Add vault support to file lookup plugin #10048

Closed
wants to merge 1 commit into
from

Conversation

@rouge8
Contributor

rouge8 commented Jan 20, 2015

The file lookup plugin now automatically decrypts ansible-vault encrypted files.

For example:

- hosts: localhost
 connection: local
 tasks:
   - name: "Show secret stuff"
     debug: msg="{{ lookup('file', 'files/secret_stuff') }}"

    - name: "non secret stuff"
     debug: msg="{{ lookup('file', 'files/not_secret') }}"

If 'files/secret_stuff' is encrypted with ansible-vault, running the example playbook with a provided vault password will print the contents of 'files/secret_stuff'.

This is based on #8110 and #8533, but updated for the latest devel branch and with an added integration test.

@sean-abbott

This comment has been minimized.

Show comment
Hide comment
@sean-abbott

sean-abbott Jan 20, 2015

I'd like to give a +1 vote for this.

I'd like to give a +1 vote for this.

@abadger abadger added P3 labels Jan 20, 2015

@cemo

This comment has been minimized.

Show comment
Hide comment

cemo commented Jan 23, 2015

+1

@cknapp

This comment has been minimized.

Show comment
Hide comment

cknapp commented Jan 23, 2015

+1

@amygitsthings

This comment has been minimized.

Show comment
Hide comment
@Vyasd

This comment has been minimized.

Show comment
Hide comment

Vyasd commented Jan 23, 2015

+1

@rouge8

This comment has been minimized.

Show comment
Hide comment
@rouge8

rouge8 Jan 30, 2015

Contributor

Is there anything I can do to make this ready to merge?

Contributor

rouge8 commented Jan 30, 2015

Is there anything I can do to make this ready to merge?

@dwt

This comment has been minimized.

Show comment
Hide comment
@dwt

dwt Feb 16, 2015

+1 please merge, that would be super helpful!

dwt commented Feb 16, 2015

+1 please merge, that would be super helpful!

@benodom

This comment has been minimized.

Show comment
Hide comment
@benodom

benodom Feb 18, 2015

👍 +1 upvote, thanks @rouge8

benodom commented Feb 18, 2015

👍 +1 upvote, thanks @rouge8

@markwoon

This comment has been minimized.

Show comment
Hide comment
@markwoon

markwoon Mar 10, 2015

+1

Would love to see this available soon.

+1

Would love to see this available soon.

@rouge8

This comment has been minimized.

Show comment
Hide comment
@rouge8

rouge8 Mar 11, 2015

Contributor

Rebased to resolve the merge conflict, confirmed that the test still passes.

Contributor

rouge8 commented Mar 11, 2015

Rebased to resolve the merge conflict, confirmed that the test still passes.

Add vault support to file lookup plugin
The file lookup plugin now automatically decrypts ansible-vault
encrypted files.

For example:

```yaml
- hosts: localhost
  connection: local
  tasks:
    - name: "Show secret stuff"
      debug: msg="{{ lookup('file', 'files/secret_stuff') }}"

    - name: "non secret stuff"
      debug: msg="{{ lookup('file', 'files/not_secret') }}"
```

If 'files/secret_stuff' is encrypted with ansible-vault, running the
example playbook with a provided vault password will print the contents
of 'files/secret_stuff'.

This is based on #8110 and #8533, but updated for the latest devel
branch and with an added integration test.
@rouge8

This comment has been minimized.

Show comment
Hide comment
@rouge8

rouge8 Mar 16, 2015

Contributor

Rebased again to run the tests on Travis CI.

Contributor

rouge8 commented Mar 16, 2015

Rebased again to run the tests on Travis CI.

@rouge8

This comment has been minimized.

Show comment
Hide comment
@rouge8

rouge8 Apr 6, 2015

Contributor

This is out of date again. Should I rebase against the v1 or v2 code?

Contributor

rouge8 commented Apr 6, 2015

This is out of date again. Should I rebase against the v1 or v2 code?

@nathanhruby

This comment has been minimized.

Show comment
Hide comment
@nathanhruby

nathanhruby Apr 16, 2015

Adding another 👍
As far as I am aware, the v2 release is not due for a while yet, probably re-basing against the v1 code would be a better bet

Adding another 👍
As far as I am aware, the v2 release is not due for a while yet, probably re-basing against the v1 code would be a better bet

@rypervenche

This comment has been minimized.

Show comment
Hide comment
@rypervenche

rypervenche May 12, 2015

+1 I would love to have this feature available soon :)

+1 I would love to have this feature available soon :)

@leonard84

This comment has been minimized.

Show comment
Hide comment

+1

@abourget

This comment has been minimized.

Show comment
Hide comment
@abourget

abourget Jul 8, 2015

Contributor

+1 !!! heeeyo!

Contributor

abourget commented Jul 8, 2015

+1 !!! heeeyo!

