ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-06-03 06:49:10 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

[PR #10027/299172d2 backport][stable-10] fixed hidden warnings from extra tests - batch 2 (#10101)
Some checks failed
EOL CI / EOL Sanity (Ⓐ2.15) (push) Has been cancelled
Details
EOL CI / EOL Units (Ⓐ2.15+py2.7) (push) Has been cancelled
Details
EOL CI / EOL Units (Ⓐ2.15+py3.10) (push) Has been cancelled
Details
EOL CI / EOL Units (Ⓐ2.15+py3.5) (push) Has been cancelled
Details
EOL CI / EOL I (Ⓐ2.15+alpine3+py:azp/posix/1/) (push) Has been cancelled
Details
EOL CI / EOL I (Ⓐ2.15+alpine3+py:azp/posix/2/) (push) Has been cancelled
Details
EOL CI / EOL I (Ⓐ2.15+alpine3+py:azp/posix/3/) (push) Has been cancelled
Details
EOL CI / EOL I (Ⓐ2.15+fedora37+py:azp/posix/1/) (push) Has been cancelled
Details
EOL CI / EOL I (Ⓐ2.15+fedora37+py:azp/posix/2/) (push) Has been cancelled
Details
EOL CI / EOL I (Ⓐ2.15+fedora37+py:azp/posix/3/) (push) Has been cancelled
Details
nox / Run extra sanity tests (push) Has been cancelled
Details

Browse source 
fixed hidden warnings from extra tests - batch 2 (#10027)

* fixed hidden warnings from extra tests - batch 2

* remove multiple yaml doc markers from EXAMPLE blocks

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Apply suggestions from code review

* Apply suggestions from code review

* dig: adjust markup for return suboptions

* Update plugins/lookup/dig.py

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 299172d27b)

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
This commit is contained in:
patchback[bot] 2025-05-04 21:40:28 +02:00 committed by GitHub
parent 0dc63be643
commit 4e35837063
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
36 changed files with 1930 additions and 1940 deletions
Download patch file Download diff file Expand all files Collapse all files

5
plugins/inventory/proxmox.py
View file

@ -155,7 +155,11 @@ user: ci@pve
token_id: gitlab-1
token_secret: fa256e9c-26ab-41ec-82da-707a2c079829
---
# The secret can also be a vault string or passed via the environment variable TOKEN_SECRET.
plugin: community.general.proxmox
user: ci@pve
token_id: gitlab-1
token_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
62353634333163633336343265623632626339313032653563653165313262343931643431656138
@ -216,7 +220,6 @@ password: "{{ lookup('community.general.random_string', base64=True) }}"
# Note that this can easily give you wrong values as ansible_host. See further up for
# an example where this is set to `false` and where ansible_host is set with `compose`.
want_proxmox_nodes_ansible_host: true
'''
import itertools

146
plugins/inventory/xen_orchestra.py
View file

@ -5,76 +5,81 @@
from __future__ import annotations
DOCUMENTATION = '''
name: xen_orchestra
short_description: Xen Orchestra inventory source
version_added: 4.1.0
author:
- Dom Del Nano (@ddelnano) <ddelnano@gmail.com>
- Samori Gorse (@shinuza) <samorigorse@gmail.com>
requirements:
- websocket-client >= 1.0.0
DOCUMENTATION = r"""
name: xen_orchestra
short_description: Xen Orchestra inventory source
version_added: 4.1.0
author:
- Dom Del Nano (@ddelnano) <ddelnano@gmail.com>
- Samori Gorse (@shinuza) <samorigorse@gmail.com>
requirements:
- websocket-client >= 1.0.0
description:
- Get inventory hosts from a Xen Orchestra deployment.
- Uses a configuration file as an inventory source, it must end in C(.xen_orchestra.yml) or C(.xen_orchestra.yaml).
extends_documentation_fragment:
- constructed
- inventory_cache
options:
plugin:
description: The name of this plugin, it should always be set to V(community.general.xen_orchestra) for this plugin to
recognize it as its own.
required: true
choices: ['community.general.xen_orchestra']
type: str
api_host:
description:
- Get inventory hosts from a Xen Orchestra deployment.
- 'Uses a configuration file as an inventory source, it must end in C(.xen_orchestra.yml) or C(.xen_orchestra.yaml).'
extends_documentation_fragment:
- constructed
- inventory_cache
options:
plugin:
description: The name of this plugin, it should always be set to V(community.general.xen_orchestra) for this plugin to recognize it as its own.
required: true
choices: ['community.general.xen_orchestra']
type: str
api_host:
description:
- API host to XOA API.
- If the value is not specified in the inventory configuration, the value of environment variable E(ANSIBLE_XO_HOST) will be used instead.
type: str
env:
- name: ANSIBLE_XO_HOST
user:
description:
- Xen Orchestra user.
- If the value is not specified in the inventory configuration, the value of environment variable E(ANSIBLE_XO_USER) will be used instead.
required: true
type: str
env:
- name: ANSIBLE_XO_USER
password:
description:
- Xen Orchestra password.
- If the value is not specified in the inventory configuration, the value of environment variable E(ANSIBLE_XO_PASSWORD) will be used instead.
required: true
type: str
env:
- name: ANSIBLE_XO_PASSWORD
validate_certs:
description: Verify TLS certificate if using HTTPS.
type: boolean
default: true
use_ssl:
description: Use wss when connecting to the Xen Orchestra API
type: boolean
default: true
use_vm_uuid:
description:
- Import Xen VMs to inventory using their UUID as the VM entry name.
- If set to V(false) use VM name labels instead of UUIDs.
type: boolean
default: true
version_added: 10.4.0
use_host_uuid:
description:
- Import Xen Hosts to inventory using their UUID as the Host entry name.
- If set to V(false) use Host name labels instead of UUIDs.
type: boolean
default: true
version_added: 10.4.0
'''
- API host to XOA API.
- If the value is not specified in the inventory configuration, the value of environment variable E(ANSIBLE_XO_HOST)
will be used instead.
type: str
env:
- name: ANSIBLE_XO_HOST
user:
description:
- Xen Orchestra user.
- If the value is not specified in the inventory configuration, the value of environment variable E(ANSIBLE_XO_USER)
will be used instead.
required: true
type: str
env:
- name: ANSIBLE_XO_USER
password:
description:
- Xen Orchestra password.
- If the value is not specified in the inventory configuration, the value of environment variable E(ANSIBLE_XO_PASSWORD)
will be used instead.
required: true
type: str
env:
- name: ANSIBLE_XO_PASSWORD
validate_certs:
description: Verify TLS certificate if using HTTPS.
type: boolean
default: true
use_ssl:
description: Use wss when connecting to the Xen Orchestra API.
type: boolean
default: true
use_vm_uuid:
description:
- Import Xen VMs to inventory using their UUID as the VM entry name.
- If set to V(false) use VM name labels instead of UUIDs.
type: boolean
default: true
version_added: 10.4.0
use_host_uuid:
description:
- Import Xen Hosts to inventory using their UUID as the Host entry name.
- If set to V(false) use Host name labels instead of UUIDs.
type: boolean
default: true
version_added: 10.4.0
"""
EXAMPLES = '''
EXAMPLES = r"""
---
# file must be named xen_orchestra.yaml or xen_orchestra.yml
plugin: community.general.xen_orchestra
api_host: 192.168.1.255
@ -83,13 +88,12 @@ password: xo_pwd
validate_certs: true
use_ssl: true
groups:
kube_nodes: "'kube_node' in tags"
kube_nodes: "'kube_node' in tags"
compose:
ansible_port: 2222
ansible_port: 2222
use_vm_uuid: false
use_host_uuid: true
'''
"""
import json
import ssl

129
plugins/lookup/bitwarden.py
View file

@ -5,66 +5,65 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = """
name: bitwarden
author:
- Jonathan Lung (@lungj) <lungj@heresjono.com>
requirements:
- bw (command line utility)
- be logged into bitwarden
- bitwarden vault unlocked
- E(BW_SESSION) environment variable set
short_description: Retrieve secrets from Bitwarden
version_added: 5.4.0
DOCUMENTATION = r"""
name: bitwarden
author:
- Jonathan Lung (@lungj) <lungj@heresjono.com>
requirements:
- bw (command line utility)
- be logged into bitwarden
- bitwarden vault unlocked
- E(BW_SESSION) environment variable set
short_description: Retrieve secrets from Bitwarden
version_added: 5.4.0
description:
- Retrieve secrets from Bitwarden.
options:
_terms:
description: Key(s) to fetch values for from login info.
required: true
type: list
elements: str
search:
description:
- Retrieve secrets from Bitwarden.
options:
_terms:
description: Key(s) to fetch values for from login info.
required: true
type: list
elements: str
search:
description:
- Field to retrieve, for example V(name) or V(id).
- If set to V(id), only zero or one element can be returned.
Use the Jinja C(first) filter to get the only list element.
- If set to V(None) or V(''), or if O(_terms) is empty, records are not filtered by fields.
type: str
default: name
version_added: 5.7.0
field:
description: Field to fetch. Leave unset to fetch whole response.
type: str
collection_id:
description:
- Collection ID to filter results by collection. Leave unset to skip filtering.
- O(collection_id) and O(collection_name) are mutually exclusive.
type: str
version_added: 6.3.0
collection_name:
description:
- Collection name to filter results by collection. Leave unset to skip filtering.
- O(collection_id) and O(collection_name) are mutually exclusive.
type: str
version_added: 10.4.0
organization_id:
description: Organization ID to filter results by organization. Leave unset to skip filtering.
type: str
version_added: 8.5.0
bw_session:
description: Pass session key instead of reading from env.
type: str
version_added: 8.4.0
result_count:
description:
- Number of results expected for the lookup query. Task will fail if O(result_count)
is set but does not match the number of query results. Leave empty to skip this check.
type: int
version_added: 10.4.0
- Field to retrieve, for example V(name) or V(id).
- If set to V(id), only zero or one element can be returned. Use the Jinja C(first) filter to get the only list element.
- If set to V(None) or V(''), or if O(_terms) is empty, records are not filtered by fields.
type: str
default: name
version_added: 5.7.0
field:
description: Field to fetch. Leave unset to fetch whole response.
type: str
collection_id:
description:
- Collection ID to filter results by collection. Leave unset to skip filtering.
- O(collection_id) and O(collection_name) are mutually exclusive.
type: str
version_added: 6.3.0
collection_name:
description:
- Collection name to filter results by collection. Leave unset to skip filtering.
- O(collection_id) and O(collection_name) are mutually exclusive.
type: str
version_added: 10.4.0
organization_id:
description: Organization ID to filter results by organization. Leave unset to skip filtering.
type: str
version_added: 8.5.0
bw_session:
description: Pass session key instead of reading from env.
type: str
version_added: 8.4.0
result_count:
description:
- Number of results expected for the lookup query. Task will fail if O(result_count) is set but does not match the number
of query results. Leave empty to skip this check.
type: int
version_added: 10.4.0
"""
EXAMPLES = """
EXAMPLES = r"""
- name: "Get 'password' from all Bitwarden records named 'a_test'"
ansible.builtin.debug:
msg: >-
@ -111,14 +110,14 @@ EXAMPLES = """
{{ lookup('community.general.bitwarden', 'a_test', result_count=1) }}
"""
RETURN = """
_raw:
description:
- A one-element list that contains a list of requested fields or JSON objects of matches.
- If you use C(query), you get a list of lists. If you use C(lookup) without C(wantlist=true),
this always gets reduced to a list of field values or JSON objects.
type: list
elements: list
RETURN = r"""
_raw:
description:
- A one-element list that contains a list of requested fields or JSON objects of matches.
- If you use C(query), you get a list of lists. If you use C(lookup) without C(wantlist=true), this always gets reduced
to a list of field values or JSON objects.
type: list
elements: list
"""
from subprocess import Popen, PIPE

56
plugins/lookup/bitwarden_secrets_manager.py
View file

@ -6,31 +6,31 @@ from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = """
name: bitwarden_secrets_manager
author:
- jantari (@jantari)
requirements:
- bws (command line utility)
short_description: Retrieve secrets from Bitwarden Secrets Manager
version_added: 7.2.0
description:
- Retrieve secrets from Bitwarden Secrets Manager.
options:
_terms:
description: Secret ID(s) to fetch values for.
required: true
type: list
elements: str
bws_access_token:
description: The BWS access token to use for this lookup.
env:
- name: BWS_ACCESS_TOKEN
required: true
type: str
DOCUMENTATION = r"""
name: bitwarden_secrets_manager
author:
- jantari (@jantari)
requirements:
- bws (command line utility)
short_description: Retrieve secrets from Bitwarden Secrets Manager
version_added: 7.2.0
description:
- Retrieve secrets from Bitwarden Secrets Manager.
options:
_terms:
description: Secret ID(s) to fetch values for.
required: true
type: list
elements: str
bws_access_token:
description: The BWS access token to use for this lookup.
env:
- name: BWS_ACCESS_TOKEN
required: true
type: str
"""
EXAMPLES = """
EXAMPLES = r"""
- name: Get a secret relying on the BWS_ACCESS_TOKEN environment variable for authentication
ansible.builtin.debug:
msg: >-
@ -62,11 +62,11 @@ EXAMPLES = """
{{ lookup("community.general.bitwarden_secrets_manager", "2bc23e48-4932-40de-a047-5524b7ddc972").value }}
"""
RETURN = """
_raw:
description: List containing one or more secrets.
type: list
elements: dict
RETURN = r"""
_raw:
description: List containing one or more secrets.
type: list
elements: dict
"""
from subprocess import Popen, PIPE

46
plugins/lookup/cartesian.py
View file

@ -6,24 +6,24 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
author: Unknown (!UNKNOWN)
name: cartesian
short_description: returns the cartesian product of lists
DOCUMENTATION = r"""
author: Unknown (!UNKNOWN)
name: cartesian
short_description: returns the cartesian product of lists
description:
- Takes the input lists and returns a list that represents the product of the input lists.
- It is clearer with an example, it turns [1, 2, 3], [a, b] into [1, a], [1, b], [2, a], [2, b], [3, a], [3, b].
- You can see the exact syntax in the examples section.
options:
_terms:
description:
- Takes the input lists and returns a list that represents the product of the input lists.
- It is clearer with an example, it turns [1, 2, 3], [a, b] into [1, a], [1, b], [2, a], [2, b], [3, a], [3, b].
You can see the exact syntax in the examples section.
options:
_terms:
description:
- a set of lists
type: list
elements: list
required: true
'''
- A set of lists.
type: list
elements: list
required: true
"""
EXAMPLES = """
EXAMPLES = r"""
- name: Example of the change in the description
ansible.builtin.debug:
msg: "{{ lookup('community.general.cartesian', [1,2,3], [a, b])}}"
@ -34,15 +34,15 @@ EXAMPLES = """
with_community.general.cartesian:
- "{{list1}}"
- "{{list2}}"
- [1,2,3,4,5,6]
- [1, 2, 3, 4, 5, 6]
"""
RETURN = """
_list:
description:
- list of lists composed of elements of the input lists
type: list
elements: list
RETURN = r"""
_list:
description:
- List of lists composed of elements of the input lists.
type: list
elements: list
"""
from itertools import product

