Use pass to load become and vault passwords
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
parent
52f73288b4
commit
1bd2a43ccd
6 changed files with 121 additions and 181 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,3 +1,4 @@
|
||||||
*.retry
|
*.retry
|
||||||
tmp
|
tmp
|
||||||
ldap-password.txt
|
ldap-password.txt
|
||||||
|
__pycache__
|
||||||
|
|
|
@ -2,6 +2,10 @@
|
||||||
|
|
||||||
[defaults]
|
[defaults]
|
||||||
|
|
||||||
|
# Explicitely redefined some defaults to make play execution work
|
||||||
|
roles_path = ./roles
|
||||||
|
vars_plugins = ./vars_plugins
|
||||||
|
|
||||||
# Do not create .retry files
|
# Do not create .retry files
|
||||||
retry_files_enabled = False
|
retry_files_enabled = False
|
||||||
|
|
||||||
|
@ -25,8 +29,8 @@ timeout = 60
|
||||||
# Use sudo to get priviledge access
|
# Use sudo to get priviledge access
|
||||||
become = True
|
become = True
|
||||||
|
|
||||||
# Ask for password
|
# Use custom become plugin
|
||||||
become_ask_pass = True
|
become_ask_pass = False
|
||||||
|
|
||||||
[diff]
|
[diff]
|
||||||
|
|
||||||
|
|
|
@ -1,179 +0,0 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
32313562646230353138303964366135656361616532343933353732313961323339653964353130
|
|
||||||
3938346666633565356134343835633964626261363365370a663664663938383731343733386136
|
|
||||||
33356531323762313463326339333963336636353933326537333665313334616563626632336663
|
|
||||||
6537363033663935660a613366613962626563643035663330343061353836646561623031323236
|
|
||||||
65313633383063373064613930623530656365396335663363643330636239643937373163623932
|
|
||||||
61373136303737333739316565323934376433316362353935363637373264616238373831666438
|
|
||||||
35343135383233653963333237393232353631636566373766366664656666313436323535393736
|
|
||||||
62323731343261373331393062633030356235313834373861323138663930613332643432386436
|
|
||||||
38383038616536316465343561643639353434396631643033633537393265646532613161343732
|
|
||||||
32363265643963386538326639353233363438643833306637336431303533396562613863633537
|
|
||||||
30303334643137313136633039393463346562306236353566333563633238313865313534326137
|
|
||||||
33623036376439653532313833633135326631643361333463633162303065623633636331666661
|
|
||||||
62303636653233666164383463356530633464306564383236373832616263653165373937303030
|
|
||||||
31323865656436366265303537306438303434613135396166313635656566373539303463393830
|
|
||||||
65383636363064333730623161316162373734626433346564333835393030616437636665316566
|
|
||||||
37353937626465383439633534316336313931663561336335653761396230393031393839336264
|
|
||||||
37623037663032646631656637386366333131356562376665333964393264643133626532653564
|
|
||||||
32353235633434656334663233303664613865343039613330663833396162646430623735653434
|
|
||||||
66633466306338373061326636366330643639383632353564353865623637303832306332653131
|
|
||||||
37343566393965326635613135613134316264616336303233616162313839626235386137343435
|
|
||||||
33633336636434343531633362633834376135303337363637303039323038313937646236366265
|
|
||||||
34303434373566313730623664653263653466366133363562333736393836393363326665353434
|
|
||||||
30333263323366326436623238353335323936346637646130623265366535653737343665373165
|
|
||||||
63336166633831623464343862353065653162613934646539396364353162633063303332313266
|
|
||||||
65656163396463363737663931353765376337643065646131303264363961366336343432653537
|
|
||||||
65306437623535393132343962333666366665316362366536663431646435633166333731303232
|
|
||||||
63313337353334623330623862386661306333366638306433373437623835636631376231373636
|
|
||||||
66666539363561313166396438343730656230663532633031353336636565343964366136663466
|
|
||||||
38316364663936303231633633613832313163646262313238346666336661613236343966353130
|
|
||||||
