diff options
Diffstat (limited to 'ansible_collections/community/sops')
46 files changed, 605 insertions, 152 deletions
diff --git a/ansible_collections/community/sops/.github/workflows/ansible-test.yml b/ansible_collections/community/sops/.github/workflows/ansible-test.yml index eeec801aa..f31dfca6b 100644 --- a/ansible_collections/community/sops/.github/workflows/ansible-test.yml +++ b/ansible_collections/community/sops/.github/workflows/ansible-test.yml @@ -33,6 +33,7 @@ jobs: - stable-2.13 - stable-2.14 - stable-2.15 + - stable-2.16 - devel # Ansible-test on various stable branches does not yet work well with cgroups v2. # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04 @@ -69,11 +70,12 @@ jobs: docker_container: - ubuntu2004 - ubuntu2204 - - fedora37 + - fedora38 sops_version: - 3.5.0 - 3.6.0 - 3.7.3 + - 3.8.0 python_version: - '' include: @@ -108,19 +110,27 @@ jobs: - ansible: stable-2.15 docker_container: ubuntu2204 sops_version: 3.7.3 + # 2.16 + - ansible: stable-2.16 + docker_container: ubuntu2204 + sops_version: 3.8.0 + - ansible: stable-2.16 + docker_container: quay.io/ansible-community/test-image:centos-stream8 + python_version: '3.6' + sops_version: latest # devel - ansible: devel docker_container: quay.io/ansible-community/test-image:archlinux python_version: '3.11' sops_version: latest - ansible: devel + docker_container: quay.io/ansible-community/test-image:debian-bookworm + python_version: '3.11' + sops_version: latest + - ansible: stable-2.15 docker_container: quay.io/ansible-community/test-image:debian-bullseye python_version: '3.9' sops_version: latest - - ansible: devel - docker_container: quay.io/ansible-community/test-image:centos-stream8 - python_version: '3.6' - sops_version: latest steps: - name: >- Perform integration testing against @@ -177,6 +187,10 @@ jobs: docker_container: ubuntu2204 python_version: '' target: gha/install/1/ + - ansible: devel + docker_container: fedora38 + python_version: '' + target: gha/install/1/ # Install on localhost vs. remote host - ansible: devel docker_container: ubuntu2004 @@ -191,18 +205,23 @@ jobs: # NOTE: we're installing with git to work around Galaxy being a huge PITA (https://github.com/ansible/galaxy/issues/2429) pre-test-cmd: |- git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git ../../community/general - - ansible: devel + - ansible: stable-2.15 docker_container: quay.io/ansible-community/test-image:centos-stream8 python_version: '3.9' target: gha/install/3/ github_latest_detection: auto - ansible: devel + docker_container: quay.io/ansible-community/test-image:debian-bookworm + python_version: '3.11' + target: gha/install/3/ + github_latest_detection: auto + - ansible: stable-2.16 docker_container: quay.io/ansible-community/test-image:debian-bullseye python_version: '3.9' target: gha/install/3/ github_latest_detection: auto - ansible: devel - docker_container: fedora37 + docker_container: fedora38 python_version: '' target: gha/install/3/ github_latest_detection: auto @@ -224,6 +243,7 @@ jobs: # # NOTE: we're installing with git to work around Galaxy being a huge PITA (https://github.com/ansible/galaxy/issues/2429) # pre-test-cmd: |- # git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git ../../community/general + # Install 3.8.0-rc.1 prerelease steps: - name: >- Perform sops installation integration testing against diff --git a/ansible_collections/community/sops/.github/workflows/ee.yml b/ansible_collections/community/sops/.github/workflows/ee.yml index 22ec55014..3fccaa057 100644 --- a/ansible_collections/community/sops/.github/workflows/ee.yml +++ b/ansible_collections/community/sops/.github/workflows/ee.yml @@ -48,6 +48,10 @@ jobs: - name: ansible-core devel @ RHEL UBI 9 ansible_core: https://github.com/ansible/ansible/archive/devel.tar.gz ansible_runner: ansible-runner + other_deps: |2 + python_interpreter: + package_system: python3.11 python3.11-pip python3.11-wheel python3.11-cryptography + python_path: "/usr/bin/python3.11" base_image: docker.io/redhat/ubi9:latest pre_base: '"#"' execute_playbook: ansible-playbook -v community.sops.install_localhost @@ -90,7 +94,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }} diff --git a/ansible_collections/community/sops/.github/workflows/extra-tests.yml b/ansible_collections/community/sops/.github/workflows/extra-tests.yml index fd2f7f55e..af386ec83 100644 --- a/ansible_collections/community/sops/.github/workflows/extra-tests.yml +++ b/ansible_collections/community/sops/.github/workflows/extra-tests.yml @@ -26,14 +26,14 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: ansible_collections/${{env.NAMESPACE}}/${{env.COLLECTION_NAME}} - name: Set up Python uses: actions/setup-python@v4 with: - python-version: '3.10' + python-version: '3.11' - name: Install ansible-core run: pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check diff --git a/ansible_collections/community/sops/.github/workflows/import-galaxy.yml b/ansible_collections/community/sops/.github/workflows/import-galaxy.yml index ae472845d..420dafb68 100644 --- a/ansible_collections/community/sops/.github/workflows/import-galaxy.yml +++ b/ansible_collections/community/sops/.github/workflows/import-galaxy.yml @@ -23,14 +23,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: ./checkout - name: Set up Python uses: actions/setup-python@v4 with: - python-version: '3.10' + python-version: '3.11' - name: Install ansible-core run: pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check @@ -71,7 +71,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v4 with: - python-version: '3.10' + python-version: '3.11' - name: Install ansible-core run: pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check diff --git a/ansible_collections/community/sops/.github/workflows/reuse.yml b/ansible_collections/community/sops/.github/workflows/reuse.yml index f487d7969..dbdc1d499 100644 --- a/ansible_collections/community/sops/.github/workflows/reuse.yml +++ b/ansible_collections/community/sops/.github/workflows/reuse.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install dependencies run: | diff --git a/ansible_collections/community/sops/CHANGELOG.rst b/ansible_collections/community/sops/CHANGELOG.rst index 8d2c88ca5..45ce0662a 100644 --- a/ansible_collections/community/sops/CHANGELOG.rst +++ b/ansible_collections/community/sops/CHANGELOG.rst @@ -5,6 +5,82 @@ Community Sops Release Notes .. contents:: Topics +v1.6.7 +====== + +Release Summary +--------------- + +Bugfix release. + +Bugfixes +-------- + +- sops_encrypt - ensure that output-type is set to ``yaml`` when the file extension ``.yml`` is used. Now both ``.yaml`` and ``.yml`` files use the SOPS ``--output-type=yaml`` formatting (https://github.com/ansible-collections/community.sops/issues/164). + +v1.6.6 +====== + +Release Summary +--------------- + +Make fully compatible with and test against sops 3.8.0. + +Bugfixes +-------- + +- Fix RPM URL for the 3.8.0 release (https://github.com/ansible-collections/community.sops/pull/161). + +v1.6.5 +====== + +Release Summary +--------------- + +Make compatible with and test against sops 3.8.0-rc.1. + +Bugfixes +-------- + +- Avoid pre-releases when picking the latest version when using the GitHub API method (https://github.com/ansible-collections/community.sops/pull/159). +- Fix changed DEB and RPM URLs for 3.8.0 and its prerelease(s) (https://github.com/ansible-collections/community.sops/pull/159). + +v1.6.4 +====== + +Release Summary +--------------- + +Maintenance/bugfix release for the move of sops to the new `getsops GitHub organization <https://github.com/getsops>`__. + +Bugfixes +-------- + +- install role - fix ``sops_github_latest_detection=latest-release``, which broke due to sops moving to another GitHub organization (https://github.com/ansible-collections/community.sops/pull/151). + +v1.6.3 +====== + +Release Summary +--------------- + +Maintenance release with updated documentation. + +From this version on, community.sops is using the new `Ansible semantic markup +<https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_documenting.html#semantic-markup-within-module-documentation>`__ +in its documentation. If you look at documentation with the ansible-doc CLI tool +from ansible-core before 2.15, please note that it does not render the markup +correctly. You should be still able to read it in most cases, but you need +ansible-core 2.15 or later to see it as it is intended. Alternatively you can +look at `the devel docsite <https://docs.ansible.com/ansible/devel/collections/community/sops/>`__ +for the rendered HTML version of the documentation of the latest release. + + +Known Issues +------------ + +- Ansible markup will show up in raw form on ansible-doc text output for ansible-core before 2.15. If you have trouble deciphering the documentation markup, please upgrade to ansible-core 2.15 (or newer), or read the HTML documentation on https://docs.ansible.com/ansible/devel/collections/community/sops/. + v1.6.2 ====== diff --git a/ansible_collections/community/sops/FILES.json b/ansible_collections/community/sops/FILES.json index 63a027b18..022bae0cf 100644 --- a/ansible_collections/community/sops/FILES.json +++ b/ansible_collections/community/sops/FILES.json @@ -25,7 +25,7 @@ "name": ".github/workflows/ansible-test.