65
plugins/lookup/chef_databag.py
View file

@ -6,42 +6,41 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
author: Unknown (!UNKNOWN)
name: chef_databag
short_description: fetches data from a Chef Databag
DOCUMENTATION = r"""
author: Unknown (!UNKNOWN)
name: chef_databag
short_description: fetches data from a Chef Databag
description:
- 'This is a lookup plugin to provide access to chef data bags using the pychef package. It interfaces with the chef server
API using the same methods to find a knife or chef-client config file to load parameters from, starting from either the
given base path or the current working directory. The lookup order mirrors the one from Chef, all folders in the base
path are walked back looking for the following configuration file in order: C(.chef/knife.rb), C(~/.chef/knife.rb), C(/etc/chef/client.rb).'
requirements:
- "pychef (L(Python library, https://pychef.readthedocs.io), C(pip install pychef))"
options:
name:
description:
- "This is a lookup plugin to provide access to chef data bags using the pychef package.
It interfaces with the chef server api using the same methods to find a knife or chef-client config file to load parameters from,
starting from either the given base path or the current working directory.
The lookup order mirrors the one from Chef, all folders in the base path are walked back looking for the following configuration
file in order : .chef/knife.rb, ~/.chef/knife.rb, /etc/chef/client.rb"
requirements:
- "pychef (L(Python library, https://pychef.readthedocs.io), C(pip install pychef))"
options:
name:
description:
- Name of the databag
type: string
required: true
item:
description:
- Item to fetch
type: string
required: true
'''
EXAMPLES = """
- ansible.builtin.debug:
msg: "{{ lookup('community.general.chef_databag', 'name=data_bag_name item=data_bag_item') }}"
- Name of the databag.
type: string
required: true
item:
description:
- Item to fetch.
type: string
required: true
"""
RETURN = """
_raw:
description:
- The value from the databag.
type: list
elements: dict
EXAMPLES = r"""
- ansible.builtin.debug:
msg: "{{ lookup('community.general.chef_databag', 'name=data_bag_name item=data_bag_item') }}"
"""
RETURN = r"""
_raw:
description:
- The value from the databag.
type: list
elements: dict
"""
from ansible.errors import AnsibleError

38
plugins/lookup/collection_version.py
View file

@ -5,18 +5,17 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = """
DOCUMENTATION = r"""
name: collection_version
author: Felix Fontein (@felixfontein)
version_added: "4.0.0"
short_description: Retrieves the version of an installed collection
description:
- This lookup allows to query the version of an installed collection, and to determine whether a
collection is installed at all.
- By default it returns V(none) for non-existing collections and V(*) for collections without a
version number. The latter should only happen in development environments, or when installing
a collection from git which has no version in its C(galaxy.yml). This behavior can be adjusted
by providing other values with O(result_not_found) and O(result_no_version).
- This lookup allows to query the version of an installed collection, and to determine whether a collection is installed
at all.
- By default it returns V(none) for non-existing collections and V(*) for collections without a version number. The latter
should only happen in development environments, or when installing a collection from git which has no version in its C(galaxy.yml).
This behavior can be adjusted by providing other values with O(result_not_found) and O(result_no_version).
options:
_terms:
description:
@ -34,30 +33,27 @@ options:
result_no_version:
description:
- The value to return when the collection has no version number.
- This can happen for collections installed from git which do not have a version number
in C(galaxy.yml).
- This can happen for collections installed from git which do not have a version number in C(galaxy.yml).
- By default, V(*) is returned.
type: string
default: '*'
"""
EXAMPLES = """
EXAMPLES = r"""
- name: Check version of community.general
ansible.builtin.debug:
msg: "community.general version {{ lookup('community.general.collection_version', 'community.general') }}"
"""
RETURN = """
_raw:
description:
- The version number of the collections listed as input.
- If a collection can not be found, it will return the value provided in O(result_not_found).
By default, this is V(none).
- If a collection can be found, but the version not identified, it will return the value provided in
O(result_no_version). By default, this is V(*). This can happen for collections installed
from git which do not have a version number in V(galaxy.yml).
type: list
elements: str
RETURN = r"""
_raw:
description:
- The version number of the collections listed as input.
- If a collection can not be found, it will return the value provided in O(result_not_found). By default, this is V(none).
- If a collection can be found, but the version not identified, it will return the value provided in O(result_no_version).
By default, this is V(*). This can happen for collections installed from git which do not have a version number in V(galaxy.yml).
type: list
elements: str
"""
import json

200
plugins/lookup/consul_kv.py
View file

@ -7,109 +7,109 @@ from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
author: Unknown (!UNKNOWN)
name: consul_kv
short_description: Fetch metadata from a Consul key value store.
DOCUMENTATION = r"""
author: Unknown (!UNKNOWN)
name: consul_kv
short_description: Fetch metadata from a Consul key value store
description:
- Lookup metadata for a playbook from the key value store in a Consul cluster. Values can be easily set in the kv store
with simple rest commands.
- C(curl -X PUT -d 'some-value' http://localhost:8500/v1/kv/ansible/somedata).
requirements:
- 'python-consul python library U(https://python-consul.readthedocs.io/en/latest/#installation)'
options:
_raw:
description: List of key(s) to retrieve.
type: list
elements: string
recurse:
type: boolean
description: If true, will retrieve all the values that have the given key as prefix.
default: false
index:
description:
- Lookup metadata for a playbook from the key value store in a Consul cluster.
Values can be easily set in the kv store with simple rest commands
- C(curl -X PUT -d 'some-value' http://localhost:8500/v1/kv/ansible/somedata)
requirements:
- 'python-consul python library U(https://python-consul.readthedocs.io/en/latest/#installation)'
options:
_raw:
description: List of key(s) to retrieve.
type: list
elements: string
recurse:
type: boolean
description: If true, will retrieve all the values that have the given key as prefix.
default: false
index:
description:
- If the key has a value with the specified index then this is returned allowing access to historical values.
type: int
datacenter:
description:
- Retrieve the key from a consul datacenter other than the default for the consul host.
type: str
token:
description: The acl token to allow access to restricted values.
type: str
host:
default: localhost
type: str
description:
- The target to connect to, must be a resolvable address.
- Will be determined from E(ANSIBLE_CONSUL_URL) if that is set.
ini:
- section: lookup_consul
key: host
port:
description:
- The port of the target host to connect to.
- If you use E(ANSIBLE_CONSUL_URL) this value will be used from there.
type: int
default: 8500
scheme:
default: http
type: str
description:
- Whether to use http or https.
- If you use E(ANSIBLE_CONSUL_URL) this value will be used from there.
validate_certs:
default: true
description: Whether to verify the TLS connection or not.
type: bool
env:
- name: ANSIBLE_CONSUL_VALIDATE_CERTS
ini:
- section: lookup_consul
key: validate_certs
client_cert:
description: The client cert to verify the TLS connection.
type: str
env:
- name: ANSIBLE_CONSUL_CLIENT_CERT
ini:
- section: lookup_consul
key: client_cert
url:
description:
- The target to connect to.
- "Should look like this: V(https://my.consul.server:8500)."
type: str
version_added: 1.0.0
env:
- name: ANSIBLE_CONSUL_URL
ini:
- section: lookup_consul
key: url
'''
EXAMPLES = """
- ansible.builtin.debug:
msg: 'key contains {{item}}'
with_community.general.consul_kv:
- 'key/to/retrieve'
- name: Parameters can be provided after the key be more specific about what to retrieve
ansible.builtin.debug:
msg: 'key contains {{item}}'
with_community.general.consul_kv:
- 'key/to recurse=true token=E6C060A9-26FB-407A-B83E-12DDAFCB4D98'
- name: retrieving a KV from a remote cluster on non default port
ansible.builtin.debug:
msg: "{{ lookup('community.general.consul_kv', 'my/key', host='10.10.10.10', port=2000) }}"
- If the key has a value with the specified index then this is returned allowing access to historical values.
type: int
datacenter:
description:
- Retrieve the key from a consul datacenter other than the default for the consul host.
type: str
token:
description: The acl token to allow access to restricted values.
type: str
host:
default: localhost
type: str
description:
- The target to connect to, must be a resolvable address.
- Will be determined from E(ANSIBLE_CONSUL_URL) if that is set.
ini:
- section: lookup_consul
key: host
port:
description:
- The port of the target host to connect to.
- If you use E(ANSIBLE_CONSUL_URL) this value will be used from there.
type: int
default: 8500
scheme:
default: http
type: str
description:
- Whether to use http or https.
- If you use E(ANSIBLE_CONSUL_URL) this value will be used from there.
validate_certs:
default: true
description: Whether to verify the TLS connection or not.
type: bool
env:
- name: ANSIBLE_CONSUL_VALIDATE_CERTS
ini:
- section: lookup_consul
key: validate_certs
client_cert:
description: The client cert to verify the TLS connection.
type: str
env:
- name: ANSIBLE_CONSUL_CLIENT_CERT
ini:
- section: lookup_consul
key: client_cert
url:
description:
- The target to connect to.
- 'Should look like this: V(https://my.consul.server:8500).'
type: str
version_added: 1.0.0
env:
- name: ANSIBLE_CONSUL_URL
ini:
- section: lookup_consul
key: url
"""
RETURN = """
_raw:
description:
- Value(s) stored in consul.
type: dict
EXAMPLES = r"""
- ansible.builtin.debug:
msg: 'key contains {{item}}'
with_community.general.consul_kv:
- 'key/to/retrieve'
- name: Parameters can be provided after the key be more specific about what to retrieve
ansible.builtin.debug:
msg: 'key contains {{item}}'
with_community.general.consul_kv:
- 'key/to recurse=true token=E6C060A9-26FB-407A-B83E-12DDAFCB4D98'
- name: retrieving a KV from a remote cluster on non default port
ansible.builtin.debug:
msg: "{{ lookup('community.general.consul_kv', 'my/key', host='10.10.10.10', port=2000) }}"
"""
RETURN = r"""
_raw:
description:
- Value(s) stored in consul.
type: dict
"""
from ansible.module_utils.six.moves.urllib.parse import urlparse

116
plugins/lookup/credstash.py
View file

@ -6,54 +6,54 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
author: Unknown (!UNKNOWN)
name: credstash
short_description: retrieve secrets from Credstash on AWS
requirements:
- credstash (python library)
description:
- "Credstash is a small utility for managing secrets using AWS's KMS and DynamoDB: https://github.com/fugue/credstash"
options:
_terms:
description: term or list of terms to lookup in the credit store
type: list
elements: string
required: true
table:
description: name of the credstash table to query
type: str
default: 'credential-store'
version:
description: Credstash version
type: str
default: ''
region:
description: AWS region
type: str
profile_name:
description: AWS profile to use for authentication
type: str
env:
- name: AWS_PROFILE
aws_access_key_id:
description: AWS access key ID
type: str
env:
- name: AWS_ACCESS_KEY_ID
aws_secret_access_key:
description: AWS access key
type: str
env:
- name: AWS_SECRET_ACCESS_KEY
aws_session_token:
description: AWS session token
type: str
env:
- name: AWS_SESSION_TOKEN
'''
DOCUMENTATION = r"""
author: Unknown (!UNKNOWN)
name: credstash
short_description: retrieve secrets from Credstash on AWS
requirements:
- credstash (python library)
description:
- "Credstash is a small utility for managing secrets using AWS's KMS and DynamoDB: https://github.com/fugue/credstash."
options:
_terms:
description: Term or list of terms to lookup in the credit store.
type: list
elements: string
required: true
table:
description: Name of the credstash table to query.
type: str
default: 'credential-store'
version:
description: Credstash version.
type: str
default: ''
region:
description: AWS region.
type: str
profile_name:
description: AWS profile to use for authentication.
type: str
env:
- name: AWS_PROFILE
aws_access_key_id:
description: AWS access key ID.
type: str
env:
- name: AWS_ACCESS_KEY_ID
aws_secret_access_key:
description: AWS access key.
type: str
env:
- name: AWS_SECRET_ACCESS_KEY
aws_session_token:
description: AWS session token.
type: str
env:
- name: AWS_SESSION_TOKEN
"""
EXAMPLES = """
EXAMPLES = r"""
- name: first use credstash to store your secrets
ansible.builtin.shell: credstash put my-github-password secure123
@ -77,20 +77,20 @@ EXAMPLES = """
environment: production
tasks:
- name: "Test credstash lookup plugin -- get the password with a context passed as a variable"
ansible.builtin.debug:
msg: "{{ lookup('community.general.credstash', 'some-password', context=context) }}"
- name: "Test credstash lookup plugin -- get the password with a context passed as a variable"
ansible.builtin.debug:
msg: "{{ lookup('community.general.credstash', 'some-password', context=context) }}"
- name: "Test credstash lookup plugin -- get the password with a context defined here"
ansible.builtin.debug:
msg: "{{ lookup('community.general.credstash', 'some-password', context=dict(app='my_app', environment='production')) }}"
- name: "Test credstash lookup plugin -- get the password with a context defined here"
ansible.builtin.debug:
msg: "{{ lookup('community.general.credstash', 'some-password', context=dict(app='my_app', environment='production')) }}"
"""
RETURN = """
_raw:
description:
- Value(s) stored in Credstash.
type: str
RETURN = r"""
_raw:
description:
- Value(s) stored in Credstash.
type: str
"""
from ansible.errors import AnsibleError

114
plugins/lookup/cyberarkpassword.py
View file

@ -6,62 +6,64 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
author: Unknown (!UNKNOWN)
name: cyberarkpassword
short_description: get secrets from CyberArk AIM
requirements:
- CyberArk AIM tool installed
DOCUMENTATION = r"""
author: Unknown (!UNKNOWN)
name: cyberarkpassword
short_description: get secrets from CyberArk AIM
requirements:
- CyberArk AIM tool installed
description:
- Get secrets from CyberArk AIM.
options:
_command:
description: Cyberark CLI utility.
type: string
env:
- name: AIM_CLIPASSWORDSDK_CMD
default: '/opt/CARKaim/sdk/clipasswordsdk'
appid:
description: Defines the unique ID of the application that is issuing the password request.
type: string
required: true
query:
description: Describes the filter criteria for the password retrieval.
type: string
required: true
output:
description:
- Get secrets from CyberArk AIM.
options :
_command:
description: Cyberark CLI utility.
type: string
env:
- name: AIM_CLIPASSWORDSDK_CMD
default: '/opt/CARKaim/sdk/clipasswordsdk'
appid:
description: Defines the unique ID of the application that is issuing the password request.
type: string
required: true
query:
description: Describes the filter criteria for the password retrieval.
type: string
required: true
output:
description:
- Specifies the desired output fields separated by commas.
- "They could be: Password, PassProps.<property>, PasswordChangeInProcess"
type: string
default: 'password'
_extra:
description: for extra_params values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and ASCP Implementation Guide"
notes:
- For Ansible on Windows, please change the -parameters (-p, -d, and -o) to /parameters (/p, /d, and /o) and change the location of CLIPasswordSDK.exe.
'''
EXAMPLES = """
- name: passing options to the lookup
ansible.builtin.debug:
msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}'
vars:
cyquery:
appid: "app_ansible"
query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"
- name: used in a loop
ansible.builtin.debug:
msg: "{{item}}"
with_community.general.cyberarkpassword:
appid: 'app_ansible'
query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'
- Specifies the desired output fields separated by commas.
- 'They could be: Password, PassProps.<property>, PasswordChangeInProcess.'
type: string
default: 'password'
_extra:
description: For extra_params values please check parameters for clipasswordsdk in CyberArk's "Credential Provider and
ASCP Implementation Guide".
notes:
- For Ansible on Windows, please change the -parameters (C(-p), C(-d), and C(-o)) to /parameters (C(/p), C(/d), and C(/o)) and change the
location of C(CLIPasswordSDK.exe).
"""
RETURN = """
EXAMPLES = r"""
- name: passing options to the lookup
ansible.builtin.debug:
msg: '{{ lookup("community.general.cyberarkpassword", cyquery) }}'
vars:
cyquery:
appid: "app_ansible"
query: "safe=CyberArk_Passwords;folder=root;object=AdminPass"
output: "Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess"
- name: used in a loop
ansible.builtin.debug:
msg: "{{item}}"
with_community.general.cyberarkpassword:
appid: 'app_ansible'
query: 'safe=CyberArk_Passwords;folder=root;object=AdminPass'
output: 'Password,PassProps.UserName,PassProps.Address,PasswordChangeInProcess'
"""
RETURN = r"""
_result:
description: A list containing one dictionary.
type: list
@ -69,12 +71,12 @@ _result:
contains:
password:
description:
- The actual value stored
- The actual value stored.
passprops:
description: properties assigned to the entry
description: Properties assigned to the entry.
type: dictionary
passwordchangeinprocess:
description: did the password change?
description: Did the password change?
"""
import os

63
plugins/lookup/dependent.py
View file

@ -6,31 +6,30 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = """
DOCUMENTATION = r"""
name: dependent
short_description: Composes a list with nested elements of other lists or dicts which can depend on previous loop variables
author: Felix Fontein (@felixfontein)
version_added: 3.1.0
description:
- "Takes the input lists and returns a list with elements that are lists, dictionaries,
or template expressions which evaluate to lists or dicts, composed of the elements of
the input evaluated lists and dictionaries."
- Takes the input lists and returns a list with elements that are lists, dictionaries, or template expressions which evaluate
to lists or dicts, composed of the elements of the input evaluated lists and dictionaries.
options:
_terms:
description:
- A list where the elements are one-element dictionaries, mapping a name to a string, list, or dictionary.
The name is the index that is used in the result object. The value is iterated over as described below.
- A list where the elements are one-element dictionaries, mapping a name to a string, list, or dictionary. The name
is the index that is used in the result object. The value is iterated over as described below.
- If the value is a list, it is simply iterated over.
- If the value is a dictionary, it is iterated over and returned as if they would be processed by the
P(ansible.builtin.dict2items#filter) filter.
- If the value is a string, it is evaluated as Jinja2 expressions which can access the previously chosen
elements with C(item.<index_name>). The result must be a list or a dictionary.
- If the value is a dictionary, it is iterated over and returned as if they would be processed by the P(ansible.builtin.dict2items#filter)
filter.
- If the value is a string, it is evaluated as Jinja2 expressions which can access the previously chosen elements with
C(item.<index_name>). The result must be a list or a dictionary.
type: list
elements: dict
required: true
"""
EXAMPLES = """
EXAMPLES = r"""
- name: Install/remove public keys for active admin users
ansible.posix.authorized_key:
user: "{{ item.admin.key }}"
@ -76,9 +75,9 @@ EXAMPLES = """
loop_control:
# Makes the output readable, so that it doesn't contain the whole subdictionaries and lists
label: |-
{{ [item.zone.key, item.prefix.key, item.entry.key,
item.entry.value.ttl | default(3600),
item.entry.value.absent | default(False), item.entry.value.value] }}
{{ [item.zone.key, item.prefix.key, item.entry.key,
item.entry.value.ttl | default(3600),
item.entry.value.absent | default(False), item.entry.value.value] }}
with_community.general.dependent:
- zone: dns_setup
- prefix: item.zone.value
@ -89,36 +88,36 @@ EXAMPLES = """
'':
A:
value:
- 1.2.3.4
- 1.2.3.4
AAAA:
value:
- "2a01:1:2:3::1"
- "2a01:1:2:3::1"
'test._domainkey':
TXT:
ttl: 300
value:
- '"k=rsa; t=s; p=MIGfMA..."'
- '"k=rsa; t=s; p=MIGfMA..."'
example.org:
'www':
A:
value:
- 1.2.3.4
- 5.6.7.8
- 1.2.3.4
- 5.6.7.8
"""
RETURN = """
_list:
description:
- A list composed of dictionaries whose keys are the variable names from the input list.
type: list
elements: dict
sample:
- key1: a
key2: test
- key1: a
key2: foo
- key1: b
key2: bar
RETURN = r"""
_list:
description:
- A list composed of dictionaries whose keys are the variable names from the input list.
type: list
elements: dict
sample:
- key1: a
key2: test
- key1: a
key2: foo
- key1: b
key2: bar
"""
from ansible.errors import AnsibleLookupError

319
plugins/lookup/dig.py
View file

@ -6,89 +6,92 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: dig
author: Jan-Piet Mens (@jpmens) <jpmens(at)gmail.com>
short_description: query DNS using the dnspython library
requirements:
- dnspython (python library, http://www.dnspython.org/)
DOCUMENTATION = r"""
name: dig
author: Jan-Piet Mens (@jpmens) <jpmens(at)gmail.com>
short_description: query DNS using the dnspython library
requirements:
- dnspython (python library, http://www.dnspython.org/)
description:
- The dig lookup runs queries against DNS servers to retrieve DNS records for a specific name (FQDN - fully qualified domain
name). It is possible to lookup any DNS record in this manner.
- There is a couple of different syntaxes that can be used to specify what record should be retrieved, and for which name.
It is also possible to explicitly specify the DNS server(s) to use for lookups.
- In its simplest form, the dig lookup plugin can be used to retrieve an IPv4 address (DNS A record) associated with FQDN.
- In addition to (default) A record, it is also possible to specify a different record type that should be queried. This
can be done by either passing-in additional parameter of format qtype=TYPE to the dig lookup, or by appending /TYPE to
the FQDN being queried.
- If multiple values are associated with the requested record, the results will be returned as a comma-separated list. In
such cases you may want to pass option C(wantlist=true) to the lookup call, or alternatively use C(query) instead of C(lookup),
which will result in the record values being returned as a list over which you can iterate later on.
- By default, the lookup will rely on system-wide configured DNS servers for performing the query. It is also possible to
explicitly specify DNS servers to query using the @DNS_SERVER_1,DNS_SERVER_2,...,DNS_SERVER_N notation. This needs to
be passed-in as an additional parameter to the lookup.
options:
_terms:
description: Domain(s) to query.
type: list
elements: str
qtype:
description:
- The dig lookup runs queries against DNS servers to retrieve DNS records for a specific name (FQDN - fully qualified domain name).
It is possible to lookup any DNS record in this manner.
- There is a couple of different syntaxes that can be used to specify what record should be retrieved, and for which name.
It is also possible to explicitly specify the DNS server(s) to use for lookups.
- In its simplest form, the dig lookup plugin can be used to retrieve an IPv4 address (DNS A record) associated with FQDN
- In addition to (default) A record, it is also possible to specify a different record type that should be queried.
This can be done by either passing-in additional parameter of format qtype=TYPE to the dig lookup, or by appending /TYPE to the FQDN being queried.
- If multiple values are associated with the requested record, the results will be returned as a comma-separated list.
In such cases you may want to pass option C(wantlist=true) to the lookup call, or alternatively use C(query) instead of C(lookup),
which will result in the record values being returned as a list over which you can iterate later on.
- By default, the lookup will rely on system-wide configured DNS servers for performing the query.
It is also possible to explicitly specify DNS servers to query using the @DNS_SERVER_1,DNS_SERVER_2,...,DNS_SERVER_N notation.
This needs to be passed-in as an additional parameter to the lookup
options:
_terms:
description: Domain(s) to query.
type: list
elements: str
qtype:
description:
- Record type to query.
- V(DLV) has been removed in community.general 6.0.0.
- V(CAA) has been added in community.general 6.3.0.
type: str
default: 'A'
choices: [A, ALL, AAAA, CAA, CNAME, DNAME, DNSKEY, DS, HINFO, LOC, MX, NAPTR, NS, NSEC3PARAM, PTR, RP, RRSIG, SOA, SPF, SRV, SSHFP, TLSA, TXT]
flat:
description: If 0 each record is returned as a dictionary, otherwise a string.
type: int
default: 1
retry_servfail:
description: Retry a nameserver if it returns SERVFAIL.
default: false
type: bool
version_added: 3.6.0
fail_on_error:
description:
- Abort execution on lookup errors.
- The default for this option will likely change to V(true) in the future.
The current default, V(false), is used for backwards compatibility, and will result in empty strings
or the string V(NXDOMAIN) in the result in case of errors.
default: false
type: bool
version_added: 5.4.0
real_empty:
description:
- Return empty result without empty strings, and return empty list instead of V(NXDOMAIN).
- The default for this option will likely change to V(true) in the future.
- This option will be forced to V(true) if multiple domains to be queried are specified.
default: false
type: bool
version_added: 6.0.0
class:
description:
- "Class."
type: str
default: 'IN'
tcp:
description: Use TCP to lookup DNS records.
default: false
type: bool
version_added: 7.5.0
port:
description: Use port as target port when looking up DNS records.
default: 53
type: int
version_added: 9.5.0
notes:
- ALL is not a record per-se, merely the listed fields are available for any record results you retrieve in the form of a dictionary.
- While the 'dig' lookup plugin supports anything which dnspython supports out of the box, only a subset can be converted into a dictionary.
- If you need to obtain the AAAA record (IPv6 address), you must specify the record type explicitly.
Syntax for specifying the record type is shown in the examples below.
- The trailing dot in most of the examples listed is purely optional, but is specified for completeness/correctness sake.
'''
- Record type to query.
- V(DLV) has been removed in community.general 6.0.0.
- V(CAA) has been added in community.general 6.3.0.
type: str
default: 'A'
choices: [A, ALL, AAAA, CAA, CNAME, DNAME, DNSKEY, DS, HINFO, LOC, MX, NAPTR, NS, NSEC3PARAM, PTR, RP, RRSIG, SOA, SPF,
SRV, SSHFP, TLSA, TXT]
flat:
description: If 0 each record is returned as a dictionary, otherwise a string.
type: int
default: 1
retry_servfail:
description: Retry a nameserver if it returns SERVFAIL.
default: false
type: bool
version_added: 3.6.0
fail_on_error:
description:
- Abort execution on lookup errors.
- The default for this option will likely change to V(true) in the future. The current default, V(false), is used for
backwards compatibility, and will result in empty strings or the string V(NXDOMAIN) in the result in case of errors.
default: false
type: bool
version_added: 5.4.0
real_empty:
description:
- Return empty result without empty strings, and return empty list instead of V(NXDOMAIN).
- The default for this option will likely change to V(true) in the future.
- This option will be forced to V(true) if multiple domains to be queried are specified.
default: false
type: bool
version_added: 6.0.0
class:
description:
- Class.
type: str
default: 'IN'
tcp:
description: Use TCP to lookup DNS records.
default: false
type: bool
version_added: 7.5.0
port:
description: Use port as target port when looking up DNS records.
default: 53
type: int
version_added: 9.5.0
notes:
- V(ALL) is not a record in itself, merely the listed fields are available for any record results you retrieve in the form of
a dictionary.
- While the plugin supports anything which C(dnspython) supports out of the box, only a subset can be converted
into a dictionary.
- If you need to obtain the AAAA record (IPv6 address), you must specify the record type explicitly. Syntax for specifying
the record type is shown in the examples below.
- The trailing dot in most of the examples listed is purely optional, but is specified for completeness/correctness sake.
"""
EXAMPLES = """
EXAMPLES = r"""
- name: Simple A record (IPV4 address) lookup for example.com
ansible.builtin.debug:
msg: "{{ lookup('community.general.dig', 'example.com.')}}"
@ -139,83 +142,83 @@ EXAMPLES = """
msg: "{{ lookup('community.general.dig', 'example.org./A', retry_servfail=true) }}"
"""
RETURN = """
_list:
description:
- List of composed strings or dictionaries with key and value
If a dictionary, fields shows the keys returned depending on query type
type: list
elements: raw
contains:
ALL:
description:
- owner, ttl, type
A:
description:
- address
AAAA:
description:
- address
CAA:
description:
- flags
- tag
- value
version_added: 6.3.0
CNAME:
description:
- target
DNAME:
description:
- target
DNSKEY:
description:
- flags, algorithm, protocol, key
DS:
description:
- algorithm, digest_type, key_tag, digest
HINFO:
description:
- cpu, os
LOC:
description:
- latitude, longitude, altitude, size, horizontal_precision, vertical_precision
MX:
description:
- preference, exchange
NAPTR:
description:
- order, preference, flags, service, regexp, replacement
NS:
description:
- target
NSEC3PARAM:
description:
- algorithm, flags, iterations, salt
PTR:
description:
- target
RP:
description:
- mbox, txt
SOA:
description:
- mname, rname, serial, refresh, retry, expire, minimum
SPF:
description:
- strings
SRV:
description:
- priority, weight, port, target
SSHFP:
description:
- algorithm, fp_type, fingerprint
TLSA:
description:
- usage, selector, mtype, cert
TXT:
description:
- strings
RETURN = r"""
_list:
description:
- List of composed strings or of dictionaries, with fields depending
on query type.
type: list
elements: raw
contains:
ALL:
description:
- C(owner), C(ttl), C(type).
A:
description:
- C(address).
AAAA:
description:
- C(address).
CAA:
description:
- C(flags).
- C(tag).
- C(value).
version_added: 6.3.0
CNAME:
description:
- C(target).
DNAME:
description:
- C(target).
DNSKEY:
description:
- C(flags), C(algorithm), C(protocol), C(key).
DS:
description:
- C(algorithm), C(digest_type), C(key_tag), C(digest).
HINFO:
description:
- C(cpu), C(os).
LOC:
description:
- C(latitude), C(longitude), C(altitude), C(size), C(horizontal_precision), C(vertical_precision).
MX:
description:
- C(preference), C(exchange).
NAPTR:
description:
- C(order), C(preference), C(flags), C(service), C(regexp), C(replacement).
NS:
description:
- C(target).
NSEC3PARAM:
description:
- C(algorithm), C(flags), C(iterations), C(salt).
PTR:
description:
- C(target).
RP:
description:
- C(mbox), C(txt).
SOA:
description:
- C(mname), C(rname), C(serial), C(refresh), C(retry), C(expire), C(minimum).
SPF:
description:
- C(strings).
SRV:
description:
- C(priority), C(weight), C(port), C(target).
SSHFP:
description:
- C(algorithm), C(fp_type), C(fingerprint).
TLSA:
description:
- C(usage), C(selector), C(mtype), C(cert).
TXT:
description:
- C(strings).
"""
from ansible.errors import AnsibleError

