diff options
Diffstat (limited to 'ansible_collections/community/sops/plugins')
8 files changed, 45 insertions, 51 deletions
diff --git a/ansible_collections/community/sops/plugins/doc_fragments/sops.py b/ansible_collections/community/sops/plugins/doc_fragments/sops.py index ffbfe2d54..15a0ea118 100644 --- a/ansible_collections/community/sops/plugins/doc_fragments/sops.py +++ b/ansible_collections/community/sops/plugins/doc_fragments/sops.py @@ -20,14 +20,14 @@ options: age_key: description: - One or more age private keys that can be used to decrypt encrypted files. - - Will be set as the C(SOPS_AGE_KEY) environment variable when calling sops. + - Will be set as the E(SOPS_AGE_KEY) environment variable when calling sops. type: str version_added: 1.4.0 age_keyfile: description: - The file containing the age private keys that sops can use to decrypt encrypted files. - - Will be set as the C(SOPS_AGE_KEY_FILE) environment variable when calling sops. + - Will be set as the E(SOPS_AGE_KEY_FILE) environment variable when calling sops. - By default, sops looks for C(sops/age/keys.txt) inside your user configuration directory. type: path @@ -41,19 +41,19 @@ options: aws_access_key_id: description: - The AWS access key ID to use for requests to AWS. - - Sets the environment variable C(AWS_ACCESS_KEY_ID) for the sops call. + - Sets the environment variable E(AWS_ACCESS_KEY_ID) for the sops call. type: str version_added: 1.0.0 aws_secret_access_key: description: - The AWS secret access key to use for requests to AWS. - - Sets the environment variable C(AWS_SECRET_ACCESS_KEY) for the sops call. + - Sets the environment variable E(AWS_SECRET_ACCESS_KEY) for the sops call. type: str version_added: 1.0.0 aws_session_token: description: - The AWS session token to use for requests to AWS. - - Sets the environment variable C(AWS_SESSION_TOKEN) for the sops call. + - Sets the environment variable E(AWS_SESSION_TOKEN) for the sops call. type: str version_added: 1.0.0 config_path: @@ -264,7 +264,7 @@ options: description: - Override the encrypted key suffix. - When set to an empty string, all keys will be encrypted that are not explicitly - marked by I(unencrypted_suffix). + marked by O(unencrypted_suffix). - This corresponds to the sops C(--encrypted-suffix) option. type: str version_added: 1.0.0 @@ -293,7 +293,7 @@ options: description: - The number of distinct keys required to retrieve the data key with L(Shamir's Secret Sharing, https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing). - - If not set here and in the sops config file, will default to C(0). + - If not set here and in the sops config file, will default to V(0). - This corresponds to the sops C(--shamir-secret-sharing-threshold) option. type: int version_added: 1.0.0 diff --git a/ansible_collections/community/sops/plugins/filter/_latest_version.py b/ansible_collections/community/sops/plugins/filter/_latest_version.py index a4de0f17b..9aecc45d7 100644 --- a/ansible_collections/community/sops/plugins/filter/_latest_version.py +++ b/ansible_collections/community/sops/plugins/filter/_latest_version.py @@ -62,6 +62,8 @@ except ImportError: def pick_latest_version(version_list): '''Pick latest version from a list of versions.''' + # Remove all prereleases (versions with '+' or '-' in them) + version_list = [v for v in version_list if '-' not in v and '+' not in v] if not version_list: return '' return sorted(version_list, key=LooseVersion, reverse=True)[0] diff --git a/ansible_collections/community/sops/plugins/filter/decrypt.py b/ansible_collections/community/sops/plugins/filter/decrypt.py index a27d1c70f..015d93881 100644 --- a/ansible_collections/community/sops/plugins/filter/decrypt.py +++ b/ansible_collections/community/sops/plugins/filter/decrypt.py @@ -46,9 +46,9 @@ options: output_type: description: - Tell sops how to interpret the decrypted file. - - Please note that the output is always text or bytes, depending on the value of I(decode_output). - To parse the resulting JSON or YAML, use corresponding filters such as C(ansible.builtin.from_json) - and C(ansible.builtin.from_yaml). + - Please note that the output is always text or bytes, depending on the value of O(decode_output). + To parse the resulting JSON or YAML, use corresponding filters such as P(ansible.builtin.from_json#filter) + and P(ansible.builtin.from_yaml#filter). type: str choices: - binary @@ -59,8 +59,8 @@ options: decode_output: description: - Whether to decode the output to bytes. - - When I(output_type=binary), and the file isn't known to contain UTF-8 encoded text, - this should better be set to C(false) to prevent mangling the data with UTF-8 decoding. + - When O(output_type=binary), and the file isn't known to contain UTF-8 encoded text, + this should better be set to V(false) to prevent mangling the data with UTF-8 decoding. type: bool default: true extends_documentation_fragment: @@ -80,7 +80,7 @@ EXAMPLES = ''' tasks: - name: Fetch file from URL ansible.builtin.uri: - url: https://raw.githubusercontent.com/mozilla/sops/master/functional-tests/res/comments.enc.yaml + url: https://raw.githubusercontent.com/getsops/sops/master/functional-tests/res/comments.enc.yaml return_content: true register: encrypted_content @@ -100,7 +100,7 @@ EXAMPLES = ''' RETURN = ''' _value: description: - - Decrypted data as text (I(decode_output=true), default) or binary string (I(decode_output=false)). + - Decrypted data as text (O(decode_output=true), default) or binary string (O(decode_output=false)). type: string ''' diff --git a/ansible_collections/community/sops/plugins/lookup/sops.py b/ansible_collections/community/sops/plugins/lookup/sops.py index 64990ae55..8d39432f5 100644 --- a/ansible_collections/community/sops/plugins/lookup/sops.py +++ b/ansible_collections/community/sops/plugins/lookup/sops.py @@ -55,7 +55,7 @@ DOCUMENTATION = """ - dotenv empty_on_not_exist: description: - - When set to C(true), will not raise an error when a file cannot be found, + - When set to V(true), will not raise an error when a file cannot be found, but return an empty string instead. type: bool default: false @@ -67,14 +67,12 @@ DOCUMENTATION = """ notes: - This lookup does not understand 'globbing' - use the fileglob lookup instead. seealso: - - ref: community.sops.decrypt filter <ansible_collections.community.sops.decrypt_filter> + - plugin: community.sops.decrypt + plugin_type: filter description: The decrypt filter can be used to descrypt sops-encrypted in-memory data. - # - plugin: community.sops.decrypt - # plugin_type: filter - - ref: community.sops.sops vars plugin <ansible_collections.community.sops.sops_vars> + - plugin: community.sops.sops + plugin_type: vars description: The sops vars plugin can be used to load sops-encrypted host or group variables. - # - plugin: community.sops.sops - # plugin_type: vars - module: community.sops.load_vars """ diff --git a/ansible_collections/community/sops/plugins/module_utils/sops.py b/ansible_collections/community/sops/plugins/module_utils/sops.py index d3c98d1d2..c66405237 100644 --- a/ansible_collections/community/sops/plugins/module_utils/sops.py +++ b/ansible_collections/community/sops/plugins/module_utils/sops.py @@ -14,7 +14,7 @@ from ansible.module_utils.common.text.converters import to_text, to_native from subprocess import Popen, PIPE -# From https://github.com/mozilla/sops/blob/master/cmd/sops/codes/codes.go +# From https://github.com/getsops/sops/blob/master/cmd/sops/codes/codes.go # Should be manually updated SOPS_ERROR_CODES = { 1: "ErrorGeneric", @@ -112,7 +112,7 @@ ENCRYPT_OPTIONS = { class SopsError(Exception): - ''' Extend Exception class with sops specific informations ''' + ''' Extend Exception class with sops specific information ''' def __init__(self, filename, exit_code, message, decryption=True): if exit_code in SOPS_ERROR_CODES: diff --git a/ansible_collections/community/sops/plugins/modules/load_vars.py b/ansible_collections/community/sops/plugins/modules/load_vars.py index 27e9ae8c2..26366078f 100644 --- a/ansible_collections/community/sops/plugins/modules/load_vars.py +++ b/ansible_collections/community/sops/plugins/modules/load_vars.py @@ -28,13 +28,13 @@ options: name: description: - The name of a variable into which assign the included vars. - - If omitted (C(null)) they will be made top level vars. + - If omitted (V(null)) they will be made top level vars. type: str expressions: description: - This option controls how Jinja2 expressions in values in the loaded file are handled. - - If set to C(ignore), expressions will not be evaluated, but treated as regular strings. - - If set to C(evaluate-on-load), expressions will be evaluated on execution of this module, + - If set to V(ignore), expressions will not be evaluated, but treated as regular strings. + - If set to V(evaluate-on-load), expressions will be evaluated on execution of this module, in other words, when the file is loaded. - Unfortunately, there is no way for non-core modules to handle expressions "unsafe", in other words, evaluate them only on use. This can only achieved by M(ansible.builtin.include_vars), @@ -69,18 +69,15 @@ seealso: - module: ansible.builtin.include_vars - ref: playbooks_delegation description: More information related to task delegation. - - ref: community.sops.sops lookup <ansible_collections.community.sops.sops_lookup> + - plugin: community.sops.sops + plugin_type: lookup description: The sops lookup can be used decrypt sops-encrypted files. - # - plugin: community.sops.sops - # plugin_type: lookup - - ref: community.sops.decrypt filter <ansible_collections.community.sops.decrypt_filter> + - plugin: community.sops.decrypt + plugin_type: filter description: The decrypt filter can be used to descrypt sops-encrypted in-memory data. - # - plugin: community.sops.decrypt - # plugin_type: filter - - ref: community.sops.sops