search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
827 stars 1.52k forks source link

lookup passwordstore: Gopass shows directories #5028

Open TheLastProject opened 2 years ago

TheLastProject commented 2 years ago

Summary

Gopass prints directories while regular pass doesn't

Note: When trying to fix it, please pay special attention to @stephan-devops' comment here: https://github.com/ansible-collections/community.general/pull/5020#issuecomment-1199190815

Just a quick comment as I don't have much time at the moment: gopass uses mounts so the virtual pass tree (i.e. the key) to the secret (i.e. value) does not necessarily reflect the file path on disk! See gopass config and gopass mounts.

It is therefore important special care is taken to not break mounts.

Issue Type

Bug Report

Component Name

passwordstore

Ansible Version

$ ansible --version
ansible 2.9.6
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/sos/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.8.10 (default, Jun 22 2022, 20:18:18) [GCC 9.4.0]

Community.general Version

3eb29eb4b6ba06f67e5ed73e8044d4561ac50b9f

Configuration

$ ansible-config dump --only-changed

OS / Environment

Ubuntu 20.04.4 LTS

Steps to Reproduce

---
- hosts: localhost
  tasks:
    - name: Print password (gopass)
      ansible.builtin.debug:
        msg: "{{ lookup('community.general.passwordstore', 'dir/test', backend='gopass') }}"
      ignore_errors: True
    - name: Print password (pass)
      ansible.builtin.debug:
        msg: "{{ lookup('community.general.passwordstore', 'dir/test') }}"
      ignore_errors: True
    - name: Print directory (gopass)
      ansible.builtin.debug:
        msg: "{{ lookup('community.general.passwordstore', 'dir', backend='gopass') }}"
      ignore_errors: True
    - name: Print directory (pass)
      ansible.builtin.debug:
        msg: "{{ lookup('community.general.passwordstore', 'dir') }}"
      ignore_errors: True

Expected Results

Gopass errors out when asked to print a directory instead of a password.

Actual Results

[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [localhost] ***************************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Print password (gopass)] *************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "Multi"
}

TASK [Print password (pass)] ***************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "Multi"
}

TASK [Print directory (gopass)] ************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "dir/"
}

TASK [Print directory (pass)] **************************************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'community.general.passwordstore'. Error was a <class 'ansible.errors.AnsibleError'>, original message: passwordstore: passname dir not found and missing=error is set"}
...ignoring

PLAY RECAP *********************************************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=5    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=1

Code of Conduct

ansibullbot commented 2 years ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

TheLastProject commented 2 years ago

Can someone remove the has_pr tag from this? The bot seems to have gotten a bit confused given a PR is linked in the issue for context.

felixfontein commented 2 years ago

-label has_pr