54
plugins/lookup/dnstxt.py
View file

@ -6,30 +6,30 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: dnstxt
author: Jan-Piet Mens (@jpmens) <jpmens(at)gmail.com>
short_description: query a domain(s)'s DNS txt fields
requirements:
- dns/dns.resolver (python library)
DOCUMENTATION = r"""
name: dnstxt
author: Jan-Piet Mens (@jpmens) <jpmens(at)gmail.com>
short_description: query a domain(s)'s DNS txt fields
requirements:
- dns/dns.resolver (python library)
description:
- Uses a python library to return the DNS TXT record for a domain.
options:
_terms:
description: Domain or list of domains to query TXT records from.
required: true
type: list
elements: string
real_empty:
description:
- Uses a python library to return the DNS TXT record for a domain.
options:
_terms:
description: domain or list of domains to query TXT records from
required: true
type: list
elements: string
real_empty:
description:
- Return empty result without empty strings, and return empty list instead of V(NXDOMAIN).
- The default for this option will likely change to V(true) in the future.
default: false
type: bool
version_added: 6.0.0
'''
- Return empty result without empty strings, and return empty list instead of V(NXDOMAIN).
- The default for this option will likely change to V(true) in the future.
default: false
type: bool
version_added: 6.0.0
"""
EXAMPLES = """
EXAMPLES = r"""
- name: show txt entry
ansible.builtin.debug:
msg: "{{lookup('community.general.dnstxt', ['test.example.com'])}}"
@ -48,11 +48,11 @@ EXAMPLES = """
with_community.general.dnstxt: "{{lookup('community.general.dnstxt', ['test.example.com']).split(',')}}"
"""
RETURN = """
_list:
description:
- values returned by the DNS TXT record.
type: list
RETURN = r"""
_list:
description:
- Values returned by the DNS TXT record.
type: list
"""
HAVE_DNS = False

123
plugins/lookup/dsv.py
View file

@ -12,81 +12,78 @@ author: Adam Migus (@amigus) <adam@migus.org>
short_description: Get secrets from Thycotic DevOps Secrets Vault
version_added: 1.0.0
description:
- Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a
DSV O(tenant) using a O(client_id) and O(client_secret).
- Uses the Thycotic DevOps Secrets Vault Python SDK to get Secrets from a DSV O(tenant) using a O(client_id) and O(client_secret).
requirements:
- python-dsv-sdk - https://pypi.org/project/python-dsv-sdk/
- python-dsv-sdk - https://pypi.org/project/python-dsv-sdk/
options:
_terms:
description: The path to the secret, for example V(/staging/servers/web1).
required: true
tenant:
description: The first format parameter in the default O(url_template).
type: string
env:
- name: DSV_TENANT
ini:
- section: dsv_lookup
key: tenant
required: true
tld:
default: com
description: The top-level domain of the tenant; the second format
parameter in the default O(url_template).
type: string
env:
- name: DSV_TLD
ini:
- section: dsv_lookup
key: tld
required: false
client_id:
description: The client_id with which to request the Access Grant.
type: string
env:
- name: DSV_CLIENT_ID
ini:
- section: dsv_lookup
key: client_id
required: true
client_secret:
description: The client secret associated with the specific O(client_id).
type: string
env:
- name: DSV_CLIENT_SECRET
ini:
- section: dsv_lookup
key: client_secret
required: true
url_template:
default: https://{}.secretsvaultcloud.{}/v1
description: The path to prepend to the base URL to form a valid REST
API request.
type: string
env:
- name: DSV_URL_TEMPLATE
ini:
- section: dsv_lookup
key: url_template
required: false
_terms:
description: The path to the secret, for example V(/staging/servers/web1).
required: true
tenant:
description: The first format parameter in the default O(url_template).
type: string
env:
- name: DSV_TENANT
ini:
- section: dsv_lookup
key: tenant
required: true
tld:
default: com
description: The top-level domain of the tenant; the second format parameter in the default O(url_template).
type: string
env:
- name: DSV_TLD
ini:
- section: dsv_lookup
key: tld
required: false
client_id:
description: The client_id with which to request the Access Grant.
type: string
env:
- name: DSV_CLIENT_ID
ini:
- section: dsv_lookup
key: client_id
required: true
client_secret:
description: The client secret associated with the specific O(client_id).
type: string
env:
- name: DSV_CLIENT_SECRET
ini:
- section: dsv_lookup
key: client_secret
required: true
url_template:
default: https://{}.secretsvaultcloud.{}/v1
description: The path to prepend to the base URL to form a valid REST API request.
type: string
env:
- name: DSV_URL_TEMPLATE
ini:
- section: dsv_lookup
key: url_template
required: false
"""
RETURN = r"""
_list:
description:
- One or more JSON responses to C(GET /secrets/{path}).
- See U(https://dsv.thycotic.com/api/index.html#operation/getSecret).
type: list
elements: dict
description:
- One or more JSON responses to C(GET /secrets/{path}).
- See U(https://dsv.thycotic.com/api/index.html#operation/getSecret).
type: list
elements: dict
"""
EXAMPLES = r"""
- hosts: localhost
vars:
secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
secret: "{{ lookup('community.general.dsv', '/test/secret') }}"
tasks:
- ansible.builtin.debug:
msg: 'the password is {{ secret["data"]["password"] }}'
- ansible.builtin.debug:
msg: 'the password is {{ secret["data"]["password"] }}'
"""
from ansible.errors import AnsibleError, AnsibleOptionsError

92
plugins/lookup/etcd.py
View file

@ -8,46 +8,46 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
author:
- Jan-Piet Mens (@jpmens)
name: etcd
short_description: get info from an etcd server
DOCUMENTATION = r"""
author:
- Jan-Piet Mens (@jpmens)
name: etcd
short_description: get info from an etcd server
description:
- Retrieves data from an etcd server.
options:
_terms:
description:
- Retrieves data from an etcd server
options:
_terms:
description:
- the list of keys to lookup on the etcd server
type: list
elements: string
required: true
url:
description:
- Environment variable with the URL for the etcd server
type: string
default: 'http://127.0.0.1:4001'
env:
- name: ANSIBLE_ETCD_URL
version:
description:
- Environment variable with the etcd protocol version
type: string
default: 'v1'
env:
- name: ANSIBLE_ETCD_VERSION
validate_certs:
description:
- toggle checking that the ssl certificates are valid, you normally only want to turn this off with self-signed certs.
default: true
type: boolean
seealso:
- module: community.general.etcd3
- plugin: community.general.etcd3
plugin_type: lookup
'''
- The list of keys to lookup on the etcd server.
type: list
elements: string
required: true
url:
description:
- Environment variable with the URL for the etcd server.
type: string
default: 'http://127.0.0.1:4001'
env:
- name: ANSIBLE_ETCD_URL
version:
description:
- Environment variable with the etcd protocol version.
type: string
default: 'v1'
env:
- name: ANSIBLE_ETCD_VERSION
validate_certs:
description:
- Toggle checking that the ssl certificates are valid, you normally only want to turn this off with self-signed certs.
default: true
type: boolean
seealso:
- module: community.general.etcd3
- plugin: community.general.etcd3
plugin_type: lookup
"""
EXAMPLES = '''
EXAMPLES = r"""
- name: "a value from a locally running etcd"
ansible.builtin.debug:
msg: "{{ lookup('community.general.etcd', 'foo/bar') }}"
@ -59,15 +59,15 @@ EXAMPLES = '''
- name: "you can set server options inline"
ansible.builtin.debug:
msg: "{{ lookup('community.general.etcd', 'foo', version='v2', url='http://192.168.0.27:4001') }}"
'''
"""
RETURN = '''
_raw:
description:
- List of values associated with input keys.
type: list
elements: string
'''
RETURN = r"""
_raw:
description:
- List of values associated with input keys.
type: list
elements: string
"""
import json

212
plugins/lookup/etcd3.py
View file

@ -7,101 +7,101 @@
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = '''
author:
- Eric Belhomme (@eric-belhomme) <ebelhomme@fr.scc.com>
version_added: '0.2.0'
name: etcd3
short_description: Get key values from etcd3 server
DOCUMENTATION = r"""
author:
- Eric Belhomme (@eric-belhomme) <ebelhomme@fr.scc.com>
version_added: '0.2.0'
name: etcd3
short_description: Get key values from etcd3 server
description:
- Retrieves key values and/or key prefixes from etcd3 server using its native gRPC API.
- Try to reuse M(community.general.etcd3) options for connection parameters, but add support for some E(ETCDCTL_*) environment
variables.
- See U(https://github.com/etcd-io/etcd/tree/master/Documentation/op-guide) for etcd overview.
options:
_terms:
description:
- Retrieves key values and/or key prefixes from etcd3 server using its native gRPC API.
- Try to reuse M(community.general.etcd3) options for connection parameters, but add support for some C(ETCDCTL_*) environment variables.
- See U(https://github.com/etcd-io/etcd/tree/master/Documentation/op-guide) for etcd overview.
- The list of keys (or key prefixes) to look up on the etcd3 server.
type: list
elements: str
required: true
prefix:
description:
- Look for key or prefix key.
type: bool
default: false
endpoints:
description:
- Counterpart of E(ETCDCTL_ENDPOINTS) environment variable. Specify the etcd3 connection with an URL form, for example
V(https://hostname:2379), or V(<host>:<port>) form.
- The V(host) part is overwritten by O(host) option, if defined.
- The V(port) part is overwritten by O(port) option, if defined.
env:
- name: ETCDCTL_ENDPOINTS
default: '127.0.0.1:2379'
type: str
host:
description:
- Etcd3 listening client host.
- Takes precedence over O(endpoints).
type: str
port:
description:
- Etcd3 listening client port.
- Takes precedence over O(endpoints).
type: int
ca_cert:
description:
- Etcd3 CA authority.
env:
- name: ETCDCTL_CACERT
type: str
cert_cert:
description:
- Etcd3 client certificate.
env:
- name: ETCDCTL_CERT
type: str
cert_key:
description:
- Etcd3 client private key.
env:
- name: ETCDCTL_KEY
type: str
timeout:
description:
- Client timeout.
default: 60
env:
- name: ETCDCTL_DIAL_TIMEOUT
type: int
user:
description:
- Authenticated user name.
env:
- name: ETCDCTL_USER
type: str
password:
description:
- Authenticated user password.
env:
- name: ETCDCTL_PASSWORD
type: str
options:
_terms:
description:
- The list of keys (or key prefixes) to look up on the etcd3 server.
type: list
elements: str
required: true
prefix:
description:
- Look for key or prefix key.
type: bool
default: false
endpoints:
description:
- Counterpart of E(ETCDCTL_ENDPOINTS) environment variable.
Specify the etcd3 connection with and URL form, for example V(https://hostname:2379), or V(<host>:<port>) form.
- The V(host) part is overwritten by O(host) option, if defined.
- The V(port) part is overwritten by O(port) option, if defined.
env:
- name: ETCDCTL_ENDPOINTS
default: '127.0.0.1:2379'
type: str
host:
description:
- etcd3 listening client host.
- Takes precedence over O(endpoints).
type: str
port:
description:
- etcd3 listening client port.
- Takes precedence over O(endpoints).
type: int
ca_cert:
description:
- etcd3 CA authority.
env:
- name: ETCDCTL_CACERT
type: str
cert_cert:
description:
- etcd3 client certificate.
env:
- name: ETCDCTL_CERT
type: str
cert_key:
description:
- etcd3 client private key.
env:
- name: ETCDCTL_KEY
type: str
timeout:
description:
- Client timeout.
default: 60
env:
- name: ETCDCTL_DIAL_TIMEOUT
type: int
user:
description:
- Authenticated user name.
env:
- name: ETCDCTL_USER
type: str
password:
description:
- Authenticated user password.
env:
- name: ETCDCTL_PASSWORD
type: str
notes:
- O(host) and O(port) options take precedence over (endpoints) option.
- The recommended way to connect to etcd3 server is using E(ETCDCTL_ENDPOINT) environment variable and keep O(endpoints),
O(host), and O(port) unused.
seealso:
- module: community.general.etcd3
- plugin: community.general.etcd
plugin_type: lookup
notes:
- O(host) and O(port) options take precedence over (endpoints) option.
- The recommended way to connect to etcd3 server is using E(ETCDCTL_ENDPOINT)
environment variable and keep O(endpoints), O(host), and O(port) unused.
seealso:
- module: community.general.etcd3
- plugin: community.general.etcd
plugin_type: lookup
requirements:
- "etcd3 >= 0.10"
"""
requirements:
- "etcd3 >= 0.10"
'''
EXAMPLES = '''
EXAMPLES = r"""
- name: "a value from a locally running etcd"
ansible.builtin.debug:
msg: "{{ lookup('community.general.etcd3', 'foo/bar') }}"
@ -117,22 +117,22 @@ EXAMPLES = '''
- name: "connect to etcd3 with a client certificate"
ansible.builtin.debug:
msg: "{{ lookup('community.general.etcd3', 'foo/bar', cert_cert='/etc/ssl/etcd/client.pem', cert_key='/etc/ssl/etcd/client.key') }}"
'''
"""
RETURN = '''
_raw:
description:
- List of keys and associated values.
type: list
elements: dict
contains:
key:
description: The element's key.
type: str
value:
description: The element's value.
type: str
'''
RETURN = r"""
_raw:
description:
- List of keys and associated values.
type: list
elements: dict
contains:
key:
description: The element's key.
type: str
value:
description: The element's value.
type: str
"""
import re

