Skip to main content

DigDeo Syspass Ansible Lookup

Project description

coverage report pipeline status

digdeo-ansible-syspass

Module page: https://pypi.org/project/digdeo-syspass-ansible-lookup/
Documentation: https://www.readthedoc.io/digdeo-syspass-ansible-lookup
Bug Tracker: https://gitdev.digdeo.fr/digdeo-projets-floss1/digdeo-syspass-ansible-lookup/issues

Introduction

digdeo-ansible-syspass is a ansible lookup plugin write in python.

That program is a ansible plugin interface it use digdeo-syspass-client to dialog with the syspass API.

It plugin is dedicated to lookup password's from a syspass server.

Installation

Normal installation

python3 -m venv venv
. venv/bin/activate
pip install digdeo-syspass-ansible-lookup

Force a Ansible version

python3 -m venv venv
. venv/bin/activate
pip install wheel "ansible == 2.7.17"
pip install digdeo-syspass-ansible-lookup

Force libxml

On Linux (and most other well-behaved operating systems), pip will manage to build the source distribution as long as libxml2 and libxslt are properly installed, including development packages, i.e. header files, etc.

See the requirements section above and use your system package management tool to look for packages like libxml2-dev or libxslt-devel. If the build fails, make sure they are installed.

Alternatively, setting STATIC_DEPS=true will download and build both libraries automatically in their latest version, e.g.

STATIC_DEPS=true pip install lxml.

Note that module use digdeo-syspass-client python module Please pay attention about config.yml file in case you need more information's.

DISCLAIMER:
This module has been heavily inspired by https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/lookup/password.py for password generation and term handling and thus is under GPL.

lookup: syspass
author: Gousseaud Gaëtan <gousseaud.gaetan.pro@gmail.com>, Pierre-Henry Muller <pierre-henry.muller@digdeo.fr>, Jérôme Ornech <jornech@digdeo.fr>
short_description: get syspass user password and syspass API client
description:
- This lookup returns the contents from Syspass database, a user's password more specificly. Other functions are also implemented for further use.
ansible_version: ansible 2.7.17 and more with mitogen
python_version: 3.5 and more
syspass_version: 3.0, 3.1

Ansible usage:

Example 1

Vars set inside common ansible sub-structure directory

In case you use the group name all.

  • Create a sub directory structure ./group_vars/all and enter inside it directory
  • copy paste you variable with right value inside a file name syspass.yml
syspass_auth_token: ##################################################
syspass_token_pass: ##################################################
syspass_verify_ssl: True
syspass_api_url: ##################################################
syspass_api_version: 3.1
syspass_debug: False
syspass_debug_level: 3
syspass_verbose: True
syspass_verbose_level: 3
  • start you playbook with ansible-playbook playbook.yml

Example 2

Vars set inside the playbook file

In case you use the group name all the playbook can look like that:

--- # -*- mode: yaml; coding: utf-8 -*-

- hosts: all
  vars:
    syspass_default_length: 42
    syspass_auth_token: ##################################################
    syspass_token_pass: ##################################################
    syspass_verify_ssl: True
    syspass_api_url: ##################################################
    syspass_api_version: 3.1
    syspass_debug: False
    syspass_debug_level: 3
    syspass_verbose: True
    syspass_verbose_level: 3
  tasks:
    - name: SysPass | Force virtual Environement
      set_fact:
        ansible_python_interpreter: "/usr/bin/env python"
    - name: SysPass | Minimal test | get and if not exist insert
      debug:
        msg: "{{ lookup('syspass', 'Account Name minimal', login='mylogin', category='MySQL', customer='PREP') }}"
      register: pass1
      changed_when: false
    - name: SysPass | Minimal test | get and compare
      debug:
        msg: "{{ lookup('syspass', 'Account Name minimal', login='mylogin', category='MySQL', customer='PREP') }}"
      register: pass2
      changed_when: pass1.msg == pass2.msg
      failed_when: pass1.msg != pass2.msg

Ansible Vault usage:

In case you use the group name all.

