Add ability to ignore error on missing pass file to allow processing the
output further via another filters (mainly the default filter) without
updating the pass file itself.
It also contains the option to create the pass file, like the option
create=true does.
Finally, it also allows to issue a warning only, if the pass file is not
found.
* Add dependent lookup plugin.
* Use correct YAML booleans.
* Began complete rewrite.
* Only match start of error msg.
* Improve tests.
* Work around old Jinja2 versions.
* Fix metadata.
* Fix filter name.
* convert string returned by plugin to unicode
* add changelog fragment
* fix changelog format
* fix changelog format yet again
Co-authored-by: Anubhav Chakraborty <anubchak@cisco.com>
* with_filetree: use splitext for compatibility with template
The example code given deploys files with their .j2 extensions intact, which is probably not what you want.
* Explain how templates interact with splitext|first
* Update plugins/lookup/filetree.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Don't encourage setting the mode of symlinks
On ext4, maybe most filesystems, symlinks always have the artificial mode of 0777, and `chmod $mode $symlink` *writes through* the symlink to its target file.
An effect of this is that if you deploy a file and a symlink to it (e.g. this common situation: /etc/nginx/sites-available/default and /etc/nginx/sites-enabled/default -> ../sites-available/default) then `with_filetree` will forever first deploy the file with the right mode, then corrupt its mode to 0777, and every redeploy will see a change to fix, forever in a loop.
Probably `file:` should refuse `mode:` on `state: link`s, but in the meantime, avoid recommending it in `filetree`
* Use `follow: false` instead of just the mode.
This should be more cross-compatible.
https://github.com/ansible-collections/community.general/pull/2285#discussion_r616571873
* Update plugins/lookup/filetree.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Adding another example for tss lookup
A more detailed example using self-hosted secrets server as investigated in #1943
* Update plugins/lookup/tss.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Better line breaking
* Update plugins/lookup/tss.py
Seconded!
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove newline to pass tests
* Update plugins/lookup/tss.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix passwordstore.py to be compatible with gopass.
...even when used with create=true.
The same output snippet matches for both, `pass` and `gopass`, but while `pass` returns `1` on a non-existant password, `gopass` returns `10`, or `11`, depending on whether a similar named password was stored.
So I'd propose to change `e.returncode == 1` to `e.returncode != 0` to cover both cases here.
What do you think?
* Update passwordstore.py, fix typo
* Add changelog fragment.
* Update changelogs/fragments/1589-passwordstore-fix-passwordstore.py-to-be-compatible-with-gopass.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/1589-passwordstore-fix-passwordstore.py-to-be-compatible-with-gopass.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Find the password field out of the fields list
With the command line utility `op` version 1.8, the password field exists, while the fields list is empty. This will look for the desired field without it being listed in the fields list.
* Add changelog fragment
* Update changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/onepassword.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update tss.py - multiline for an example
Extended line runs past the side of the browser window
* Moved multiline to after the msg.
Cannot believe I missed that again.
* Updated tss.py
Using > as multiline joiner with spaces
* Remove Google cloud plugins migrated to community.google
* Remove another symlink
* Fix typo for community.general version
* Update changelogs/fragments/1319-google-migration-removal.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/1319-google-migration-removal.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add fragment for inventory script
* fix yaml formatting
* adjust past relnotes in accordance with removal of google plugins
Co-authored-by: Felix Fontein <felix@fontein.de>
* Added umask option to passwordstore lookup plugin.
* Added umask documentation and changelog fragment.
* Added default values to paramvals within the run method.
* removed blank lines (PEP8)
* Update changelogs/fragments/lookup-passwordstore-umask.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/passwordstore.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/lookup-passwordstore-umask.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* passwordstore lookup plugin: changelog fragment update
* passing environment variables to subprocess.Popen()
* Update plugins/lookup/passwordstore.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* rm trailing whitespace
* Don't force default umask in the plugin, pass will take care of this.
* remove default from the documentation string
* remove trailing whitespaces
* prevent KeyErrors when checking if key exits in paramvals.
* Update plugins/lookup/passwordstore.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix for TypeError
* revert back to old directory test
Co-authored-by: bratw0rst <c.chmiel@speakup.nl>
Co-authored-by: Felix Fontein <felix@fontein.de>
As per the plugin documentation and the Hashicorp Vault documentation (https://www.vaultproject.io/docs/auth/approle#secretid)
secret_id is not mandatory.
Moreover, using this lookup plugin without a secret_id used to work in
Ansible 2.9.