62656237663865306632333130653933633332623061633062363964643130383430613864663935
|
|
||||||
63663765356434626661346165653163626565336437613539653536306432376332616430393737
|
|
||||||
34366139336363383761366338623236383135373634613239616665343061396633383231663230
|
|
||||||
63653331336366666234626662356461663263626465663036326162343239373734346661626665
|
|
||||||
61666231613565356633343030343935393135653261376239303037373634386138393463363239
|
|
||||||
30356365663133646634333863616230646235656135336330393836353462323630376537366334
|
|
||||||
31306330363232326661616666623131383837353139643838326430653561346565393762323936
|
|
||||||
31623136656361383039653763613162356530653933376539336130376237396661663664393733
|
|
||||||
36396433303339613965316230613237303331646331383239356638333366653961303138343663
|
|
||||||
33393664303637333863313364356666383836633063643539333262633565623534323866316537
|
|
||||||
38623630363139643837396330353463303932383231663831363763656537386531383531303165
|
|
||||||
37366338343063346230656461393832383736636662656666636434363731623437303862636366
|
|
||||||
33613333393139613637623963373262323637653531336265333033333135613330313166633738
|
|
||||||
36353935383931363535656539333130653164613431616438613432313532373063353738656162
|
|
||||||
36616563383133623336396633343762376537663432356238653766666636323232623065313537
|
|
||||||
39636632326166323130646633626431323831373963313837613465356436326430616433303662
|
|
||||||
65343834663937306539663330366538643265626665613631323036616463313266303237613938
|
|
||||||
30613565306636306561643238326138623366343365303934306561623234313332636462383363
|
|
||||||
30623432326336396364636164366463326533613665333830656564626663383331323661663934
|
|
||||||
35353135323930656138373830623932396138626335343265623738383532333861306561323430
|
|
||||||
66333532333961636463656535636132323535313730333762633139306235373031363831363266
|
|
||||||
33646635316137616663653461393566303432386330623936633330373461333762356532663062
|
|
||||||
39666437363931313861356331653932303132353364623664656364316430653933653935616230
|
|
||||||
38376631316463646663626562366233626334323235633235653364623936643131356130343261
|
|
||||||
36396535393335366532313930623363663032386635396262363430303466373737633739626435
|
|
||||||
30636136396562336561393936353763383732653166353266376165663233626266353638363131
|
|
||||||
65323462633039323334613566373434343363633532656534663635363763396265663137636331
|
|
||||||
38613736353635613437663133616431396666316230393066343431336535626335373437393039
|
|
||||||
63666135353937313765316134326338376161353862373161653039333631306264343464353035
|
|
||||||
65353639313134346239646362663836643734373465353866373238613162303336306438376237
|
|
||||||
35363934333536376136666561333636653136316435316530366461306636333063313739626630
|
|
||||||
37633333333766613663636466373364663132613266343136376138663461383832356631303132
|
|
||||||
30363434336161393962363636313364663839383734373533356663343733333731613535646433
|
|
||||||
64396361643736653931336365313338313633383038306131333863306437386362633263646364
|
|
||||||
36656566326333333136636566613066623362363263373435356162396431396334386237383231
|
|
||||||
30326465646334613235666435613462633230353434653666336364646466613066346366376262
|
|
||||||
66633863333461626631383961663930383663666538613162643730323565653732386330613538
|
|
||||||
38666164353130386530376332643637333931313661633634303636643639613561643338373331
|
|
||||||
63333932306634313933366533623837613934366334396637396361623439383964333665383435
|
|
||||||
62316265356537616137643537366666336634393935613034393737313930333364323031653234
|
|
||||||
37366561356332666439623462396266623961653039626562393065393336643962373064343563
|
|
||||||
36346665666338623931343739386531343833386135356164303532643463346565316163656633