  • Create a sub directory structure ./group_vars/all and enter inside it directory
  • use command line interface for create syspass.yml file ansible-vault create syspass.yml
  • edit the syspass.yml file ansible-vault edit syspass.yml
  • copy paste you variable with right value inside syspass.yml file
syspass_auth_token: ##################################################
syspass_token_pass: ##################################################
syspass_verify_ssl: True
syspass_api_url: ##################################################
syspass_api_version: 3.1
syspass_debug: False
syspass_debug_level: 3
syspass_verbose: True
syspass_verbose_level: 3
  • create a file to store the vault password echo "password1234" > /my_directory/vault_passwd"
  • export env var DEFAULT_VAULT_PASSWORD_FILE via export DEFAULT_VAULT_PASSWORD_FILE="/my_directory/vault_passwd"
  • start you playbook with ansible-playbook --vault-password-file=$DEFAULT_VAULT_PASSWORD_FILE playbook.yml

Summary

> cd directory_where_is_my_ansible.cfg_file
> mkdir -p group_vars/all
> cd group_vars/all
> ansible-vault create syspass.yml
New Vault password: 
Confirm New Vault password: 
> ansible-vault edit syspass.yml
Vault password:
syspass_auth_token: ##################################################
syspass_token_pass: ##################################################
syspass_verify_ssl: True
syspass_api_url: ##################################################
syspass_api_version: 3.1
syspass_debug: False
syspass_debug_level: 3
syspass_verbose: True
syspass_verbose_level: 3
~                                                                                                                                                                                         
~                                                                                                                                                                                         
~                                                                                                                                                                                         
~                                                                                                                                                                                         
-- INSERTION --    
^Z :wq
> export DEFAULT_VAULT_PASSWORD_FILE="/my_private_directory/vault_passwd"
> echo "password1234" > $DEFAULT_VAULT_PASSWORD_FILE
> cd directory_where_is_my_ansible.cfg_file
> ansible-playbook --vault-password-file=$DEFAULT_VAULT_PASSWORD_FILE playbooks/playbook.yml

Parameters:

notes:

IN PLAYBOOK

NOTE: Default values are handled

USAGE 1
    - name: SysPass | Minimal test | get and if not exist insert
      debug:
        msg: "{{ lookup('syspass', 'Account Name minimal', login='mylogin', category='MySQL', customer='PREP') }}"
      register: pass1
      changed_when: false

    - name: SysPass | Minimal test | get and compare
      debug:
        msg: "{{ lookup('syspass', 'Account Name minimal', login='mylogin', category='MySQL', customer='PREP') }}"
      register: pass2
      changed_when: pass1.msg == pass2.msg
      failed_when: pass1.msg != pass2.msg

Authors: Gousseaud Gaëtan gousseaud.gaetan.pro@gmail.com Pierre-Henry Muller pierre-henry.muller@digdeo.fr Jérôme Ornech i.dont.share.my.mail@nothing.fr

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

digdeo_syspass_ansible_lookup-0.3.3.tar.gz (39.0 kB view details)

Uploaded Source

Built Distribution

File details

Details for the file digdeo_syspass_ansible_lookup-0.3.3.tar.gz.

File metadata

File hashes

Hashes for digdeo_syspass_ansible_lookup-0.3.3.tar.gz
Algorithm Hash digest
SHA256 ac2becc43e78bd4c7434b171269e5495b26b2a3f83cbe5e11fab1734accc3bb4
MD5 a8fb9ab17d44abc93c83b100f9f57d14
BLAKE2b-256 954e0ff9d37df35d9d24acc6e7089d6fd65c7464beb5558a8a41d4fc2c4801f6

See more details on using hashes here.

File details

Details for the file digdeo_syspass_ansible_lookup-0.3.3-py3-none-any.whl.

File metadata

File hashes

Hashes for digdeo_syspass_ansible_lookup-0.3.3-py3-none-any.whl
Algorithm Hash digest
SHA256 0d5fee6b6a91a81ed977b86c079c99a69d6844311d917ec9ccbc811096cae682
MD5 6005356f7830a282c500af94982d24e7
BLAKE2b-256 be073b34a3dc280eb12f73d0ebc30a288b92942effdfe4a307f8181724e91af1

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page