Co-authored-by: Jonathan Piron <jonathanpiron@gmail.com>
* Add support for Hashicorp Vault JWT auth
* Add support for HashiCorp Vault JWT auth (continued)
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Co-authored-by: Mike Brancato <mike@mikebrancato.com>
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
* callback_type -> type.
* Mark authors as unknown.
* Add author field forgotten in #627.
* Fix author entries.
* Add author field forgotten in #127.
* Fix some types.
As per https://learn.hashicorp.com/tutorials/vault/namespaces, setting VAULT_NAMESPACE env var is a completely supported mechanism to make all vault command use said namespace, so hashi_vault lookup function should do the same.
Co-authored-by: Holt Wilkins <hwilkins@palantir.com>
* Fix deprecation of callables.
* Fix various sanity errors.
* Revert callback_type -> type transform.
* Fix stat_result times: these are float according to https://github.com/python/typeshed/blob/master/stdlib/3/os/__init__.pyi
* Apply suggestions from code review
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add the Thycotic Secret Server lookup plugin.
* Update plugins/lookup/tss.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix import error check per code review.
* Apply suggestions from code review
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Trivial changes based on suggestions from code review.
* Add a unittest for plugins/lookup/tss.py
* Add copyrights.
* Fixed formatting bug in test_tss.py
* Fix formatting bugs in tss.py and test_tss.py
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* - Redirecting to correct collection
- Removing the plugin and adding changelog and deprecation
* Making suggested changes
* Earlier version on leftovers
* Update changelogs/fragments/cyberarkconjur-removal.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* suppress exceptions for optional env variables
* Options handling switched to "get_option" approach
* Put back _raw option for documentation purposes
* Fix url option description
* remove ini section
* Docs fixed
* force rebuild to fix aix tests
* Point returned in order to have full sentence in description
* Add general arguments fix information to changelog fragments
* Add PR link to changelog fragments
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix port/scheme handlng in case they weren't provided in URL argument
* Add argument type for url
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Denis Savenko <denis.savenko@tonicforhealth.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Adjust deprecation versions.
* Remove redirects that are already made in ansible/ansible's ansible_builtin_runtime.yml
* Remove modules that were moved to the google.cloud collection according to ansible/ansible's ansible_builtin_runtime.yml.
* The _info module is in google.cloud.
* The gcp doc_fragment is a copy of the one in google.cloud and is only used by one lookup. Mark as deprecated/internal.
* Remove entries of modules that no longer exist.
* Update ignore.txt.
* Try to fix test.
* Remove debug output.
* Add version_added: 1.0.0 for all new features added before pre-ansible-base.
* Add version_added: 1.0.0 for all new features.
* Next release will be 0.2.0
* Fix error.
* Remove unnecessary warnings.
* add sops lookup plugin
* fix pylint
* fix undefined encrypted_file variable
* decode sops output as text by default
* add variable to control decrypted content print in logs
* use Sops class decryption method
* lookup should return text, use appropriate ansible facility
* use ansible.module_utils._text.to_native
As required by Ansible documentation on [raising errors][raising-errors]
from plugins, use to_native to wrap errors to ensure string compatibility
between Python versions.
[raising-errors]: https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html#id3
* use with_items instead of with_file in sops lookup documentation
[with_file][with-file], per Ansible documentation, returns the content of
the file. As sops is not able to decrypt a string by itself but requires
the file is passed as argument, passing the content breaks the lookup
plugin as reported by [here][bug-report].
[with_items][with-items] should be used instead.
[with-file]: https://docs.ansible.com/ansible/2.4/playbooks_loops.html#looping-over-files
[with-items]: https://docs.ansible.com/ansible/2.4/playbooks_loops.html#standard-loops
[bug-report]: https://github.com/ansible/ansible/pull/59639#issuecomment-540803722
* uniform sops exception handling between plugins
* Apply suggestions from code review
Co-Authored-By: Felix Fontein <felix@fontein.de>
* remove sops lookup plugin print option
Is no longer possible to print the decrypted secrets directly from this
plugin, but `debug` module can be used instead.
* add github handle to author
* add setup_sops integration target
* extract sops module
* add lookup_sops integration tests
* use sops module
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/files/simple.sops.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Adding aliases file
* Emtpy spaces
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* gpg -> gnupg2
* with_items -> loop
* Move error logic to module_utils.
* Make Sops.decrypt() also handle errors and decode output.
* Improve error handling.
* Improve example formatting.
* Reorganize tests.
* Add test.
* Remove version_added.
Co-authored-by: Edoardo Tenani <edoardo.tenani@protonmail.com>
Co-authored-by: Edoardo Tenani <edoardo.tenani@gmail.com>
Co-authored-by: Edoardo T <endorama@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
