Commit graph

28 commits

Author SHA1 Message Date
Lars Kaiser
77a823859f
chore(gpg_secretstore): fix lints 2024-03-11 17:11:13 +01:00
transcaffeine
0e98261665
fix(gpg_secretstore): ensure import errors get properly passed to fail_json 2024-01-25 11:40:01 +01:00
transcaffeine
f54e12561b
feat(gpg_secretstore): add warning if running as root, change warnings
to str[]
2024-01-03 13:07:01 +01:00
transcaffeine
af7cd13af9
fix(gpg_secretstore): clear exception on unknown subkey 2024-01-02 12:41:08 +01:00
Jan Christian Grünhage
bb26511367
chore(gpg_secretstore): remove unused imports and disable lint for false-positive 2023-12-12 10:54:20 +01:00
transcaffeine
d17dfab09e
fix(gpg_secretstore): gnupg library respects GNUPG_HOME already
The gnupg python library uses the $GNUPG_HOME environment variable
to detect where the GnuPG home is. Setting a default of `~/.gnupg`
which overrides the library behaviour breaks this.
2023-12-12 10:54:05 +01:00
Jan Christian Grünhage
265036be47
chore(gpg_secretstore): assert existence of user supplied secret 2023-09-26 14:51:06 +02:00
Jan Christian Grünhage
1bd01fc376
fix(gpg_secretstore): properly merge Jadyn's and my own variants 2023-09-26 14:51:06 +02:00
Jadyn Emma Jaeger
6b7f101aff
feat(gpg_secretstore): Add unit tests for modules 2023-09-26 14:51:06 +02:00
Jan Christian Grünhage
09f0027446
fix(gpg_secretstore): merge dicts with | instead of + 2023-09-26 14:51:06 +02:00
Jan Christian Grünhage
c70755662b
docs(gpg_secretstore): update module documentation 2023-09-26 14:51:05 +02:00
Jan Christian Grünhage
c76e6af259
fix(gpg_secretstore): set no_log=False for non-critical variables that have secret in the name 2023-09-26 14:51:05 +02:00
Jan Christian Grünhage
531e0fec22
chore(gpg_secretstore): avoid automatic field numbering 2023-09-26 14:51:05 +02:00
Jan Christian Grünhage
7df7155978
chore(gpg_secretstore): set correct shebang and python encoding 2023-09-26 14:51:05 +02:00
Jan Christian Grünhage
bc83e63fb6
refactor(gpg_secretstore): fallible python imports for modules and plugins 2023-09-26 14:51:05 +02:00
Lars Kaiser
034370e626
fix(gpg_secretstore): prevent secret caching
Setting the fact inside the module itself lead to secrets being cached
in plain text on the ansible controller. Apparently, there is no way to
non-persistently cache facts without using the builtin set_fact action.
See https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/strategy/__init__.py#L708

Added a warning about using the feature and reverted to the set_fact
action plugin.
2023-09-26 14:51:05 +02:00
Jadyn Emma Jaeger
c54ac98e2d
fix(gpg_secretstore): Use correct encodings for non-plain secrets 2023-09-26 14:51:05 +02:00
Jadyn Emma Jaeger
0c364b06d3
fix(gpg_secretstore): acquire lock for git operations 2023-09-26 14:51:05 +02:00
Jadyn Emma Jaeger
ecdf80d52a
fix(gpg_secretstore): remove unused / broken Display() call 2023-09-26 14:51:04 +02:00
Lars Kaiser
ca5df3223b
feat(gpg_secretstore): commit changes to repo
If changes are happening inside the module, the changes are
automatically committed to the repo

Co-authored-by(gpg_secretstore): Jan Christian Grünhage <jan.christian@gruenhage.xyz>
2023-09-26 14:51:04 +02:00
Jan Christian Grünhage
1cac8fbf48
feat(gpg_secretstore): support setting secret fact directly 2023-09-26 14:51:04 +02:00
Jadyn Emma Jaeger
82bf735dda
feat(gpg_secretstore): support check mode 2023-09-26 14:51:04 +02:00
Jadyn Emma Jaeger
871e31b1f2
feat(gpg_secretstore): add ability to remove secrets 2023-09-26 14:51:04 +02:00
Jadyn Emma Jaeger
858c8305a2
feat(gpg_secretstore): asserting recipients
Instead of manually setting the reencrypt parameter, we're automatically
reencrypting secrets now if the list of recipients does not match. This
way, we can make sure that recipients are kept up to date here. We're
also logging differences in recipients, as well as adding more useful
messages to the return value in general.

In addition to that, the module has seen quite some refactoring, making
it a lot more maintainable.
2023-09-26 14:50:56 +02:00
Jadyn Emma Jaeger
d22db019f4
feat(gpg_secretstore): add file locking 2023-09-26 14:39:12 +02:00
Lars Kaiser
2a9003d198
fix(gpg_secretstore): remove strong typing for python 3.7
Needs to be reverted as soon as the autodeployment hosts are on py 3.9
Manually reviewed in person due to gitlab outage
2023-09-26 14:39:12 +02:00
Jadyn Emma Jaeger
2b998d030d
fix(gpg_secretstore): allow recrypt of all datatypes 2023-09-26 14:39:12 +02:00
Jadyn Emma Jaeger
8d12e83a45
feat(gpg_secretstore): add secretstore plugin and documentation 2023-09-26 14:39:10 +02:00