Skip to content
This repository was archived by the owner on Jun 18, 2021. It is now read-only.

Add a lookup plugin for pass#136

Closed
joshmoore wants to merge 2 commits into
ome:masterfrom
joshmoore:pass-lookup
Closed

Add a lookup plugin for pass#136
joshmoore wants to merge 2 commits into
ome:masterfrom
joshmoore:pass-lookup

Conversation

@joshmoore
Copy link
Copy Markdown
Member

@joshmoore joshmoore commented Oct 4, 2016

Copied from https://github.com/gcoop-libre/ansible-lookup-plugin-pass,
this lookup plugin permits reading encrypted values using https://www.passwordstore.org

By settings ANSIBLE_PASS_PASSWORD_STORE_DIR globally, a non-standard
credentials directory can be chosen.


---
- hosts: localhost
  connection: local
  gather_facts: False
  tasks:
    - debug: msg="{{ lookup('pass', item) }}"
      with_items:
        - "ci/snoopy/sshconfig"

Also looked at:

@joshmoore
Add a lookup plugin for pass
e7559b7 
Copied from https://github.com/gcoop-libre/ansible-lookup-plugin-pass,
this lookup plugin permits reading encrypted values using https://www.passwordstore.org

By settings ANSIBLE_PASS_PASSWORD_STORE_DIR globally, a non-standard
credentials directory can be chosen.

```
---
- hosts: localhost
  connection: local
  gather_facts: False
  tasks:
    - debug: msg="{{ lookup('pass', item) }}"
      with_items:
        - "ci/snoopy/sshconfig"
```

Also looked at:
 * https://github.com/Dissonant-Tech/ansible-lookup-pass
 * https://github.com/morphje/ansible_pass_lookup
 * https://github.com/lbischof/ansible-role-pass
@joshmoore
Copy link
Copy Markdown
Member Author

joshmoore commented Oct 4, 2016

For discussion, primary issue with this seems to be making the jenkins role ever less re-usable. Considering the difficult of setting up snoopy_dir_path, though, I consider this an improvement.

@joshmoore
Copy link
Copy Markdown
Member Author

joshmoore commented Oct 4, 2016

Note: this needs a modification to prevent the generation of passwords unless a flag is set.

@joshmoore
pass: set default length to 0
03fc7ef 
Rather than create a password when none exists, require
the user to set a length > 0. This is especially useful
for detecting that no PASSWORD_STORE_DIR or similar is
unset.
@joshmoore
Copy link
Copy Markdown
Member Author

joshmoore commented Oct 5, 2016

From discussion:

@manics manics added the ON_HOLD label Oct 12, 2016
@snoopycrimecop snoopycrimecop mentioned this pull request Dec 9, 2016
Closed
@snoopycrimecop snoopycrimecop mentioned this pull request Apr 11, 2017
Merged
@manics
Copy link
Copy Markdown
Member

manics commented Apr 19, 2017

http://docs.ansible.com/ansible/playbooks_lookups.html#the-passwordstore-lookup 😆

@joshmoore
Copy link
Copy Markdown
Member Author

joshmoore commented Apr 19, 2017

Very cool. Happy to update this as soon as we move to ansible 2.3.

@joshmoore
Copy link
Copy Markdown
Member Author

joshmoore commented Jun 7, 2017

Closing this in favor of using Ansible 2.3's passwordstore support. Currently testing it as a replacement for vault then we can come back to removing snoopy_dir_path.

@joshmoore joshmoore closed this Jun 7, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@sbesson sbesson

Labels

ON_HOLD

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joshmoore @manics @sbesson