123
plugins/lookup/filetree.py
View file

@ -6,22 +6,23 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = r'''
DOCUMENTATION = r"""
name: filetree
author: Dag Wieers (@dagwieers) <dag@wieers.com>
short_description: recursively match all files in a directory tree
description:
- This lookup enables you to template a complete tree of files on a target system while retaining permissions and ownership.
- Supports directories, files and symlinks, including SELinux and other file properties.
- If you provide more than one path, it will implement a first_found logic, and will not process entries it already processed in previous paths.
This enables merging different trees in order of importance, or add role_vars to specific paths to influence different instances of the same role.
- This lookup enables you to template a complete tree of files on a target system while retaining permissions and ownership.
- Supports directories, files and symlinks, including SELinux and other file properties.
- If you provide more than one path, it will implement a first_found logic, and will not process entries it already processed
in previous paths. This enables merging different trees in order of importance, or add role_vars to specific paths to
influence different instances of the same role.
options:
_terms:
description: Path(s) of files to read.
required: true
type: list
elements: string
'''
"""
EXAMPLES = r"""
- name: Create directories
@ -59,61 +60,61 @@ EXAMPLES = r"""
"""
RETURN = r"""
_raw:
description: List of dictionaries with file information.
type: list
elements: dict
contains:
src:
description:
- Full path to file.
- Not returned when RV(_raw[].state) is set to V(directory).
type: path
root:
description: Allows filtering by original location.
type: path
path:
description: Contains the relative path to root.
type: path
mode:
description: The permissions the resulting file or directory.
type: str
state:
description: TODO
type: str
owner:
description: Name of the user that owns the file/directory.
type: raw
group:
description: Name of the group that owns the file/directory.
type: raw
seuser:
description: The user part of the SELinux file context.
type: raw
serole:
description: The role part of the SELinux file context.
type: raw
setype:
description: The type part of the SELinux file context.
type: raw
selevel:
description: The level part of the SELinux file context.
type: raw
uid:
description: Owner ID of the file/directory.
type: int
gid:
description: Group ID of the file/directory.
type: int
size:
description: Size of the target.
type: int
mtime:
description: Time of last modification.
type: float
ctime:
description: Time of last metadata update or creation (depends on OS).
type: float
_raw:
description: List of dictionaries with file information.
type: list
elements: dict
contains:
src:
description:
- Full path to file.
- Not returned when RV(_raw[].state) is set to V(directory).
type: path
root:
description: Allows filtering by original location.
type: path
path:
description: Contains the relative path to root.
type: path
mode:
description: The permissions the resulting file or directory.
type: str
state:
description: TODO.
type: str
owner:
description: Name of the user that owns the file/directory.
type: raw
group:
description: Name of the group that owns the file/directory.
type: raw
seuser:
description: The user part of the SELinux file context.
type: raw
serole:
description: The role part of the SELinux file context.
type: raw
setype:
description: The type part of the SELinux file context.
type: raw
selevel:
description: The level part of the SELinux file context.
type: raw
uid:
description: Owner ID of the file/directory.
type: int
gid:
description: Group ID of the file/directory.
type: int
size:
description: Size of the target.
type: int
mtime:
description: Time of last modification.
type: float
ctime:
description: Time of last metadata update or creation (depends on OS).
type: float
"""
import os
import pwd

46
plugins/lookup/flattened.py
View file

@ -6,35 +6,35 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: flattened
author: Serge van Ginderachter (!UNKNOWN) <serge@vanginderachter.be>
short_description: return single list completely flattened
description:
- Given one or more lists, this lookup will flatten any list elements found recursively until only 1 list is left.
options:
_terms:
description: lists to flatten
type: list
elements: raw
required: true
notes:
- Unlike the P(ansible.builtin.items#lookup) lookup which only flattens 1 level,
this plugin will continue to flatten until it cannot find lists anymore.
- Aka highlander plugin, there can only be one (list).
'''
DOCUMENTATION = r"""
name: flattened
author: Serge van Ginderachter (!UNKNOWN) <serge@vanginderachter.be>
short_description: return single list completely flattened
description:
- Given one or more lists, this lookup will flatten any list elements found recursively until only 1 list is left.
options:
_terms:
description: Lists to flatten.
type: list
elements: raw
required: true
notes:
- Unlike the P(ansible.builtin.items#lookup) lookup which only flattens 1 level, this plugin will continue to flatten until
it cannot find lists anymore.
- Aka highlander plugin, there can only be one (list).
"""
EXAMPLES = """
EXAMPLES = r"""
- name: "'unnest' all elements into single list"
ansible.builtin.debug:
msg: "all in one list {{lookup('community.general.flattened', [1,2,3,[5,6]], ['a','b','c'], [[5,6,1,3], [34,'a','b','c']])}}"
"""
RETURN = """
_raw:
description:
- flattened list
type: list
RETURN = r"""
_raw:
description:
- Flattened list.
type: list
"""
from ansible.errors import AnsibleError
from ansible.module_utils.six import string_types

96
plugins/lookup/github_app_access_token.py
View file

@ -5,49 +5,49 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: github_app_access_token
author:
- Poh Wei Sheng (@weisheng-p)
short_description: Obtain short-lived Github App Access tokens
version_added: '8.2.0'
requirements:
- jwt (https://github.com/GehirnInc/python-jwt)
DOCUMENTATION = r"""
name: github_app_access_token
author:
- Poh Wei Sheng (@weisheng-p)
short_description: Obtain short-lived Github App Access tokens
version_added: '8.2.0'
requirements:
- jwt (https://github.com/GehirnInc/python-jwt)
description:
- This generates a Github access token that can be used with a C(git) command, if you use a Github App.
options:
key_path:
description:
- This generates a Github access token that can be used with a C(git) command, if you use a Github App.
options:
key_path:
description:
- Path to your private key.
- Either O(key_path) or O(private_key) must be specified.
type: path
app_id:
description:
- Your GitHub App ID, you can find this in the Settings page.
required: true
type: str
installation_id:
description:
- The installation ID that contains the git repository you would like access to.
- As of 2023-12-24, this can be found via Settings page > Integrations > Application. The last part of the URL in the
configure button is the installation ID.
- Alternatively, you can use PyGithub (U(https://github.com/PyGithub/PyGithub)) to get your installation ID.
required: true
type: str
private_key:
description:
- GitHub App private key in PEM file format as string.
- Either O(key_path) or O(private_key) must be specified.
type: str
version_added: 10.0.0
token_expiry:
description:
- How long the token should last for in seconds.
default: 600
type: int
'''
- Path to your private key.
- Either O(key_path) or O(private_key) must be specified.
type: path
app_id:
description:
- Your GitHub App ID, you can find this in the Settings page.
required: true
type: str
installation_id:
description:
- The installation ID that contains the git repository you would like access to.
- As of 2023-12-24, this can be found at Settings page > Integrations > Application. The last part of the URL in the
configure button is the installation ID.
- Alternatively, you can use PyGithub (U(https://github.com/PyGithub/PyGithub)) to get your installation ID.
required: true
type: str
private_key:
description:
- GitHub App private key in PEM file format as string.
- Either O(key_path) or O(private_key) must be specified.
type: str
version_added: 10.0.0
token_expiry:
description:
- How long the token should last for in seconds.
default: 600
type: int
"""
EXAMPLES = '''
EXAMPLES = r"""
- name: Get access token to be used for git checkout with app_id=123456, installation_id=64209
ansible.builtin.git:
repo: >-
@ -57,14 +57,14 @@ EXAMPLES = '''
github_token: >-
{{ lookup('community.general.github_app_access_token', key_path='/home/to_your/key',
app_id='123456', installation_id='64209') }}
'''
"""
RETURN = '''
_raw:
description: A one-element list containing your GitHub access token.
type: list
elements: str
'''
RETURN = r"""
_raw:
description: A one-element list containing your GitHub access token.
type: list
elements: str
"""
try:

74
plugins/lookup/hiera.py
View file

@ -6,40 +6,40 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
author:
- Juan Manuel Parrilla (@jparrill)
name: hiera
short_description: get info from hiera data
requirements:
- hiera (command line utility)
DOCUMENTATION = r"""
author:
- Juan Manuel Parrilla (@jparrill)
name: hiera
short_description: get info from hiera data
requirements:
- hiera (command line utility)
description:
- Retrieves data from an Puppetmaster node using Hiera as ENC.
options:
_terms:
description:
- Retrieves data from an Puppetmaster node using Hiera as ENC.
options:
_terms:
description:
- The list of keys to lookup on the Puppetmaster.
type: list
elements: string
required: true
executable:
description:
- Binary file to execute Hiera.
type: string
default: '/usr/bin/hiera'
env:
- name: ANSIBLE_HIERA_BIN
config_file:
description:
- File that describes the hierarchy of Hiera.
type: string
default: '/etc/hiera.yaml'
env:
- name: ANSIBLE_HIERA_CFG
- The list of keys to lookup on the Puppetmaster.
type: list
elements: string
required: true
executable:
description:
- Binary file to execute Hiera.
type: string
default: '/usr/bin/hiera'
env:
- name: ANSIBLE_HIERA_BIN
config_file:
description:
- File that describes the hierarchy of Hiera.
type: string
default: '/etc/hiera.yaml'
env:
- name: ANSIBLE_HIERA_CFG
# FIXME: incomplete options .. _terms? environment/fqdn?
'''
"""
EXAMPLES = """
EXAMPLES = r"""
# All this examples depends on hiera.yml that describes the hierarchy
- name: "a value from Hiera 'DB'"
@ -55,12 +55,12 @@ EXAMPLES = """
msg: "{{ lookup('community.general.hiera', 'foo fqdn=puppet01.localdomain') }}"
"""
RETURN = """
_raw:
description:
- a value associated with input key
type: list
elements: str
RETURN = r"""
_raw:
description:
- A value associated with input key.
type: list
elements: str
"""
from ansible.plugins.lookup import LookupBase

32
plugins/lookup/keyring.py
View file

@ -7,18 +7,18 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: keyring
author:
- Samuel Boucher (!UNKNOWN) <boucher.samuel.c@gmail.com>
requirements:
- keyring (python library)
short_description: grab secrets from the OS keyring
description:
- Allows you to access data stored in the OS provided keyring/keychain.
'''
DOCUMENTATION = r"""
name: keyring
author:
- Samuel Boucher (!UNKNOWN) <boucher.samuel.c@gmail.com>
requirements:
- keyring (python library)
short_description: grab secrets from the OS keyring
description:
- Allows you to access data stored in the OS provided keyring/keychain.
"""
EXAMPLES = """
EXAMPLES = r"""
- name: output secrets to screen (BAD IDEA)
ansible.builtin.debug:
msg: "Password: {{item}}"
@ -31,11 +31,11 @@ EXAMPLES = """
login_user: joe
"""
RETURN = """
_raw:
description: Secrets stored.
type: list
elements: str
RETURN = r"""
_raw:
description: Secrets stored.
type: list
elements: str
"""
HAS_KEYRING = True

54
plugins/lookup/lastpass.py
View file

@ -6,39 +6,39 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: lastpass
author:
- Andrew Zenk (!UNKNOWN) <azenk@umn.edu>
requirements:
- lpass (command line utility)
- must have already logged into LastPass
short_description: fetch data from LastPass
description:
- Use the lpass command line utility to fetch specific fields from LastPass.
options:
_terms:
description: Key from which you want to retrieve the field.
required: true
type: list
elements: str
field:
description: Field to return from LastPass.
default: 'password'
type: str
'''
DOCUMENTATION = r"""
name: lastpass
author:
- Andrew Zenk (!UNKNOWN) <azenk@umn.edu>
requirements:
- lpass (command line utility)
- must have already logged into LastPass
short_description: fetch data from LastPass
description:
- Use the lpass command line utility to fetch specific fields from LastPass.
options:
_terms:
description: Key from which you want to retrieve the field.
required: true
type: list
elements: str
field:
description: Field to return from LastPass.
default: 'password'
type: str
"""
EXAMPLES = """
EXAMPLES = r"""
- name: get 'custom_field' from LastPass entry 'entry-name'
ansible.builtin.debug:
msg: "{{ lookup('community.general.lastpass', 'entry-name', field='custom_field') }}"
"""
RETURN = """
_raw:
description: secrets stored
type: list
elements: str
RETURN = r"""
_raw:
description: Secrets stored.
type: list
elements: str
"""
from subprocess import Popen, PIPE

52
plugins/lookup/lmdb_kv.py
View file

@ -6,30 +6,30 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: lmdb_kv
author:
- Jan-Piet Mens (@jpmens)
version_added: '0.2.0'
short_description: fetch data from LMDB
description:
- This lookup returns a list of results from an LMDB DB corresponding to a list of items given to it.
requirements:
- lmdb (Python library U(https://lmdb.readthedocs.io/en/release/))
options:
_terms:
description: List of keys to query.
type: list
elements: str
db:
description: Path to LMDB database.
type: str
default: 'ansible.mdb'
vars:
- name: lmdb_kv_db
'''
DOCUMENTATION = r"""
name: lmdb_kv
author:
- Jan-Piet Mens (@jpmens)
version_added: '0.2.0'
short_description: fetch data from LMDB
description:
- This lookup returns a list of results from an LMDB DB corresponding to a list of items given to it.
requirements:
- lmdb (Python library U(https://lmdb.readthedocs.io/en/release/))
options:
_terms:
description: List of keys to query.
type: list
elements: str
db:
description: Path to LMDB database.
type: str
default: 'ansible.mdb'
vars:
- name: lmdb_kv_db
"""
EXAMPLES = """
EXAMPLES = r"""
- name: query LMDB for a list of country codes
ansible.builtin.debug:
msg: "{{ query('community.general.lmdb_kv', 'nl', 'be', 'lu', db='jp.mdb') }}"
@ -40,7 +40,7 @@ EXAMPLES = """
vars:
- lmdb_kv_db: jp.mdb
with_community.general.lmdb_kv:
- "n*"
- "n*"
- name: get an item by key
ansible.builtin.assert:
@ -52,9 +52,9 @@ EXAMPLES = """
- be
"""
RETURN = """
RETURN = r"""
_raw:
description: value(s) stored in LMDB
description: Value(s) stored in LMDB.
type: list
elements: raw
"""

