Remove sops lookup (moved to https://github.com/ansible-collections/community.sops). (#518)

plugins/lookup/sops.py

@@ -1,93 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-#  Copyright 2018 Edoardo Tenani <e.tenani@arduino.cc> [@endorama]
-#
-# This file is part of Ansible.
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-from ansible.errors import AnsibleLookupError
-from ansible.plugins.lookup import LookupBase
-from ansible.module_utils._text import to_native
-from ansible_collections.community.general.plugins.module_utils.sops import Sops, SopsError
-
-from ansible.utils.display import Display
-display = Display()
-
-
-DOCUMENTATION = """
-    lookup: sops
-    author: Edoardo Tenani (@endorama) <e.tenani@arduino.cc>
-    short_description: Read sops encrypted file contents
-    version_added: '0.2.0'
-    description:
-        - This lookup returns the contents from a file on the Ansible controller's file system.
-        - This lookup requires the C(sops) executable to be available in the controller PATH.
-    options:
-        _terms:
-            description: path(s) of files to read
-            required: True
-    notes:
-        - This lookup does not understand 'globbing' - use the fileglob lookup instead.
-"""
-
-EXAMPLES = """
-tasks:
-  - name: Output secrets to screen (BAD IDEA!)
-    debug:
-        msg: "Content: {{ lookup('sops', item) }}"
-    loop:
-        - sops-encrypted-file.enc.yaml
-
-  - name: Add SSH private key
-    copy:
-        content: "{{ lookup('sops', user + '-id_rsa') }}"
-        dest: /home/{{ user }}/.ssh/id_rsa
-        owner: "{{ user }}"
-        group: "{{ user }}"
-        mode: 0600
-    no_log: true  # avoid content to be written to log
-"""
-
-RETURN = """
-    _raw:
-        description: decrypted file content
-"""
-
-
-class LookupModule(LookupBase):
-
-    def run(self, terms, variables=None, **kwargs):
-        ret = []
-
-        for term in terms:
-            display.debug("Sops lookup term: %s" % term)
-            lookupfile = self.find_file_in_search_path(variables, 'files', term)
-            display.vvvv(u"Sops lookup using %s as file" % lookupfile)
-
-            if not lookupfile:
-                raise AnsibleLookupError("could not locate file in lookup: %s" % to_native(term))
-
-            try:
-                output = Sops.decrypt(lookupfile, display=display)
-            except SopsError as e:
-                raise AnsibleLookupError(to_native(e))
-
-            ret.append(output.rstrip())
-
-        return ret

plugins/module_utils/sops.py

@@ -1,79 +0,0 @@
-# Copyright (c), Edoardo Tenani <e.tenani@arduino.cc>, 2018-2020
-# Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause)
-
-from __future__ import absolute_import, division, print_function
-__metaclass__ = type
-
-
-from ansible.module_utils._text import to_text, to_native
-
-from subprocess import Popen, PIPE
-
-
-# From https://github.com/mozilla/sops/blob/master/cmd/sops/codes/codes.go
-# Should be manually updated
-SOPS_ERROR_CODES = {
-    1: "ErrorGeneric",
-    2: "CouldNotReadInputFile",
-    3: "CouldNotWriteOutputFile",
-    4: "ErrorDumpingTree",
-    5: "ErrorReadingConfig",
-    6: "ErrorInvalidKMSEncryptionContextFormat",
-    7: "ErrorInvalidSetFormat",
-    8: "ErrorConflictingParameters",
-    21: "ErrorEncryptingMac",
-    23: "ErrorEncryptingTree",
-    24: "ErrorDecryptingMac",
-    25: "ErrorDecryptingTree",
-    49: "CannotChangeKeysFromNonExistentFile",
-    51: "MacMismatch",
-    52: "MacNotFound",
-    61: "ConfigFileNotFound",
-    85: "KeyboardInterrupt",
-    91: "InvalidTreePathFormat",
-    100: "NoFileSpecified",
-    128: "CouldNotRetrieveKey",
-    111: "NoEncryptionKeyFound",
-    200: "FileHasNotBeenModified",
-    201: "NoEditorFound",
-    202: "FailedToCompareVersions",
-    203: "FileAlreadyEncrypted"
-}
-
-
-class SopsError(Exception):
-    ''' Extend Exception class with sops specific informations '''
-
-    def __init__(self, filename, exit_code, message):
-        if exit_code in SOPS_ERROR_CODES:
-            exception_name = SOPS_ERROR_CODES[exit_code]
-            message = "error with file %s: %s exited with code %d: %s" % (filename, exception_name, exit_code, to_native(message))
-        else:
-            message = "could not decrypt file %s; Unknown sops error code: %s" % (filename, to_native(exit_code))
-        super(SopsError, self).__init__(message)
-
-
-class Sops():
-    ''' Utility class to perform sops CLI actions '''
-
-    @staticmethod
-    def decrypt(encrypted_file, display=None):
-        # Run sops directly, python module is deprecated
-        command = ["sops", "--decrypt", encrypted_file]
-        process = Popen(command, stdout=PIPE, stderr=PIPE)
-        (output, err) = process.communicate()
-        exit_code = process.returncode
-
-        # output is binary, we want UTF-8 string
-        output = to_text(output, errors='surrogate_or_strict')
-        # the process output is the decrypted secret; be cautious
-
-        # sops logs always to stderr, as stdout is used for
-        # file content
-        if err and display:
-            display.vvvv(err)
-
-        if exit_code > 0:
-            raise SopsError(encrypted_file, exit_code, err)
-
-        return output.rstrip()