|
|
||||||
32616365623065626139383362613466633332666133313263393062373338653834363830333039
|
|
||||||
62626230343362393533633061663432363836616539643065643839623065633363393134643534
|
|
||||||
63343935376537393739333063333333386239663763383435633234376434366362616433363162
|
|
||||||
34363539633661633333306133363433313761303138363864373266333461303139613362663937
|
|
||||||
39626332356139396330393361613364643363366164376234316266316164393035386334366362
|
|
||||||
36373065626530333237636139336163623766623561656234333239646263626164323134633434
|
|
||||||
63326635393665333533383562633438303036616262366435373739386430353964333265393732
|
|
||||||
66643838303566626131323834646564613830333937616264383864316666343333396636303836
|
|
||||||
38633335656536653334626530303835623531666665326533303535313164323836373365636265
|
|
||||||
65393061363933373931396134623264643065633534313566346336343862346537343437363765
|
|
||||||
62663264376266326538616330376633353832353234653661613964373231666562326466663934
|
|
||||||
38393931643736626332623461613737383463663935656263656233306437653331343838343865
|
|
||||||
64343239636166343134336261656162393938396633376663366466653634373566336165323237
|
|
||||||
34386137313961653739393231616532346664366138356631353030623236343535363435636462
|
|
||||||
32323564306339396437633763613535393230386631616166656539373861386633363464653439
|
|
||||||
34323134626334356631623764356232366337646236313031336138333636633834353463363961
|
|
||||||
32316664383038633330383765356563353062303133333133336365346561643234386161383461
|
|
||||||
39323964303061313461386333613961396533646161663230666466616231386239386666306233
|
|
||||||
39343239323739323738373263313662336237346663663432343861343034633463386163303366
|
|
||||||
38333537626232663438383230623032623765336164653438653434396362633063333437366338
|
|
||||||
34373431323539306531323536363238333037643337626131336631356537626237656630393964
|
|
||||||
38393736633433306632323334613232303162313962616334376130353931336337303462363266
|
|
||||||
39643137643034396564303531346361336134353461653535336165323032323238663631653935
|
|
||||||
38366339366436376166333335663230306663633634336434323532316664666134313365323834
|
|
||||||
31363964346561373262393632366637396633323332393162666166326631383164643265353135
|
|
||||||
34303664353434373131653530346634386333663732373966613761616261323032336266646163
|
|
||||||
32663966656464633565356337653534623962663939333033613933633965666339653764663134
|
|
||||||
38363965393730633638653561393432303835303164396462366435353030643966316665333061
|
|
||||||
39643634646137626338323537393031356532616637666634333139396630663930636235333735
|
|
||||||
66336465666439356636623037653564393161393432346534656132346631396462356463336566
|
|
||||||
30303833386638333866396462633330306439613139636331636331333663386438623461343133
|
|
||||||
30643164366434353765633738356536643861303232393362343131353730376364623463326361
|
|
||||||
37363061623333653466636438666465616133396233616430393265626362663736613031383764
|
|
||||||
63353065306166646461623763643062383738376266353765643134376538393233383663346237
|
|
||||||
37643639663063383266373536323533343936633134386263616163343637613636303134343037
|
|
||||||
34626232303335393532643134646132323463396333386664333731646331343937363661323539
|
|
||||||
65663936366464643162633432666537393439313664643638343237653566613235353165663336
|
|
||||||
32373037346239356337633036306138343366666463363538373836616530313565613562383433
|
|
||||||
64616263626165343938363230613039356137643665653734366533393033316363663036363738
|
|
||||||
66323663663366666162623734363465663939383830396533383665393139633530616263663136
|
|
||||||
64333132633031623835373831636366643831626235303831313761653734666365386462393534
|
|
||||||