139
plugins/lookup/merge_variables.py
View file

@ -6,72 +6,71 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = """
author:
- Roy Lenferink (@rlenferink)
- Mark Ettema (@m-a-r-k-e)
- Alexander Petrenz (@alpex8)
name: merge_variables
short_description: merge variables whose names match a given pattern
DOCUMENTATION = r"""
author:
- Roy Lenferink (@rlenferink)
- Mark Ettema (@m-a-r-k-e)
- Alexander Petrenz (@alpex8)
name: merge_variables
short_description: merge variables whose names match a given pattern
description:
- This lookup returns the merged result of all variables in scope that match the given prefixes, suffixes, or regular expressions,
optionally.
version_added: 6.5.0
options:
_terms:
description:
- This lookup returns the merged result of all variables in scope that match the given prefixes, suffixes, or
regular expressions, optionally.
version_added: 6.5.0
options:
_terms:
description:
- Depending on the value of O(pattern_type), this is a list of prefixes, suffixes, or regular expressions
that will be used to match all variables that should be merged.
required: true
type: list
elements: str
pattern_type:
description:
- Change the way of searching for the specified pattern.
type: str
default: 'regex'
choices:
- prefix
- suffix
- regex
env:
- name: ANSIBLE_MERGE_VARIABLES_PATTERN_TYPE
ini:
- section: merge_variables_lookup
key: pattern_type
initial_value:
description:
- An initial value to start with.
type: raw
override:
description:
- Return an error, print a warning or ignore it when a key will be overwritten.
- The default behavior V(error) makes the plugin fail when a key would be overwritten.
- When V(warn) and V(ignore) are used, note that it is important to know that the variables
are sorted by name before being merged. Keys for later variables in this order will overwrite
keys of the same name for variables earlier in this order. To avoid potential confusion,
better use O(override=error) whenever possible.
type: str
default: 'error'
choices:
- error
- warn
- ignore
env:
- name: ANSIBLE_MERGE_VARIABLES_OVERRIDE
ini:
- section: merge_variables_lookup
key: override
groups:
description:
- Search for variables accross hosts that belong to the given groups. This allows to collect configuration pieces
accross different hosts (for example a service on a host with its database on another host).
type: list
elements: str
version_added: 8.5.0
- Depending on the value of O(pattern_type), this is a list of prefixes, suffixes, or regular expressions that will
be used to match all variables that should be merged.
required: true
type: list
elements: str
pattern_type:
description:
- Change the way of searching for the specified pattern.
type: str
default: 'regex'
choices:
- prefix
- suffix
- regex
env:
- name: ANSIBLE_MERGE_VARIABLES_PATTERN_TYPE
ini:
- section: merge_variables_lookup
key: pattern_type
initial_value:
description:
- An initial value to start with.
type: raw
override:
description:
- Return an error, print a warning or ignore it when a key will be overwritten.
- The default behavior V(error) makes the plugin fail when a key would be overwritten.
- When V(warn) and V(ignore) are used, note that it is important to know that the variables are sorted by name before
being merged. Keys for later variables in this order will overwrite keys of the same name for variables earlier in
this order. To avoid potential confusion, better use O(override=error) whenever possible.
type: str
default: 'error'
choices:
- error
- warn
- ignore
env:
- name: ANSIBLE_MERGE_VARIABLES_OVERRIDE
ini:
- section: merge_variables_lookup
key: override
groups:
description:
- Search for variables across hosts that belong to the given groups. This allows to collect configuration pieces across
different hosts (for example a service on a host with its database on another host).
type: list
elements: str
version_added: 8.5.0
"""
EXAMPLES = """
EXAMPLES = r"""
# Some example variables, they can be defined anywhere as long as they are in scope
test_init_list:
- "list init item 1"
@ -91,7 +90,6 @@ testb__test_dict:
ports:
- 3
# Merge variables that end with '__test_dict' and store the result in a variable 'example_a'
example_a: "{{ lookup('community.general.merge_variables', '__test_dict', pattern_type='suffix') }}"
@ -100,7 +98,6 @@ example_a: "{{ lookup('community.general.merge_variables', '__test_dict', patter
# - 1
# - 3
# Merge variables that match the '^.+__test_list$' regular expression, starting with an initial value and store the
# result in a variable 'example_b'
example_b: "{{ lookup('community.general.merge_variables', '^.+__test_list$', initial_value=test_init_list) }}"
@ -112,12 +109,12 @@ example_b: "{{ lookup('community.general.merge_variables', '^.+__test_list$', in
# - "test b item 1"
"""
RETURN = """
_raw:
description: In case the search matches list items, a list will be returned. In case the search matches dicts, a
dict will be returned.
type: raw
elements: raw
RETURN = r"""
_raw:
description: In case the search matches list items, a list will be returned. In case the search matches dicts, a dict will
be returned.
type: raw
elements: raw
"""
import re

93
plugins/lookup/onepassword.py
View file

@ -8,39 +8,40 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: onepassword
author:
- Scott Buchanan (@scottsb)
- Andrew Zenk (@azenk)
- Sam Doran (@samdoran)
short_description: Fetch field values from 1Password
description:
- P(community.general.onepassword#lookup) wraps the C(op) command line utility to fetch specific field values from 1Password.
requirements:
- C(op) 1Password command line utility
options:
_terms:
description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
required: true
type: list
elements: string
account_id:
version_added: 7.5.0
domain:
version_added: 3.2.0
field:
description: Field to return from each matching item (case-insensitive).
default: 'password'
type: str
service_account_token:
version_added: 7.1.0
extends_documentation_fragment:
- community.general.onepassword
- community.general.onepassword.lookup
'''
DOCUMENTATION = r"""
name: onepassword
author:
- Scott Buchanan (@scottsb)
- Andrew Zenk (@azenk)
- Sam Doran (@samdoran)
short_description: Fetch field values from 1Password
description:
- P(community.general.onepassword#lookup) wraps the C(op) command line utility to fetch specific field values from 1Password.
requirements:
- C(op) 1Password command line utility
options:
_terms:
description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
required: true
type: list
elements: string
account_id:
version_added: 7.5.0
domain:
version_added: 3.2.0
field:
description: Field to return from each matching item (case-insensitive).
default: 'password'
type: str
service_account_token:
version_added: 7.1.0
extends_documentation_fragment:
- community.general.onepassword
- community.general.onepassword.lookup
"""
EXAMPLES = """
EXAMPLES = r"""
---
# These examples only work when already signed in to 1Password
- name: Retrieve password for KITT when already signed in to 1Password
ansible.builtin.debug:
@ -56,32 +57,24 @@ EXAMPLES = """
- name: Retrieve password for HAL when not signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword',
'HAL 9000',
subdomain='Discovery',
master_password=vault_master_password)
var: lookup('community.general.onepassword', 'HAL 9000', subdomain='Discovery', master_password=vault_master_password)
- name: Retrieve password for HAL when never signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword',
'HAL 9000',
subdomain='Discovery',
master_password=vault_master_password,
username='tweety@acme.com',
secret_key=vault_secret_key)
var: >-
lookup('community.general.onepassword', 'HAL 9000', subdomain='Discovery', master_password=vault_master_password,
username='tweety@acme.com', secret_key=vault_secret_key)
- name: Retrieve password from specific account
ansible.builtin.debug:
var: lookup('community.general.onepassword',
'HAL 9000',
account_id='abc123')
var: lookup('community.general.onepassword', 'HAL 9000', account_id='abc123')
"""
RETURN = """
_raw:
description: Field data requested.
type: list
elements: str
RETURN = r"""
_raw:
description: Field data requested.
type: list
elements: str
"""
import abc

60
plugins/lookup/onepassword_doc.py
View file

@ -6,43 +6,43 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: onepassword_doc
author:
- Sam Doran (@samdoran)
requirements:
- C(op) 1Password command line utility version 2 or later.
short_description: Fetch documents stored in 1Password
version_added: "8.1.0"
description:
- P(community.general.onepassword_doc#lookup) wraps C(op) command line utility to fetch one or more documents from 1Password.
notes:
- The document contents are a string exactly as stored in 1Password.
- This plugin requires C(op) version 2 or later.
DOCUMENTATION = r"""
name: onepassword_doc
author:
- Sam Doran (@samdoran)
requirements:
- C(op) 1Password command line utility version 2 or later.
short_description: Fetch documents stored in 1Password
version_added: "8.1.0"
description:
- P(community.general.onepassword_doc#lookup) wraps C(op) command line utility to fetch one or more documents from 1Password.
notes:
- The document contents are a string exactly as stored in 1Password.
- This plugin requires C(op) version 2 or later.
options:
_terms:
description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
required: true
type: list
elements: string
options:
_terms:
description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
required: true
type: list
elements: string
extends_documentation_fragment:
- community.general.onepassword
- community.general.onepassword.lookup
"""
extends_documentation_fragment:
- community.general.onepassword
- community.general.onepassword.lookup
'''
EXAMPLES = """
EXAMPLES = r"""
---
- name: Retrieve a private key from 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword_doc', 'Private key')
"""
RETURN = """
_raw:
description: Requested document
type: list
elements: string
RETURN = r"""
_raw:
description: Requested document.
type: list
elements: string
"""
from ansible_collections.community.general.plugins.lookup.onepassword import OnePass, OnePassCLIv2

67
plugins/lookup/onepassword_raw.py
View file

@ -8,35 +8,36 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: onepassword_raw
author:
- Scott Buchanan (@scottsb)
- Andrew Zenk (@azenk)
- Sam Doran (@samdoran)
requirements:
- C(op) 1Password command line utility
short_description: Fetch an entire item from 1Password
description:
- P(community.general.onepassword_raw#lookup) wraps C(op) command line utility to fetch an entire item from 1Password.
options:
_terms:
description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
required: true
type: list
elements: string
account_id:
version_added: 7.5.0
domain:
version_added: 6.0.0
service_account_token:
version_added: 7.1.0
extends_documentation_fragment:
- community.general.onepassword
- community.general.onepassword.lookup
'''
DOCUMENTATION = r"""
name: onepassword_raw
author:
- Scott Buchanan (@scottsb)
- Andrew Zenk (@azenk)
- Sam Doran (@samdoran)
requirements:
- C(op) 1Password command line utility
short_description: Fetch an entire item from 1Password
description:
- P(community.general.onepassword_raw#lookup) wraps C(op) command line utility to fetch an entire item from 1Password.
options:
_terms:
description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
required: true
type: list
elements: string
account_id:
version_added: 7.5.0
domain:
version_added: 6.0.0
service_account_token:
version_added: 7.1.0
extends_documentation_fragment:
- community.general.onepassword
- community.general.onepassword.lookup
"""
EXAMPLES = """
EXAMPLES = r"""
---
- name: Retrieve all data about Wintermute
ansible.builtin.debug:
var: lookup('community.general.onepassword_raw', 'Wintermute')
@ -46,11 +47,11 @@ EXAMPLES = """
var: lookup('community.general.onepassword_raw', 'Wintermute', subdomain='Turing', vault_password='DmbslfLvasjdl')
"""
RETURN = """
_raw:
description: Entire item requested.
type: list
elements: dict
RETURN = r"""
_raw:
description: Entire item requested.
type: list
elements: dict
"""
import json

8
plugins/lookup/onepassword_ssh_key.py
View file

@ -5,7 +5,7 @@
from __future__ import annotations
DOCUMENTATION = """
DOCUMENTATION = r"""
name: onepassword_ssh_key
author:
- Mohammed Babelly (@mohammedbabelly20)
@ -19,7 +19,6 @@ notes:
- By default, it returns the private key value in PKCS#8 format, unless O(ssh_format=true) is passed.
- The pluging works only for C(SSHKEY) type items.
- This plugin requires C(op) version 2 or later.
options:
_terms:
description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
@ -36,13 +35,14 @@ extends_documentation_fragment:
- community.general.onepassword.lookup
"""
EXAMPLES = """
EXAMPLES = r"""
---
- name: Retrieve the private SSH key from 1Password
ansible.builtin.debug:
msg: "{{ lookup('community.general.onepassword_ssh_key', 'SSH Key', ssh_format=true) }}"
"""
RETURN = """
RETURN = r"""
_raw:
description: Private key of SSH keypair.
type: list

