mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
3d2caf3933
* passwordstore: Add configurable locking
Passwordstore cannot be accessed safely in parallel, which causes
various issues:
- When accessing the same path, multiple different secrets are
returned when the secret didn't exist (missing=create).
- When accessing the same _or different_ paths, multiple pinentry
dialogs will be spawned by gpg-agent sequentially, having to enter
the password for the same gpg key multiple times in a row.
- Due to issues in gpg dependencies, accessing gpg-agent in parallel
is not reliable, causing plays to fail (this can be fixed by adding
`auto-expand-secmem` to _~/.gnupg/gpg-agent.conf_ though).
These problems have been described in various github issues in the past,
e.g., ansible/ansible#23816 and ansible/ansible#27277.
This cannot be worked around in playbooks by users in a non-error-prone
way.
It is addressed by adding new configuration options:
- lock:
- readwrite: Lock all operations
- write: Only lock write operations (default)
- none: Disable locking
- locktimeout: Time to wait for getting a lock (s/m/h suffix)
(defaults to 15m)
These options can also be set in ansible.cfg, e.g.:
[passwordstore_lookup]
lock=readwrite
locktimeout=30s
Also, add a note about modifying gpg-agent.conf.
* Tidy up locking config
There is no reason why lock configuration should be part of self.paramvals.
Now locking and its configuration happen all in one place.
* Change timeout description wording to the suggested value.
* Rearrange plugin setup, apply PR feedback
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| cartesian.py | ||
| chef_databag.py | ||
| collection_version.py | ||
| consul_kv.py | ||
| credstash.py | ||
| cyberarkpassword.py | ||
| dependent.py | ||
| dig.py | ||
| dnstxt.py | ||
| dsv.py | ||
| etcd.py | ||
| etcd3.py | ||
| filetree.py | ||
| flattened.py | ||
| hiera.py | ||
| keyring.py | ||
| lastpass.py | ||
| lmdb_kv.py | ||
| manifold.py | ||
| onepassword.py | ||
| onepassword_raw.py | ||
| passwordstore.py | ||
| random_pet.py | ||
| random_string.py | ||
| random_words.py | ||
| redis.py | ||
| revbitspss.py | ||
| shelvefile.py | ||
| tss.py | ||