66303332656561653162636636313439663633396638353638363465663138353866376636326634
|
|
||||||
63613865613466326230323564323439393061653664393261373531306235333663373434636262
|
|
||||||
62353132653333313635653633346461323165373862343839316539653038633664353830643234
|
|
||||||
36633763653738323732386263643461333761306532303534663763323735636563366266653464
|
|
||||||
66636236393033613736656562663661346162316164616663306465623431613133633130383136
|
|
||||||
35313434346164653163396137383064656538353766653237646237663639663039663665666236
|
|
||||||
62346139633234343735303762653030326333333764356562656435623330663066353333326239
|
|
||||||
39646465393362323537343766366432323765363139643361643037373739643636623437386636
|
|
||||||
32353233303337623136343062623633306361383737303431613663633163643832343434656335
|
|
||||||
39633434393466646366376534333865633361333861653366316238626637363537303335363662
|
|
||||||
61353830303733623665643864333134623062356334616331363565333235666261653732633264
|
|
||||||
62663238663461343738303764303636366638393830623264613730303635623635626364646464
|
|
||||||
35623239356235316136343532616638663930313565383264663936633733386663326161623830
|
|
||||||
62626634313963323866653432343561303233343035353433613731353538356438613033346638
|
|
||||||
33613466656633626261326465336437613630376335663933303061393731313065636131393762
|
|
||||||
65613037653363636235613838613535316635613066393436356537633662313539323163613361
|
|
||||||
36356632323634363335366665376663346565393439313031636331633235333664663830636135
|
|
||||||
64653266616262336437623731383161383437613461323837653066656233643230663064616432
|
|
||||||
65383337323333633465316533623465303735396430326334643634626436303263396534356335
|
|
||||||
34373134653232303866386433643864363536643138353965323130616338353731633434326361
|
|
||||||
66303133353264343664323435653133383431626263373237613631616235666465616333343937
|
|
||||||
37323333653565363665376236396232393132336137346461613831623063326631636335333365
|
|
||||||
65376538396265313732323932383061633464393630393563386163393230623238633938396535
|
|
||||||
34333330386131353336646361313634353862663762653234373235366565343232306432653731
|
|
||||||
61383863306632626463653831383735636233623966353130626634366638626236383864316531
|
|
||||||
37353062336539626531356133313132663330663135393930356565323364353761393439373533
|
|
||||||
61366465313462313033306631333432646163653832363564313838643362316263353562373262
|
|
||||||
33343664666230303065373836306663643135303439356362336634346637353438633364306365
|
|
||||||
30623332363436353865633738663464636132306134386465306164363333386338323433643163
|
|
||||||
37626235303062393933393363656339636139323464373439363765316266646536316336666163
|
|
||||||
34306262326238343937623432643262646263666266623933623565363535326235623637396237
|
|
||||||
64623961663037653033383933333062393932613933303962326538333739303731363137623365
|
|
||||||
30363030353433646133666166383938356232396331656165343531343232613934663834633464
|
|
||||||
36353331373233393861636131393238363031383135613633373665613364373466356663376431
|
|
||||||
66303331383837663261313838363266656164633836623661326331356566653938306266376632
|
|
||||||
63613238356135373938663030343634393566653963306237303138626461613931356565663835
|
|
||||||
64386433613937643730396130663333646334386336613864333533626661626166346232333964
|
|
||||||
66316664346231376639393132613936323261383131633737386331343966363961633237666334
|
|
||||||
38353363383761333439373437623937393534626435386262383732363833346166656233666332
|
|
||||||
62636130323536663432633434646666303664393130626437636132316264613535306463623964
|
|
||||||
30633030613665343631373366363737313130666337326230633631646461356362363963306361
|
|
||||||
64393639353339303436346438313833333432356666666339613666623132636235383866343838
|
|
||||||