313
plugins/lookup/passwordstore.py
View file

@ -7,167 +7,168 @@ from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: passwordstore
author:
- Patrick Deelman (!UNKNOWN) <patrick@patrickdeelman.nl>
short_description: manage passwords with passwordstore.org's pass utility
DOCUMENTATION = r"""
name: passwordstore
author:
- Patrick Deelman (!UNKNOWN) <patrick@patrickdeelman.nl>
short_description: manage passwords with passwordstore.org's pass utility
description:
- Enables Ansible to retrieve, create or update passwords from the passwordstore.org pass utility. It can also retrieve,
create or update YAML style keys stored as multilines in the passwordfile.
- To avoid problems when accessing multiple secrets at once, add C(auto-expand-secmem) to C(~/.gnupg/gpg-agent.conf). Where
this is not possible, consider using O(lock=readwrite) instead.
options:
_terms:
description: Query key.
required: true
directory:
description:
- Enables Ansible to retrieve, create or update passwords from the passwordstore.org pass utility.
It can also retrieve, create or update YAML style keys stored as multilines in the passwordfile.
- To avoid problems when accessing multiple secrets at once, add C(auto-expand-secmem) to
C(~/.gnupg/gpg-agent.conf). Where this is not possible, consider using O(lock=readwrite) instead.
options:
_terms:
description: query key.
required: true
directory:
description:
- The directory of the password store.
- If O(backend=pass), the default is V(~/.password-store) is used.
- If O(backend=gopass), then the default is the C(path) field in C(~/.config/gopass/config.yml),
falling back to V(~/.local/share/gopass/stores/root) if C(path) is not defined in the gopass config.
type: path
vars:
- name: passwordstore
env:
- name: PASSWORD_STORE_DIR
create:
description: Create the password or the subkey if it does not already exist. Takes precedence over O(missing).
type: bool
default: false
overwrite:
description: Overwrite the password or the subkey if it does already exist.
type: bool
default: false
umask:
description:
- Sets the umask for the created V(.gpg) files. The first octed must be greater than 3 (user readable).
- Note pass' default value is V('077').
type: string
env:
- name: PASSWORD_STORE_UMASK
version_added: 1.3.0
returnall:
description: Return all the content of the password, not only the first line.
type: bool
default: false
subkey:
description:
- By default return a specific subkey of the password. When set to V(password), always returns the first line.
- With O(overwrite=true), it will create the subkey and return it.
type: str
default: password
userpass:
description: Specify a password to save, instead of a generated one.
type: str
length:
description: The length of the generated password.
type: integer
default: 16
backup:
description: Used with O(overwrite=true). Backup the previous password or subkey in a subkey.
type: bool
default: false
nosymbols:
description: Use alphanumeric characters.
type: bool
default: false
missing:
description:
- List of preference about what to do if the password file is missing.
- If O(create=true), the value for this option is ignored and assumed to be V(create).
- If set to V(error), the lookup will error out if the passname does not exist.
- If set to V(create), the passname will be created with the provided length O(length) if it does not exist.
- If set to V(empty) or V(warn), will return a V(none) in case the passname does not exist.
When using C(lookup) and not C(query), this will be translated to an empty string.
version_added: 3.1.0
type: str
default: error
choices:
- error
- warn
- empty
- create
lock:
description:
- How to synchronize operations.
- The default of V(write) only synchronizes write operations.
- V(readwrite) synchronizes all operations (including read). This makes sure that gpg-agent is never called in parallel.
- V(none) does not do any synchronization.
ini:
- section: passwordstore_lookup
key: lock
type: str
default: write
choices:
- readwrite
- write
- none
version_added: 4.5.0
locktimeout:
description:
- Lock timeout applied when O(lock) is not V(none).
- Time with a unit suffix, V(s), V(m), V(h) for seconds, minutes, and hours, respectively. For example, V(900s) equals V(15m).
- Correlates with C(pinentry-timeout) in C(~/.gnupg/gpg-agent.conf), see C(man gpg-agent) for details.
ini:
- section: passwordstore_lookup
key: locktimeout
type: str
default: 15m
version_added: 4.5.0
backend:
description:
- Specify which backend to use.
- Defaults to V(pass), passwordstore.org's original pass utility.
- V(gopass) support is incomplete.
ini:
- section: passwordstore_lookup
key: backend
vars:
- name: passwordstore_backend
type: str
default: pass
choices:
- pass
- gopass
version_added: 5.2.0
timestamp:
description: Add the password generation information to the end of the file.
type: bool
default: true
version_added: 8.1.0
preserve:
description: Include the old (edited) password inside the pass file.
type: bool
default: true
version_added: 8.1.0
missing_subkey:
description:
- Preference about what to do if the password subkey is missing.
- If set to V(error), the lookup will error out if the subkey does not exist.
- If set to V(empty) or V(warn), will return a V(none) in case the subkey does not exist.
version_added: 8.6.0
type: str
default: empty
choices:
- error
- warn
- empty
ini:
- section: passwordstore_lookup
key: missing_subkey
notes:
- The lookup supports passing all options as lookup parameters since community.general 6.0.0.
'''
EXAMPLES = """
- The directory of the password store.
- If O(backend=pass), the default is V(~/.password-store) is used.
- If O(backend=gopass), then the default is the C(path) field in C(~/.config/gopass/config.yml), falling back to V(~/.local/share/gopass/stores/root)
if C(path) is not defined in the gopass config.
type: path
vars:
- name: passwordstore
env:
- name: PASSWORD_STORE_DIR
create:
description: Create the password or the subkey if it does not already exist. Takes precedence over O(missing).
type: bool
default: false
overwrite:
description: Overwrite the password or the subkey if it does already exist.
type: bool
default: false
umask:
description:
- Sets the umask for the created V(.gpg) files. The first octed must be greater than 3 (user readable).
- Note pass' default value is V('077').
type: string
env:
- name: PASSWORD_STORE_UMASK
version_added: 1.3.0
returnall:
description: Return all the content of the password, not only the first line.
type: bool
default: false
subkey:
description:
- By default return a specific subkey of the password. When set to V(password), always returns the first line.
- With O(overwrite=true), it will create the subkey and return it.
type: str
default: password
userpass:
description: Specify a password to save, instead of a generated one.
type: str
length:
description: The length of the generated password.
type: integer
default: 16
backup:
description: Used with O(overwrite=true). Backup the previous password or subkey in a subkey.
type: bool
default: false
nosymbols:
description: Use alphanumeric characters.
type: bool
default: false
missing:
description:
- List of preference about what to do if the password file is missing.
- If O(create=true), the value for this option is ignored and assumed to be V(create).
- If set to V(error), the lookup will error out if the passname does not exist.
- If set to V(create), the passname will be created with the provided length O(length) if it does not exist.
- If set to V(empty) or V(warn), will return a V(none) in case the passname does not exist. When using C(lookup) and
not C(query), this will be translated to an empty string.
version_added: 3.1.0
type: str
default: error
choices:
- error
- warn
- empty
- create
lock:
description:
- How to synchronize operations.
- The default of V(write) only synchronizes write operations.
- V(readwrite) synchronizes all operations (including read). This makes sure that gpg-agent is never called in parallel.
- V(none) does not do any synchronization.
ini:
- section: passwordstore_lookup
key: lock
type: str
default: write
choices:
- readwrite
- write
- none
version_added: 4.5.0
locktimeout:
description:
- Lock timeout applied when O(lock) is not V(none).
- Time with a unit suffix, V(s), V(m), V(h) for seconds, minutes, and hours, respectively. For example, V(900s) equals
V(15m).
- Correlates with C(pinentry-timeout) in C(~/.gnupg/gpg-agent.conf), see C(man gpg-agent) for details.
ini:
- section: passwordstore_lookup
key: locktimeout
type: str
default: 15m
version_added: 4.5.0
backend:
description:
- Specify which backend to use.
- Defaults to V(pass), passwordstore.org's original pass utility.
- V(gopass) support is incomplete.
ini:
- section: passwordstore_lookup
key: backend
vars:
- name: passwordstore_backend
type: str
default: pass
choices:
- pass
- gopass
version_added: 5.2.0
timestamp:
description: Add the password generation information to the end of the file.
type: bool
default: true
version_added: 8.1.0
preserve:
description: Include the old (edited) password inside the pass file.
type: bool
default: true
version_added: 8.1.0
missing_subkey:
description:
- Preference about what to do if the password subkey is missing.
- If set to V(error), the lookup will error out if the subkey does not exist.
- If set to V(empty) or V(warn), will return a V(none) in case the subkey does not exist.
version_added: 8.6.0
type: str
default: empty
choices:
- error
- warn
- empty
ini:
- section: passwordstore_lookup
key: missing_subkey
notes:
- The lookup supports passing all options as lookup parameters since community.general 6.0.0.
"""
EXAMPLES = r"""
ansible.cfg: |
[passwordstore_lookup]
lock=readwrite
locktimeout=45s
missing_subkey=warn
tasks.yml: |
tasks.yml: |-
---
# Debug is used for examples, BAD IDEA to show passwords on screen
@ -233,10 +234,10 @@ tasks.yml: |
passfilecontent: "{{ lookup('community.general.passwordstore', 'example/test', returnall=true)}}"
"""
RETURN = """
RETURN = r"""
_raw:
description:
- a password
- A password.
type: list
elements: str
"""

74
plugins/lookup/random_pet.py
View file

@ -8,38 +8,38 @@ from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = r'''
name: random_pet
author:
- Abhijeet Kasurde (@Akasurde)
short_description: Generates random pet names
version_added: '3.1.0'
requirements:
- petname U(https://github.com/dustinkirkland/python-petname)
DOCUMENTATION = r"""
name: random_pet
author:
- Abhijeet Kasurde (@Akasurde)
short_description: Generates random pet names
version_added: '3.1.0'
requirements:
- petname U(https://github.com/dustinkirkland/python-petname)
description:
- Generates random pet names that can be used as unique identifiers for the resources.
options:
words:
description:
- Generates random pet names that can be used as unique identifiers for the resources.
options:
words:
description:
- The number of words in the pet name.
default: 2
type: int
length:
description:
- The maximal length of every component of the pet name.
- Values below 3 will be set to 3 by petname.
default: 6
type: int
prefix:
description: A string to prefix with the name.
type: str
separator:
description: The character to separate words in the pet name.
default: "-"
type: str
'''
- The number of words in the pet name.
default: 2
type: int
length:
description:
- The maximal length of every component of the pet name.
- Values below 3 will be set to 3 by petname.
default: 6
type: int
prefix:
description: A string to prefix with the name.
type: str
separator:
description: The character to separate words in the pet name.
default: "-"
type: str
"""
EXAMPLES = r'''
EXAMPLES = r"""
- name: Generate pet name
ansible.builtin.debug:
var: lookup('community.general.random_pet')
@ -59,14 +59,14 @@ EXAMPLES = r'''
ansible.builtin.debug:
var: lookup('community.general.random_pet', length=7)
# Example result: 'natural-peacock'
'''
"""
RETURN = r'''
_raw:
description: A one-element list containing a random pet name
type: list
elements: str
'''
RETURN = r"""
_raw:
description: A one-element list containing a random pet name.
type: list
elements: str
"""
try:
import petname

183
plugins/lookup/random_string.py
View file

@ -9,95 +9,94 @@ from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = r"""
name: random_string
author:
- Abhijeet Kasurde (@Akasurde)
short_description: Generates random string
version_added: '3.2.0'
name: random_string
author:
- Abhijeet Kasurde (@Akasurde)
short_description: Generates random string
version_added: '3.2.0'
description:
- Generates random string based upon the given constraints.
- Uses L(random.SystemRandom,https://docs.python.org/3/library/random.html#random.SystemRandom), so should be strong enough
for cryptographic purposes.
options:
length:
description: The length of the string.
default: 8
type: int
upper:
description:
- Generates random string based upon the given constraints.
- Uses L(random.SystemRandom,https://docs.python.org/3/library/random.html#random.SystemRandom),
so should be strong enough for cryptographic purposes.
options:
length:
description: The length of the string.
default: 8
type: int
upper:
description:
- Include uppercase letters in the string.
default: true
type: bool
lower:
description:
- Include lowercase letters in the string.
default: true
type: bool
numbers:
description:
- Include numbers in the string.
default: true
type: bool
special:
description:
- Include special characters in the string.
- Special characters are taken from Python standard library C(string).
See L(the documentation of string.punctuation,https://docs.python.org/3/library/string.html#string.punctuation)
for which characters will be used.
- The choice of special characters can be changed to setting O(override_special).
default: true
type: bool
min_numeric:
description:
- Minimum number of numeric characters in the string.
- If set, overrides O(numbers=false).
default: 0
type: int
min_upper:
description:
- Minimum number of uppercase alphabets in the string.
- If set, overrides O(upper=false).
default: 0
type: int
min_lower:
description:
- Minimum number of lowercase alphabets in the string.
- If set, overrides O(lower=false).
default: 0
type: int
min_special:
description:
- Minimum number of special character in the string.
default: 0
type: int
override_special:
description:
- Override a list of special characters to use in the string.
- If set O(min_special) should be set to a non-default value.
type: str
override_all:
description:
- Override all values of O(numbers), O(upper), O(lower), and O(special) with
the given list of characters.
type: str
ignore_similar_chars:
description:
- Ignore similar characters, such as V(l) and V(1), or V(O) and V(0).
- These characters can be configured in O(similar_chars).
default: false
type: bool
version_added: 7.5.0
similar_chars:
description:
- Override a list of characters not to be use in the string.
default: "il1LoO0"
type: str
version_added: 7.5.0
base64:
description:
- Returns base64 encoded string.
type: bool
default: false
- Include uppercase letters in the string.
default: true
type: bool
lower:
description:
- Include lowercase letters in the string.
default: true
type: bool
numbers:
description:
- Include numbers in the string.
default: true
type: bool
special:
description:
- Include special characters in the string.
- Special characters are taken from Python standard library C(string).
See L(the documentation of string.punctuation,https://docs.python.org/3/library/string.html#string.punctuation)
for which characters will be used.
- The choice of special characters can be changed to setting O(override_special).
default: true
type: bool
min_numeric:
description:
- Minimum number of numeric characters in the string.
- If set, overrides O(numbers=false).
default: 0
type: int
min_upper:
description:
- Minimum number of uppercase alphabets in the string.
- If set, overrides O(upper=false).
default: 0
type: int
min_lower:
description:
- Minimum number of lowercase alphabets in the string.
- If set, overrides O(lower=false).
default: 0
type: int
min_special:
description:
- Minimum number of special character in the string.
default: 0
type: int
override_special:
description:
- Override a list of special characters to use in the string.
- If set O(min_special) should be set to a non-default value.
type: str
override_all:
description:
- Override all values of O(numbers), O(upper), O(lower), and O(special) with the given list of characters.
type: str
ignore_similar_chars:
description:
- Ignore similar characters, such as V(l) and V(1), or V(O) and V(0).
- These characters can be configured in O(similar_chars).
default: false
type: bool
version_added: 7.5.0
similar_chars:
description:
- Override a list of characters not to be use in the string.
default: "il1LoO0"
type: str
version_added: 7.5.0
base64:
description:
- Returns base64 encoded string.
type: bool
default: false
"""
EXAMPLES = r"""
@ -142,10 +141,10 @@ EXAMPLES = r"""
"""
RETURN = r"""
_raw:
description: A one-element list containing a random string
type: list
elements: str
_raw:
description: A one-element list containing a random string.
type: list
elements: str
"""
import base64

81
plugins/lookup/random_words.py
View file

@ -10,44 +10,43 @@ from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = r"""
name: random_words
author:
- Thomas Sjögren (@konstruktoid)
short_description: Return a number of random words
version_added: "4.0.0"
requirements:
- xkcdpass U(https://github.com/redacted/XKCD-password-generator)
name: random_words
author:
- Thomas Sjögren (@konstruktoid)
short_description: Return a number of random words
version_added: "4.0.0"
requirements:
- xkcdpass U(https://github.com/redacted/XKCD-password-generator)
description:
- Returns a number of random words. The output can for example be used for passwords.
- See U(https://xkcd.com/936/) for background.
options:
numwords:
description:
- Returns a number of random words. The output can for example be used for
passwords.
- See U(https://xkcd.com/936/) for background.
options:
numwords:
description:
- The number of words.
default: 6
type: int
min_length:
description:
- Minimum length of words to make password.
default: 5
type: int
max_length:
description:
- Maximum length of words to make password.
default: 9
type: int
delimiter:
description:
- The delimiter character between words.
default: " "
type: str
case:
description:
- The method for setting the case of each word in the passphrase.
choices: ["alternating", "upper", "lower", "random", "capitalize"]
default: "lower"
type: str
- The number of words.
default: 6
type: int
min_length:
description:
- Minimum length of words to make password.
default: 5
type: int
max_length:
description:
- Maximum length of words to make password.
default: 9
type: int
delimiter:
description:
- The delimiter character between words.
default: " "
type: str
case:
description:
- The method for setting the case of each word in the passphrase.
choices: ["alternating", "upper", "lower", "random", "capitalize"]
default: "lower"
type: str
"""
EXAMPLES = r"""
@ -74,10 +73,10 @@ EXAMPLES = r"""
"""
RETURN = r"""
_raw:
description: A single-element list containing random words.
type: list
elements: str
_raw:
description: A single-element list containing random words.
type: list
elements: str
"""
from ansible.errors import AnsibleLookupError

