.py
* Fix formatting bugs in tss.py and test_tss.py
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* - Redirecting to correct collection
- Removing the plugin and adding changelog and deprecation
* Making suggested changes
* Earlier version on leftovers
* Update changelogs/fragments/cyberarkconjur-removal.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* suppress exceptions for optional env variables
* Options handling switched to "get_option" approach
* Put back _raw option for documentation purposes
* Fix url option description
* remove ini section
* Docs fixed
* force rebuild to fix aix tests
* Point returned in order to have full sentence in description
* Add general arguments fix information to changelog fragments
* Add PR link to changelog fragments
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix port/scheme handlng in case they weren't provided in URL argument
* Add argument type for url
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Denis Savenko <denis.savenko@tonicforhealth.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Adjust deprecation versions.
* Remove redirects that are already made in ansible/ansible's ansible_builtin_runtime.yml
* Remove modules that were moved to the google.cloud collection according to ansible/ansible's ansible_builtin_runtime.yml.
* The _info module is in google.cloud.
* The gcp doc_fragment is a copy of the one in google.cloud and is only used by one lookup. Mark as deprecated/internal.
* Remove entries of modules that no longer exist.
* Update ignore.txt.
* Try to fix test.
* Remove debug output.
* Add version_added: 1.0.0 for all new features added before pre-ansible-base.
* Add version_added: 1.0.0 for all new features.
* Next release will be 0.2.0
* Fix error.
* Remove unnecessary warnings.
* add sops lookup plugin
* fix pylint
* fix undefined encrypted_file variable
* decode sops output as text by default
* add variable to control decrypted content print in logs
* use Sops class decryption method
* lookup should return text, use appropriate ansible facility
* use ansible.module_utils._text.to_native
As required by Ansible documentation on [raising errors][raising-errors]
from plugins, use to_native to wrap errors to ensure string compatibility
between Python versions.
[raising-errors]: https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html#id3
* use with_items instead of with_file in sops lookup documentation
[with_file][with-file], per Ansible documentation, returns the content of
the file. As sops is not able to decrypt a string by itself but requires
the file is passed as argument, passing the content breaks the lookup
plugin as reported by [here][bug-report].
[with_items][with-items] should be used instead.
[with-file]: https://docs.ansible.com/ansible/2.4/playbooks_loops.html#looping-over-files
[with-items]: https://docs.ansible.com/ansible/2.4/playbooks_loops.html#standard-loops
[bug-report]: https://github.com/ansible/ansible/pull/59639#issuecomment-540803722
* uniform sops exception handling between plugins
* Apply suggestions from code review
Co-Authored-By: Felix Fontein <felix@fontein.de>
* remove sops lookup plugin print option
Is no longer possible to print the decrypted secrets directly from this
plugin, but `debug` module can be used instead.
* add github handle to author
* add setup_sops integration target
* extract sops module
* add lookup_sops integration tests
* use sops module
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/files/simple.sops.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Adding aliases file
* Emtpy spaces
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* gpg -> gnupg2
* with_items -> loop
* Move error logic to module_utils.
* Make Sops.decrypt() also handle errors and decode output.
* Improve error handling.
* Improve example formatting.
* Reorganize tests.
* Add test.
* Remove version_added.
Co-authored-by: Edoardo Tenani <edoardo.tenani@protonmail.com>
Co-authored-by: Edoardo Tenani <edoardo.tenani@gmail.com>
Co-authored-by: Edoardo T <endorama@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>