Open markusressel opened 3 years ago
@markusressel I've created a PR to resolve this issue as much as possible. However, due to the way Ansible is implemented it is not possible to implement a cache which exists for the entire Playbook. Ansible simply does not implement that type of control within a single lookup plugin. The existence of a lookup plugin code is never the entirety of the Ansible playbook.
However this PR ensures that a cache exists for as long as possible within Ansible, thus greatly improving lookup times within similar tasks and lookups. Especially when using this lookup plugin for become passwords this greatly increases execution times.
Thx for the effort, I also did some testing (months ago) and had the same conclusion 😢 Good thing there is at least some performance gain possible with this.
I thought about writing and reading decrypted passwords to a file (in some form of tmpfs that sits in memory), but that could cause some major security concerns in itself and we are probably not be able to cleanup this file afterwards. Reading this file would probably still be faster than querying bitwarden though 😄
When running an ansible project on a comparably slow netbook I noticed that ansible takes a really long time for each step. When evaluating the
htop
output I noticed that bitwarden is called each and every time a task uses thebecome: true
option, since I have configured the project to fetch the sudo password from bitwarden.It would be nice if this module would cache the values of password lookups, to speed up querying of the same item when it is accessed more than once.