From 761e12344ff96757f549fcb09cb06b9f3af3bafe Mon Sep 17 00:00:00 2001
From: Jadyn Emma Jaeger <jadyn@jadyn.dev>
Date: Mon, 10 May 2021 07:58:04 +0200
Subject: [PATCH] feat(gpg_secretstore): add secretstore lookup plugin and
 documentation

---
 plugins/lookup/gpg_secretstore.py | 87 +++++++++++++++++++++++++++++++
 tests/sanity/ignore-2.13.txt      |  1 +
 tests/sanity/ignore-2.14.txt      |  1 +
 tests/sanity/ignore-2.15.txt      |  1 +
 4 files changed, 90 insertions(+)
 create mode 100644 plugins/lookup/gpg_secretstore.py

diff --git a/plugins/lookup/gpg_secretstore.py b/plugins/lookup/gpg_secretstore.py
new file mode 100644
index 0000000..d850ca7
--- /dev/null
+++ b/plugins/lookup/gpg_secretstore.py
@@ -0,0 +1,87 @@
+#!/usr/bin/python
+# coding: utf-8
+
+# (c) 2021, Famedly GmbH
+# GNU Affero General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/agpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = """
+    name: gpg_secretstore
+    author:
+      - Jadyn Emma Jäger (@jadyndev)
+    short_description: read passwords that are compatible with passwordstore.org's pass utility
+    description:
+      - Enables Ansible to read passwords/secrets from the passwordstore.org pass utility.
+        It's also able to read yaml/json files if needed
+    options:
+      _terms:
+        description: query key.
+        required: True
+      data-type:
+        description: If the decrypted data should be interpreted as yaml, json or plain text.
+        default: 'plain'
+        options:
+            - yaml
+            - json
+            - plain
+"""
+EXAMPLES = """
+# Debug is used for examples, BAD IDEA to show passwords on screen
+- name: lookup password without type
+  debug:
+    var: mypassword
+  vars:
+    mypassword: "{{ lookup('famedly.local.gpg_secretstore', 'example/plain')}}"
+
+- name: lookup password with type plain
+  debug:
+    var: mypassword
+  vars:
+    mypassword: "{{ lookup('famedly.local.gpg_secretstore', 'example/plain', 'plain')}}"
+
+- name: lookup password with type yaml
+  debug:
+    var: mypassword
+  vars:
+    mypassword: "{{ lookup('famedly.local.gpg_secretstore', 'example/yaml', 'yaml')}}"
+
+- name: lookup password with type json
+  debug:
+    var: mypassword
+  vars:
+    mypassword: "{{ lookup('famedly.local.gpg_secretstore', 'example/json', 'json')}}"
+"""
+
+RETURN = """
+_raw:
+  description:
+    - a password
+  type: list
+  elements: str
+"""
+
+from ansible.plugins.lookup import LookupBase
+from ansible_collections.famedly.base.plugins.module_utils.gpg_utils import SecretStore
+
+
+# Check if all required libs can loaded
+try:
+    import gnupg
+
+    HAS_LIB = True
+except ImportError:
+    raise ModuleNotFoundError("Library PGPy not found!")
+
+
+class LookupModule(LookupBase):
+    def run(self, terms: dict, variables, **kwargs):
+        if len(terms) == 1:
+            data_type = "plain"
+        else:
+            data_type = terms[1]
+        password_store = SecretStore()
+        result = password_store.get(terms[0], data_type)
+        return [result]
diff --git a/tests/sanity/ignore-2.13.txt b/tests/sanity/ignore-2.13.txt
index bf1dc93..893180e 100644
--- a/tests/sanity/ignore-2.13.txt
+++ b/tests/sanity/ignore-2.13.txt
@@ -1,2 +1,3 @@
+plugins/lookup/gpg_secretstore.py validate-modules:missing-gplv3-license # ignore license check
 plugins/modules/gpg_secretstore.py validate-modules:missing-gplv3-license # ignore license check
 roles/lego/templates/metrics-textfile.py.j2 shebang
diff --git a/tests/sanity/ignore-2.14.txt b/tests/sanity/ignore-2.14.txt
index bf1dc93..893180e 100644
--- a/tests/sanity/ignore-2.14.txt
+++ b/tests/sanity/ignore-2.14.txt
@@ -1,2 +1,3 @@
+plugins/lookup/gpg_secretstore.py validate-modules:missing-gplv3-license # ignore license check
 plugins/modules/gpg_secretstore.py validate-modules:missing-gplv3-license # ignore license check
 roles/lego/templates/metrics-textfile.py.j2 shebang
diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt
index bf1dc93..893180e 100644
--- a/tests/sanity/ignore-2.15.txt
+++ b/tests/sanity/ignore-2.15.txt
@@ -1,2 +1,3 @@
+plugins/lookup/gpg_secretstore.py validate-modules:missing-gplv3-license # ignore license check
 plugins/modules/gpg_secretstore.py validate-modules:missing-gplv3-license # ignore license check
 roles/lego/templates/metrics-textfile.py.j2 shebang