36666263343538633537303665616366656363373736306235333264336466313939356131303561
|
|
||||||
33363030653966316232313933323665663330303338366333656536623861623537313266383565
|
|
||||||
65633866663665393635646531353539623362646663356664333866623432333465333335333333
|
|
||||||
31616262356537646261373166343665633238633235373335343134393366663462393465643135
|
|
||||||
35326336613835663132343233386564373462353561333066323631313664373865323233653336
|
|
||||||
65333731336565633664636562326365343263373263373162653239633964396138616335616230
|
|
||||||
63376562383064663330363562306338346465666563306365306639353632396633323830353337
|
|
||||||
65666233376239333436633566623535383065646235353832363030303565623531333539613864
|
|
||||||
63393339656238323466343564333134636164383062613138656138373936636531636166393062
|
|
||||||
32613431636233316533353937326234663336343231313630393037313663383034383238346562
|
|
||||||
36383264626366383835623261643562323037303661383832323939363939623038626664393530
|
|
||||||
65353061313266633764353331313532383766613735333131373365366336306139343265306634
|
|
||||||
66313435313965633362356563313763653634643362616138633832633136333362343731346166
|
|
||||||
34613431653134363732353833643962636431623036393935666237663833373934373438666434
|
|
||||||
36633538306632383439323465636665303863646532653165666638316137633738363736386633
|
|
||||||
33303234306531356136316463353232303737323661333430333137636633306131316434376665
|
|
||||||
64323633383735313536373534626331356631316464643530363866633730353239346633396364
|
|
||||||
36323437306165363465613365383666353037313333653230316234626439623964343336343762
|
|
||||||
66343831343133343330336536613134303836626434663731343636613835623364633236653962
|
|
||||||
63356635363239663533336265306261393337313136313937356662616231636461373230376232
|
|
||||||
64313738333966633265626166653266313932666134356235373238376530303437646464333364
|
|
||||||
31613631386335356561363938323831313061373566323638663864393266656361366463353736
|
|
||||||
63386361373737383837336435633562626566656666373737313464323466313364626466633537
|
|
||||||
6661656232313066363235616364646663623039386561636332
|
|
6
vars_plugins/pass.ini
Normal file
6
vars_plugins/pass.ini
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
[pass]
|
||||||
|
# password_store_dir=/home/ynerant/.password-store
|
||||||
|
# aurore_password_store_submodule=aurore
|
||||||
|
|
||||||
|
[pass_become]
|
||||||
|
all=aurore-root
|
6
vars_plugins/pass.ini.example
Normal file
6
vars_plugins/pass.ini.example
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
[pass]
|
||||||
|
# password_store_dir=/home/me/.password-store
|
||||||
|
# aurore_password_store_submodule=aurore
|
||||||
|
|
||||||
|
[pass_become]
|
||||||
|
# all=aurore-root-password
|
102
vars_plugins/pass.py
Normal file
102
vars_plugins/pass.py
Normal file
|
@ -0,0 +1,102 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
from functools import lru_cache
|
||||||
|
from getpass import getpass
|
||||||
|
import os
|
||||||
|
from pathlib import Path
|
||||||
|
import subprocess
|
||||||
|
import sys
|
||||||
|
|
||||||
|
from ansible.module_utils.six.moves import configparser
|
||||||
|
from ansible.plugins.vars import BaseVarsPlugin
|
||||||
|
|
||||||
|
|
||||||
|
DOCUMENTATION = """
|
||||||
|
module: pass
|
||||||
|
vars: vault
|
||||||
|
version_added: 2.9
|
||||||
|
short_description: Load vault passwords from pass
|
||||||
|
description:
|
||||||
|
- Works exactly as a vault, loading variables from pass.
|
||||||
|
- Decrypts the YAML file `ansible_vault` from aurorepasswords.
|
||||||
|
- Loads the secret variables.
|
||||||
|
- Makes use of data caching in order to avoid calling aurorepasswords multiple times.
|
||||||
|
- Uses the local gpg key from the user running ansible on the Control node.