@amenonsen

This comment has been minimized.

Show comment
Hide comment
@amenonsen

amenonsen Jul 29, 2015

Contributor

Just noting that this is yet another change that would benefit from the refactoring proposed in #9050, so that the vault_password doesn't have to be passed around so much. Also relevant are #7298 (still open) and #8533 (closed). Note @bcoca's last comment on #7298, which says that this functionality is planned for inclusion in v2, and these PRs are being left open as a reminder.

Contributor

amenonsen commented Jul 29, 2015

Just noting that this is yet another change that would benefit from the refactoring proposed in #9050, so that the vault_password doesn't have to be passed around so much. Also relevant are #7298 (still open) and #8533 (closed). Note @bcoca's last comment on #7298, which says that this functionality is planned for inclusion in v2, and these PRs are being left open as a reminder.

@jimi-c jimi-c removed the P3 label Dec 7, 2015

@sivel

This comment has been minimized.

Show comment
Hide comment
@sivel

sivel Feb 20, 2016

Member

@rouge8,

Hi!

Thank you very much for your submission to Ansible. It sincerely means a lot to us.

Unfortunately it looks like the code underneath has changed since this was submitted. Specifically this change was written against a code path that no longer exists in Ansible.

We would like to ask if you could either update the code in this pull request to apply against the current state of Ansible or close this pull request. If we do not hear back from you, we will close this pull request out shortly.

Thank you once again for this and your interest in Ansible!

Member

sivel commented Feb 20, 2016

@rouge8,

Hi!

Thank you very much for your submission to Ansible. It sincerely means a lot to us.

Unfortunately it looks like the code underneath has changed since this was submitted. Specifically this change was written against a code path that no longer exists in Ansible.

We would like to ask if you could either update the code in this pull request to apply against the current state of Ansible or close this pull request. If we do not hear back from you, we will close this pull request out shortly.

Thank you once again for this and your interest in Ansible!

@sivel

This comment has been minimized.

Show comment
Hide comment
@sivel

sivel Feb 20, 2016

Member

@rouge8,

Hi!

Thank you very much for your submission to Ansible. It sincerely means a lot to us.

Unfortunately it looks like the code underneath has changed since this was submitted. Specifically this change was written against a code path that no longer exists in Ansible.

We would like to ask if you could either update the code in this pull request to apply against the current state of Ansible or close this pull request. If we do not hear back from you, we will close this pull request out shortly.

Thank you once again for this and your interest in Ansible!

Member

sivel commented Feb 20, 2016

@rouge8,

Hi!

Thank you very much for your submission to Ansible. It sincerely means a lot to us.

Unfortunately it looks like the code underneath has changed since this was submitted. Specifically this change was written against a code path that no longer exists in Ansible.

We would like to ask if you could either update the code in this pull request to apply against the current state of Ansible or close this pull request. If we do not hear back from you, we will close this pull request out shortly.

Thank you once again for this and your interest in Ansible!

@alikins alikins added this to the 2.2.0 milestone May 24, 2016

@alikins alikins self-assigned this May 25, 2016

@dvigueras

This comment has been minimized.

Show comment
Hide comment
@dvigueras

dvigueras Jun 16, 2016

Great PR @rouge8 ! I'm looking forward to having it included in Ansible 2.2 :)

Great PR @rouge8 ! I'm looking forward to having it included in Ansible 2.2 :)

@ansibot

This comment has been minimized.

Show comment
Hide comment
@ansibot

ansibot Jan 5, 2017

Contributor

@rouge8 This PR was tested by travis-ci.org, which is no longer used. Please rebase your branch to trigger running of current tests.

click here for bot help

Contributor

ansibot commented Jan 5, 2017

@rouge8 This PR was tested by travis-ci.org, which is no longer used. Please rebase your branch to trigger running of current tests.

click here for bot help

@ansibot

This comment has been minimized.

Show comment
Hide comment
@ansibot

ansibot Jan 6, 2017

Contributor

@rouge8 This PR was tested by travis-ci.org, which is no longer used. Please rebase your branch to trigger running of current tests.

click here for bot help

Contributor

ansibot commented Jan 6, 2017

@rouge8 This PR was tested by travis-ci.org, which is no longer used. Please rebase your branch to trigger running of current tests.

click here for bot help

@rouge8 rouge8 closed this Jan 6, 2017

@rouge8

This comment has been minimized.

Show comment
Hide comment
@rouge8

rouge8 Jan 6, 2017

Contributor

I now use sops rather than ansible-vault, so I don't have time to update this PR for v2.

Contributor

rouge8 commented Jan 6, 2017

I now use sops rather than ansible-vault, so I don't have time to update this PR for v2.

@mattclay mattclay moved this from Tests In Progress to Done in Testing Feb 15, 2017

@ansibot ansibot added feature and removed feature_pull_request labels Mar 4, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment