search

meffie / molecule-proxmox

Molecule driver for Proxmox VE
MIT License
36 stars 8 forks source link

Proxmox secrets script #20

Closed meffie closed 1 month ago

meffie commented 2 months ago

This has been on my todo for a bit. A feature inspired by ansible --vault-password-file. If the proxmox_secret file is an executable, run it and capture the stdout to specify connection information. This lets me use the pass program to store my API passwords.

meffie commented 2 months ago

Version 4 of this patchset adds a ansible-lint rule skip to allow the dynamic set_fact variables.

meffie commented 2 months ago

Version 5 is just a rebase on main with fixed merge conflicts.

IamLunchbox commented 2 months ago

Well it doesnt matter, since from_yaml will parse json as well. So theres no need to change anything :)

Sep 23, 2024 15:53:15 Michael Meffie @.***>:

@.**** commented on this pull request.

In src/molecule_proxmox/playbooks/common/secrets.yml[https://github.com/meffie/molecule-proxmox/pull/20#discussion_r1771490585]:

  • ansible.builtin.include_vars: "{{ options.proxmox_secrets }}"
  • when: not proxmox_secrets_st.stat.executable
  • no_log: "{{ not (options.debug | d(False) | bool) }}"

  • +- name: "Load promox secrets from executable output."

  • when: proxmox_secrets_st.stat.executable
  • no_log: "{{ not (options.debug | d(False) | bool) }}"
  • block:
    • name: "Run proxmox secrets script."
  • ansible.builtin.command: "{{ options.proxmox_secrets }}"
  • changed_when: false
  • register: proxmox_secrets_cmd
    • name: "Load proxmox secrets from script output."
  • vars:
  • secrets: "{{ proxmox_secrets_cmd.stdout | from_yaml }}"

I choose YAML here only because the original "proxmox_secrets.yml" file is yaml. JSON support makes sense as well, but I guess we'd want both the methods to support JSON if we did that?

— Reply to this email directly, view it on GitHub[https://github.com/meffie/molecule-proxmox/pull/20#discussion_r1771490585], or unsubscribe[https://github.com/notifications/unsubscribe-auth/ANRA34KHUG3ZU33I5AXUK6LZYAMMTAVCNFSM6AAAAABOOL6HTCVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDGMRSGMZDENZYGE]. You are receiving this because you commented. [Tracking image][https://github.com/notifications/beacon/ANRA34J523WJ3QNPROTWKMDZYAMMTA5CNFSM6AAAAABOOL6HTCWGG33NNVSW45C7OR4XAZNRKB2WY3CSMVYXKZLTORJGK5TJMV32UY3PNVWWK3TUL5UWJTUKNPKV2.gif]

IamLunchbox commented 1 month ago

@meffie All tests passed in my setup. I cleaned up the documentation and added a small script in tests to simulate the usage of a password script.

meffie commented 1 month ago

Thank you @IamLunchbox