vars plugin <ansible_collections.community.sops.sops_vars> + - plugin: community.sops.sops + plugin_type: vars description: The sops vars plugin can be used to load sops-encrypted host or group variables. - # - plugin: community.sops.sops - # plugin_type: vars ''' EXAMPLES = r''' diff --git a/ansible_collections/community/sops/plugins/modules/sops_encrypt.py b/ansible_collections/community/sops/plugins/modules/sops_encrypt.py index d4ba34353..9fd9b5081 100644 --- a/ansible_collections/community/sops/plugins/modules/sops_encrypt.py +++ b/ansible_collections/community/sops/plugins/modules/sops_encrypt.py @@ -32,24 +32,24 @@ options: description: - The data to encrypt. Must be a Unicode text. - Please note that the module might not be idempotent if the text can be parsed as JSON or YAML. - - Exactly one of I(content_text), I(content_binary), I(content_json) and I(content_yaml) must be specified. + - Exactly one of O(content_text), O(content_binary), O(content_json), and O(content_yaml) must be specified. type: str content_binary: description: - The data to encrypt. Must be L(Base64 encoded,https://en.wikipedia.org/wiki/Base64) binary data. - Please note that the module might not be idempotent if the data can be parsed as JSON or YAML. - - Exactly one of I(content_text), I(content_binary), I(content_json) and I(content_yaml) must be specified. + - Exactly one of O(content_text), O(content_binary), O(content_json), and O(content_yaml) must be specified. type: str content_json: description: - The data to encrypt. Must be a JSON dictionary. - - Exactly one of I(content_text), I(content_binary), I(content_json) and I(content_yaml) must be specified. + - Exactly one of O(content_text), O(content_binary), O(content_json), and O(content_yaml) must be specified. type: dict content_yaml: description: - The data to encrypt. Must be a YAML dictionary. - Please note that Ansible only allows to pass data that can be represented as a JSON dictionary. - - Exactly one of I(content_text), I(content_binary), I(content_json) and I(content_yaml) must be specified. + - Exactly one of O(content_text), O(content_binary), O(content_json), and O(content_yaml) must be specified. type: dict extends_documentation_fragment: - ansible.builtin.files @@ -65,10 +65,9 @@ attributes: safe_file_operations: support: full seealso: - - ref: community.sops.sops lookup <ansible_collections.community.sops.sops_lookup> + - plugin: community.sops.sops + plugin_type: lookup description: The sops lookup can be used decrypt sops-encrypted files. - # - plugin: community.sops.sops - # plugin_type: lookup ''' EXAMPLES = r''' @@ -217,7 +216,7 @@ def main(): output_type = None if path.endswith('.json'): output_type = 'json' - elif path.endswith('.yaml'): + elif path.endswith('.yaml') or path.endswith('.yml'): output_type = 'yaml' data = Sops.encrypt( data=input_data, cwd=directory, input_type=input_type, output_type=output_type, diff --git a/ansible_collections/community/sops/plugins/vars/sops.py b/ansible_collections/community/sops/plugins/vars/sops.py index 547480351..8b83a06b3 100644 --- a/ansible_collections/community/sops/plugins/vars/sops.py +++ b/ansible_collections/community/sops/plugins/vars/sops.py @@ -38,7 +38,7 @@ DOCUMENTATION = ''' - If the cache is disabled, the files will be decrypted for almost every task. This is very slow! - Only disable caching if you modify the variable files during a playbook run and want the updated result to be available from the next task on. - - "Note that setting I(stage) to C(inventory) has the same effect as setting I(cache) to C(true): + - "Note that setting O(stage=inventory) has the same effect as setting O(cache=true): the variables will be loaded only once (during inventory loading) and the vars plugin will not be called for every task." type: bool @@ -64,14 +64,12 @@ DOCUMENTATION = ''' - community.sops.sops.ansible_env - community.sops.sops.ansible_ini seealso: - - ref: community.sops.sops lookup <ansible_collections.community.sops.sops_lookup> + - plugin: community.sops.sops + plugin_type: lookup description: The sops lookup can be used decrypt sops-encrypted files. - # - plugin: community.sops.sops - # plugin_type: lookup - - ref: community.sops.decrypt filter <ansible_collections.community.sops.decrypt_filter> + - plugin: community.sops.decrypt + plugin_type: filter description: The decrypt filter can be used to descrypt sops-encrypted in-memory data. - # - plugin: community.sops.decrypt - # plugin_type: filter - module: community.sops.load_vars ''' @@ -137,7 +135,7 @@ class VarsModule(BaseVarsPlugin): if os.path.exists(b_opath): if os.path.isdir(b_opath): self._display.debug("\tprocessing dir %s" % opath) - # NOTE: iterating without extension allow retriving files recursively + # NOTE: iterating without extension allow retrieving files recursively # A filter is then applied by iterating on all results and filtering by # extension. # See: |