ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity
community.general/plugins/lookup
History
grembo 2416b81aa4
passwordstore: Add configurable locking (#4194) 
* passwordstore: Add configurable locking

Passwordstore cannot be accessed safely in parallel, which causes
various issues:

- When accessing the same path, multiple different secrets are
  returned when the secret didn't exist (missing=create).
- When accessing the same _or different_ paths, multiple pinentry
  dialogs will be spawned by gpg-agent sequentially, having to enter
  the password for the same gpg key multiple times in a row.
- Due to issues in gpg dependencies, accessing gpg-agent in parallel
  is not reliable, causing plays to fail (this can be fixed by adding
  `auto-expand-secmem` to _~/.gnupg/gpg-agent.conf_ though).

These problems have been described in various github issues in the past,
e.g., ansible/ansible#23816 and ansible/ansible#27277.

This cannot be worked around in playbooks by users in a non-error-prone
way.

It is addressed by adding new configuration options:

- lock:
  - readwrite: Lock all operations
  - write: Only lock write operations (default)
  - none: Disable locking
- locktimeout: Time to wait for getting a lock (s/m/h suffix)
  (defaults to 15m)

These options can also be set in ansible.cfg, e.g.:

    [passwordstore_lookup]
    lock=readwrite
    locktimeout=30s

Also, add a note about modifying gpg-agent.conf.

* Tidy up locking config

There is no reason why lock configuration should be part of self.paramvals.
Now locking and its configuration happen all in one place.

* Change timeout description wording to the suggested value.

* Rearrange plugin setup, apply PR feedback
2022-02-21 21:14:17 +01:00
..
cartesian.py
chef_databag.py
collection_version.py Add collection_version lookup (#3633) 2021-11-01 19:01:52 +01:00
consul_kv.py
credstash.py
cyberarkpassword.py
dependent.py
dig.py
dnstxt.py
dsv.py
etcd.py
etcd3.py Docs improvements. (#3893) 2021-12-12 11:01:14 +01:00
filetree.py
flattened.py Fix example code for flattened lookup (#4013) 2022-01-09 11:11:56 +01:00
hiera.py
keyring.py
lastpass.py
lmdb_kv.py
manifold.py
onepassword.py
onepassword_raw.py
passwordstore.py passwordstore: Add configurable locking (#4194) 2022-02-21 21:14:17 +01:00
random_pet.py
random_string.py
random_words.py add random_words lookup plugin, based on the xkcdpass module (#3588) 2021-10-27 22:37:28 +02:00
redis.py
revbitspss.py RevBits PAM Secret Server Plugin (#3405) 2021-11-22 13:49:51 +01:00
shelvefile.py
tss.py tss: add option for token authorization (#3327) 2021-09-14 13:34:59 +02:00