|
||||||
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
class VarsModule(BaseVarsPlugin):
|
||||||
|
@staticmethod
|
||||||
|
@lru_cache
|
||||||
|
def decrypt_password(name, aurore_submodule=False):
|
||||||
|
"""
|
||||||
|
Passwords are decrypted from the local password store, then are cached.
|
||||||
|
By that way, we don't decrypt these passwords everytime.
|
||||||
|
"""
|
||||||
|
# Load config
|
||||||
|
config = configparser.ConfigParser()
|
||||||
|
config.read(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'pass.ini'))
|
||||||
|
|
||||||
|
password_store = Path(config.get('pass', 'password_store_dir',
|
||||||
|
fallback=os.getenv('PASSWORD_STORE_DIR', Path.home() / '.password-store')))
|
||||||
|
|
||||||
|
if aurore_submodule:
|
||||||
|
password_store /= config.get('pass', 'aurore_password_store_submodule',
|
||||||
|
fallback=os.getenv('AURORE_PASSWORD_STORE_SUBMODULE', 'aurore'))
|
||||||
|
full_command = ['gpg', '-d', password_store / f'{name}.gpg']
|
||||||
|
proc = subprocess.run(full_command, capture_output=True, close_fds=True)
|
||||||
|
clear_text = proc.stdout.decode('UTF-8')
|
||||||
|
sys.stderr.write(proc.stderr.decode('UTF-8'))
|
||||||
|
return clear_text
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
@lru_cache
|
||||||
|
def become_password(entity):
|
||||||
|
"""
|
||||||
|
Query the become password that should be used for the given entity.
|
||||||
|
If entity is the whole group that has no default password,
|
||||||
|
the become password will be prompted.
|
||||||
|
The configuration should be given in pass.ini, in the `pass_become`
|
||||||
|
group. You have only to write `group=pass-filename`.
|
||||||
|
"""
|
||||||
|
# Load config
|
||||||
|
config = configparser.ConfigParser()
|
||||||
|
config.read(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'pass.ini'))
|
||||||
|
if config.has_option('pass_become', entity.get_name()):
|
||||||
|
return VarsModule.decrypt_password(
|
||||||
|
config.get('pass_become', entity.get_name())).split('\n')[0]
|
||||||
|
if entity.get_name() == "all":
|
||||||
|
return getpass("BECOME password: ", stream=None)
|
||||||
|
return None
|
||||||
|
|
||||||
|
def get_vars(self, loader, path, entities):
|
||||||
|
"""
|
||||||
|
Get all vars for entities, called by Ansible.
|
||||||
|
|
||||||
|
loader: Ansible's DataLoader.
|
||||||
|
path: Current play's playbook directory.
|
||||||
|
entities: Host or group names pertinent to the variables needed.
|
||||||
|
"""
|
||||||
|
# VarsModule objects are called every time you need host vars, per host,
|
||||||
|
# and per group the host is part of.
|
||||||
|
# It is about 6 times per host per task in current state
|
||||||
|
# of Ansible Aurore configuration.
|
||||||
|
|
||||||
|
# It is way to much.
|
||||||
|
# So we cache the data into the DataLoader (see parsing/DataLoader).
|
||||||
|
|
||||||
|
passwords = {}
|
||||||
|
|
||||||
|
for entity in entities:
|
||||||
|
# Load vault passwords
|
||||||
|
if entity.get_name() == 'all':
|
||||||
|
passwords.update(
|
||||||
|
loader.load(VarsModule.decrypt_password('ansible_vault', True)))
|
||||||
|
|
||||||
|
# Load become password
|
||||||
|
become_password = VarsModule.become_password(entity)
|
||||||
|
if become_password is not None:
|
||||||
|
passwords['ansible_become_password'] = become_password
|
||||||
|
|
||||||
|
return passwords
|
Loading…
Reference in a new issue