91
plugins/lookup/redis.py
View file

@ -6,50 +6,50 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: redis
author:
- Jan-Piet Mens (@jpmens) <jpmens(at)gmail.com>
- Ansible Core Team
short_description: fetch data from Redis
description:
- This lookup returns a list of results from a Redis DB corresponding to a list of items given to it
requirements:
- redis (python library https://github.com/andymccurdy/redis-py/)
options:
_terms:
description: list of keys to query
type: list
elements: string
host:
description: location of Redis host
type: string
default: '127.0.0.1'
env:
- name: ANSIBLE_REDIS_HOST
ini:
- section: lookup_redis
key: host
port:
description: port on which Redis is listening on
default: 6379
type: int
env:
- name: ANSIBLE_REDIS_PORT
ini:
- section: lookup_redis
key: port
socket:
description: path to socket on which to query Redis, this option overrides host and port options when set.
type: path
env:
- name: ANSIBLE_REDIS_SOCKET
ini:
- section: lookup_redis
key: socket
'''
DOCUMENTATION = r"""
name: redis
author:
- Jan-Piet Mens (@jpmens) <jpmens(at)gmail.com>
- Ansible Core Team
short_description: fetch data from Redis
description:
- This lookup returns a list of results from a Redis DB corresponding to a list of items given to it.
requirements:
- redis (python library https://github.com/andymccurdy/redis-py/)
options:
_terms:
description: List of keys to query.
type: list
elements: string
host:
description: Location of Redis host.
type: string
default: '127.0.0.1'
env:
- name: ANSIBLE_REDIS_HOST
ini:
- section: lookup_redis
key: host
port:
description: Port on which Redis is listening on.
default: 6379
type: int
env:
- name: ANSIBLE_REDIS_PORT
ini:
- section: lookup_redis
key: port
socket:
description: Path to socket on which to query Redis, this option overrides host and port options when set.
type: path
env:
- name: ANSIBLE_REDIS_SOCKET
ini:
- section: lookup_redis
key: socket
"""
EXAMPLES = """
EXAMPLES = r"""
- name: query redis for somekey (default or configured settings used)
ansible.builtin.debug:
msg: "{{ lookup('community.general.redis', 'somekey') }}"
@ -66,12 +66,11 @@ EXAMPLES = """
- name: use list directly with a socket
ansible.builtin.debug:
msg: "{{ lookup('community.general.redis', 'key1', 'key2', socket='/var/tmp/redis.sock') }}"
"""
RETURN = """
RETURN = r"""
_raw:
description: value(s) stored in Redis
description: Value(s) stored in Redis.
type: list
elements: str
"""

73
plugins/lookup/revbitspss.py
View file

@ -12,54 +12,55 @@ author: RevBits (@RevBits) <info@revbits.com>
short_description: Get secrets from RevBits PAM server
version_added: 4.1.0
description:
- Uses the revbits_ansible Python SDK to get Secrets from RevBits PAM
Server using API key authentication with the REST API.
- Uses the revbits_ansible Python SDK to get Secrets from RevBits PAM Server using API key authentication with the REST
API.
requirements:
- revbits_ansible - U(https://pypi.org/project/revbits_ansible/)
- revbits_ansible - U(https://pypi.org/project/revbits_ansible/)
options:
_terms:
description:
- This will be an array of keys for secrets which you want to fetch from RevBits PAM.
required: true
type: list
elements: string
base_url:
description:
- This will be the base URL of the server, for example V(https://server-url-here).
required: true
type: string
api_key:
description:
- This will be the API key for authentication. You can get it from the RevBits PAM secret manager module.
required: true
type: string
_terms:
description:
- This will be an array of keys for secrets which you want to fetch from RevBits PAM.
required: true
type: list
elements: string
base_url:
description:
- This will be the base URL of the server, for example V(https://server-url-here).
required: true
type: string
api_key:
description:
- This will be the API key for authentication. You can get it from the RevBits PAM secret manager module.
required: true
type: string
"""
RETURN = r"""
_list:
description:
- The JSON responses which you can access with defined keys.
- If you are fetching secrets named as UUID, PASSWORD it will gives you the dict of all secrets.
type: list
elements: dict
description:
- The JSON responses which you can access with defined keys.
- If you are fetching secrets named as UUID, PASSWORD it will gives you the dict of all secrets.
type: list
elements: dict
"""
EXAMPLES = r"""
---
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.revbitspss',
'UUIDPAM', 'DB_PASS',
base_url='https://server-url-here',
api_key='API_KEY_GOES_HERE'
)
}}
secret: >-
{{
lookup(
'community.general.revbitspss',
'UUIDPAM', 'DB_PASS',
base_url='https://server-url-here',
api_key='API_KEY_GOES_HERE'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
UUIDPAM is {{ (secret['UUIDPAM']) }} and DB_PASS is {{ (secret['DB_PASS']) }}
- ansible.builtin.debug:
msg: >-
UUIDPAM is {{ (secret['UUIDPAM']) }} and DB_PASS is {{ (secret['DB_PASS']) }}
"""
from ansible.plugins.lookup import LookupBase

45
plugins/lookup/shelvefile.py
View file

@ -6,34 +6,35 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
name: shelvefile
author: Alejandro Guirao (!UNKNOWN) <lekumberri@gmail.com>
short_description: read keys from Python shelve file
description:
- Read keys from Python shelve file.
options:
_terms:
description: Sets of key value pairs of parameters.
type: list
elements: str
key:
description: Key to query.
type: str
required: true
file:
description: Path to shelve file.
type: path
required: true
'''
DOCUMENTATION = r"""
name: shelvefile
author: Alejandro Guirao (!UNKNOWN) <lekumberri@gmail.com>
short_description: read keys from Python shelve file
description:
- Read keys from Python shelve file.
options:
_terms:
description: Sets of key value pairs of parameters.
type: list
elements: str
key:
description: Key to query.
type: str
required: true
file:
description: Path to shelve file.
type: path
required: true
"""
EXAMPLES = """
EXAMPLES = r"""
---
- name: Retrieve a string value corresponding to a key inside a Python shelve file
ansible.builtin.debug:
msg: "{{ lookup('community.general.shelvefile', 'file=path_to_some_shelve_file.db key=key_to_retrieve') }}"
"""
RETURN = """
RETURN = r"""
_list:
description: Value(s) of key(s) in shelve file(s).
type: list

388
plugins/lookup/tss.py
View file

@ -12,200 +12,196 @@ author: Adam Migus (@amigus) <adam@migus.org>
short_description: Get secrets from Thycotic Secret Server
version_added: 1.0.0
description:
- Uses the Thycotic Secret Server Python SDK to get Secrets from Secret
Server using token authentication with O(username) and O(password) on
the REST API at O(base_url).
- When using self-signed certificates the environment variable
E(REQUESTS_CA_BUNDLE) can be set to a file containing the trusted certificates
(in C(.pem) format).
- For example, C(export REQUESTS_CA_BUNDLE='/etc/ssl/certs/ca-bundle.trust.crt').
- Uses the Thycotic Secret Server Python SDK to get Secrets from Secret Server using token authentication with O(username)
and O(password) on the REST API at O(base_url).
- When using self-signed certificates the environment variable E(REQUESTS_CA_BUNDLE) can be set to a file containing the
trusted certificates (in C(.pem) format).
- For example, C(export REQUESTS_CA_BUNDLE='/etc/ssl/certs/ca-bundle.trust.crt').
requirements:
- python-tss-sdk - https://pypi.org/project/python-tss-sdk/
- python-tss-sdk - https://pypi.org/project/python-tss-sdk/
options:
_terms:
description: The integer ID of the secret.
required: true
type: list
elements: int
secret_path:
description: Indicate a full path of secret including folder and secret name when the secret ID is set to 0.
required: false
type: str
version_added: 7.2.0
fetch_secret_ids_from_folder:
description:
- Boolean flag which indicates whether secret ids are in a folder is fetched by folder ID or not.
- V(true) then the terms will be considered as a folder IDs. Otherwise (default), they are considered as secret IDs.
required: false
type: bool
version_added: 7.1.0
fetch_attachments:
description:
- Boolean flag which indicates whether attached files will get downloaded or not.
- The download will only happen if O(file_download_path) has been provided.
required: false
type: bool
version_added: 7.0.0
file_download_path:
description: Indicate the file attachment download location.
required: false
type: path
version_added: 7.0.0
base_url:
description: The base URL of the server, for example V(https://localhost/SecretServer).
type: string
env:
- name: TSS_BASE_URL
ini:
- section: tss_lookup
key: base_url
required: true
username:
description: The username with which to request the OAuth2 Access Grant.
type: string
env:
- name: TSS_USERNAME
ini:
- section: tss_lookup
key: username
password:
description:
- The password associated with the supplied username.
- Required when O(token) is not provided.
type: string
env:
- name: TSS_PASSWORD
ini:
- section: tss_lookup
key: password
domain:
default: ""
description:
- The domain with which to request the OAuth2 Access Grant.
- Optional when O(token) is not provided.
- Requires C(python-tss-sdk) version 1.0.0 or greater.
type: string
env:
- name: TSS_DOMAIN
ini:
- section: tss_lookup
key: domain
required: false
version_added: 3.6.0
token:
description:
- Existing token for Thycotic authorizer.
- If provided, O(username) and O(password) are not needed.
- Requires C(python-tss-sdk) version 1.0.0 or greater.
type: string
env:
- name: TSS_TOKEN
ini:
- section: tss_lookup
key: token
version_added: 3.7.0
api_path_uri:
default: /api/v1
description: The path to append to the base URL to form a valid REST
API request.
type: string
env:
- name: TSS_API_PATH_URI
required: false
token_path_uri:
default: /oauth2/token
description: The path to append to the base URL to form a valid OAuth2
Access Grant request.
type: string
env:
- name: TSS_TOKEN_PATH_URI
required: false
_terms:
description: The integer ID of the secret.
required: true
type: list
elements: int
secret_path:
description: Indicate a full path of secret including folder and secret name when the secret ID is set to 0.
required: false
type: str
version_added: 7.2.0
fetch_secret_ids_from_folder:
description:
- Boolean flag which indicates whether secret IDs are in a folder is fetched by folder ID or not.
- V(true) then the terms will be considered as a folder IDs. Otherwise (default), they are considered as secret IDs.
required: false
type: bool
version_added: 7.1.0
fetch_attachments:
description:
- Boolean flag which indicates whether attached files will get downloaded or not.
- The download will only happen if O(file_download_path) has been provided.
required: false
type: bool
version_added: 7.0.0
file_download_path:
description: Indicate the file attachment download location.
required: false
type: path
version_added: 7.0.0
base_url:
description: The base URL of the server, for example V(https://localhost/SecretServer).
type: string
env:
- name: TSS_BASE_URL
ini:
- section: tss_lookup
key: base_url
required: true
username:
description: The username with which to request the OAuth2 Access Grant.
type: string
env:
- name: TSS_USERNAME
ini:
- section: tss_lookup
key: username
password:
description:
- The password associated with the supplied username.
- Required when O(token) is not provided.
type: string
env:
- name: TSS_PASSWORD
ini:
- section: tss_lookup
key: password
domain:
default: ""
description:
- The domain with which to request the OAuth2 Access Grant.
- Optional when O(token) is not provided.
- Requires C(python-tss-sdk) version 1.0.0 or greater.
type: string
env:
- name: TSS_DOMAIN
ini:
- section: tss_lookup
key: domain
required: false
version_added: 3.6.0
token:
description:
- Existing token for Thycotic authorizer.
- If provided, O(username) and O(password) are not needed.
- Requires C(python-tss-sdk) version 1.0.0 or greater.
type: string
env:
- name: TSS_TOKEN
ini:
- section: tss_lookup
key: token
version_added: 3.7.0
api_path_uri:
default: /api/v1
description: The path to append to the base URL to form a valid REST API request.
type: string
env:
- name: TSS_API_PATH_URI
required: false
token_path_uri:
default: /oauth2/token
description: The path to append to the base URL to form a valid OAuth2 Access Grant request.
type: string
env:
- name: TSS_TOKEN_PATH_URI
required: false
"""
RETURN = r"""
_list:
description:
- The JSON responses to C(GET /secrets/{id}).
- See U(https://updates.thycotic.net/secretserver/restapiguide/TokenAuth/#operation--secrets--id--get).
type: list
elements: dict
description:
- The JSON responses to C(GET /secrets/{id}).
- See U(https://updates.thycotic.net/secretserver/restapiguide/TokenAuth/#operation--secrets--id--get).
type: list
elements: dict
"""
EXAMPLES = r"""
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
username='user.name',
password='password'
)
}}
secret: >-
{{
lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
username='user.name',
password='password'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
- ansible.builtin.debug:
msg: >
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
username='user.name',
password='password',
domain='domain'
)
}}
secret: >-
{{
lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
username='user.name',
password='password',
domain='domain'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
- ansible.builtin.debug:
msg: >
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
- hosts: localhost
vars:
secret_password: >-
{{
((lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
token='thycotic_access_token',
) | from_json).get('items') | items2dict(key_name='slug', value_name='itemValue'))['password']
}}
secret_password: >-
{{
((lookup(
'community.general.tss',
102,
base_url='https://secretserver.domain.com/SecretServer/',
token='thycotic_access_token',
) | from_json).get('items') | items2dict(key_name='slug', value_name='itemValue'))['password']
}}
tasks:
- ansible.builtin.debug:
msg: the password is {{ secret_password }}
- ansible.builtin.debug:
msg: the password is {{ secret_password }}
# Private key stores into certificate file which is attached with secret.
# If fetch_attachments=True then private key file will be download on specified path
# and file content will display in debug message.
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
fetch_attachments=True,
file_download_path='/home/certs',
base_url='https://secretserver.domain.com/SecretServer/',
token='thycotic_access_token'
)
}}
secret: >-
{{
lookup(
'community.general.tss',
102,
fetch_attachments=True,
file_download_path='/home/certs',
base_url='https://secretserver.domain.com/SecretServer/',
token='thycotic_access_token'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
@ -218,16 +214,16 @@ EXAMPLES = r"""
# If fetch_secret_ids_from_folder=true then secret IDs are in a folder is fetched based on folder ID
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
102,
fetch_secret_ids_from_folder=true,
base_url='https://secretserver.domain.com/SecretServer/',
token='thycotic_access_token'
)
}}
secret: >-
{{
lookup(
'community.general.tss',
102,
fetch_secret_ids_from_folder=true,
base_url='https://secretserver.domain.com/SecretServer/',
token='thycotic_access_token'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
@ -238,25 +234,25 @@ EXAMPLES = r"""
# If secret ID is 0 and secret_path has value then secret is fetched by secret path
- hosts: localhost
vars:
secret: >-
{{
lookup(
'community.general.tss',
0,
secret_path='\folderName\secretName'
base_url='https://secretserver.domain.com/SecretServer/',
username='user.name',
password='password'
)
}}
secret: >-
{{
lookup(
'community.general.tss',
0,
secret_path='\folderName\secretName'
base_url='https://secretserver.domain.com/SecretServer/',
username='user.name',
password='password'
)
}}
tasks:
- ansible.builtin.debug:
msg: >
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
- ansible.builtin.debug:
msg: >-
the password is {{
(secret['items']
| items2dict(key_name='slug',
value_name='itemValue'))['password']
}}
"""
import abc