1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/plugins/lookup
patchback[bot] 3d2caf3933
passwordstore: Add configurable locking () ()
* passwordstore: Add configurable locking

Passwordstore cannot be accessed safely in parallel, which causes
various issues:

- When accessing the same path, multiple different secrets are
  returned when the secret didn't exist (missing=create).
- When accessing the same _or different_ paths, multiple pinentry
  dialogs will be spawned by gpg-agent sequentially, having to enter
  the password for the same gpg key multiple times in a row.
- Due to issues in gpg dependencies, accessing gpg-agent in parallel
  is not reliable, causing plays to fail (this can be fixed by adding
  `auto-expand-secmem` to _~/.gnupg/gpg-agent.conf_ though).

These problems have been described in various github issues in the past,
e.g.,  and .

This cannot be worked around in playbooks by users in a non-error-prone
way.

It is addressed by adding new configuration options:

- lock:
  - readwrite: Lock all operations
  - write: Only lock write operations (default)
  - none: Disable locking
- locktimeout: Time to wait for getting a lock (s/m/h suffix)
  (defaults to 15m)

These options can also be set in ansible.cfg, e.g.:

    [passwordstore_lookup]
    lock=readwrite
    locktimeout=30s

Also, add a note about modifying gpg-agent.conf.

* Tidy up locking config

There is no reason why lock configuration should be part of self.paramvals.
Now locking and its configuration happen all in one place.

* Change timeout description wording to the suggested value.

* Rearrange plugin setup, apply PR feedback

(cherry picked from commit 2416b81aa4)

Co-authored-by: grembo <freebsd@grem.de>
2022-02-21 21:37:47 +01:00
..
cartesian.py
chef_databag.py
collection_version.py Add collection_version lookup () 2021-11-01 19:01:52 +01:00
consul_kv.py
credstash.py
cyberarkpassword.py
dependent.py
dig.py Add option for retry_servfail () 2021-08-21 21:57:28 +02:00
dnstxt.py
dsv.py
etcd.py
etcd3.py Docs improvements. () () 2021-12-12 11:46:31 +01:00
filetree.py
flattened.py Fix example code for flattened lookup () () 2022-01-09 12:29:22 +01:00
hiera.py
keyring.py
lastpass.py
lmdb_kv.py
manifold.py
onepassword.py
onepassword_raw.py
passwordstore.py passwordstore: Add configurable locking () () 2022-02-21 21:37:47 +01:00
random_pet.py
random_string.py
random_words.py add random_words lookup plugin, based on the xkcdpass module () 2021-10-27 22:37:28 +02:00
redis.py
revbitspss.py RevBits PAM Secret Server Plugin () () 2021-11-22 19:26:48 +01:00
shelvefile.py
tss.py tss: add option for token authorization () 2021-09-14 13:34:59 +02:00