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "73cdfbd8026911429246bc1660c77606b7e5ed2357cc678198ce494a36350497", + "chksum_sha256": "bed33c6620f2d7323d8468f8f621f3ea543db46d90e5598c81b02d814b0e832a", "format": 1 }, { @@ -46,28 +46,28 @@ "name": ".github/workflows/ee.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "e924f232654dee81b0fc831ff559e1f4671b768221cc68bc6fe951d15933efd3", + "chksum_sha256": "13442db7f1b12ea9a4c6e8127e5dc3132c3165c75ccca509bfcc3c3b519b4da5", "format": 1 }, { "name": ".github/workflows/extra-tests.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "d37c57a221512fa1d7e7477c382cd11941df95c39ddccc9ede1fc49c205ccfcb", + "chksum_sha256": "3f1745c9267b6672479989d71a4c9e23f051ec220ee61370f8fad321991b3525", "format": 1 }, { "name": ".github/workflows/import-galaxy.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "12f44c852cdcf4d6606110a18180751ce115c7431d9ecac8860c38ca68de3c95", + "chksum_sha256": "ed5db1ac5b80fbf247248ba6f66cb5bdedee09381c743bbfa60e5b133a4aa4ec", "format": 1 }, { "name": ".github/workflows/reuse.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "dc3684b09ddd4dea6622cbf4501c0bd4408f676bb9d05cedb6aff72529b6b4d0", + "chksum_sha256": "bd69ae1fc4d1e551fc67a9d9271ca04a3fe6d8a0e30181815b87fbad49a15afa", "format": 1 }, { @@ -151,7 +151,7 @@ "name": "changelogs/changelog.yaml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "8eb38241c4918f5e7f59a46059dde0eaacdc12a189168fb58e13cf048aa1726e", + "chksum_sha256": "d13211ac91f7af53225f9fd56bfa5789d7a98d647318d07902429484420a3e39", "format": 1 }, { @@ -193,7 +193,7 @@ "name": "docs/docsite/rst/guide.rst", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "32f8fc68467e5c175a4d1301596f5647c7f1f7a6f36187cde01ec8e6047ab9b4", + "chksum_sha256": "4289f051c08662a484e50f334941aa14fa4ccfab05a6ac3f719f50359dceaf25", "format": 1 }, { @@ -298,7 +298,7 @@ "name": "plugins/doc_fragments/sops.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "b301331d83a268914aa2c3e3042430de79bf572aa53a80d7b50fb5b00761b58f", + "chksum_sha256": "08c5b477751feb90ac32e78047c90fc4eb0b71000970fa488a43d0a85a485fed", "format": 1 }, { @@ -312,14 +312,14 @@ "name": "plugins/filter/_latest_version.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "6db24f13e472ba499e1d891507b9bc14c5df17c73e8ad12d31fe2f362a69f177", + "chksum_sha256": "b5ed2b5fbd3d6673031cff857e0d056daf2842d5eeb17249774772129e254182", "format": 1 }, { "name": "plugins/filter/decrypt.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "47f4aea8e22c96d0ba032644299306d593c568fc4b2e04be1cb3ad81d20160a6", + "chksum_sha256": "172aa3716d5acd49b82cd9078e68526421a85d28116a6174b2fe5374befeefb1", "format": 1 }, { @@ -333,7 +333,7 @@ "name": "plugins/lookup/sops.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "c2b9f850e93e4cde59e3f21f101ed06fc7174211fc9cd110f83cbe3271a992f9", + "chksum_sha256": "ec4b218296a27faea5ec01c6165ea379df3025ef9a2098efaa4058069b92e302", "format": 1 }, { @@ -354,7 +354,7 @@ "name": "plugins/module_utils/sops.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "34e358a918b7bfa0985203faada16b5f11424ba69a6ca1afed9f17c51bdd6fde", + "chksum_sha256": "1cdbd5b09ac6367893596fa957b2637d76e3db62a65957545d786248c4e8dd72", "format": 1 }, { @@ -368,14 +368,14 @@ "name": "plugins/modules/load_vars.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "5c83a9e5afcc1cd978f07375510c0beb5928cbdfe0b132380f54dfedce7eda73", + "chksum_sha256": "6f65eada73c1cec0f3082cd548c9dd87b48d16f0516c803faa004d1333ac5b76", "format": 1 }, { "name": "plugins/modules/sops_encrypt.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "31eb7e974044dbcfb20aceeaa35dbe6a4db40cde34d8106376d0b87c618db3e2", + "chksum_sha256": "34631d7cf9ea31448682b2e88d37f01813dd773248b14453f0a3906e9b028823", "format": 1 }, { @@ -403,7 +403,7 @@ "name": "plugins/vars/sops.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "8e69aae9a1f264fade4bab781b1ec69fd28dea343af3e79cdd76015b94de68bc", + "chksum_sha256": "4c7150b9893c7ebf553dc327e08fe5bfea675e1ddf5e99d13596fb296ac7c227", "format": 1 }, { @@ -571,14 +571,14 @@ "name": "roles/install/meta/argument_specs.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "365a49e747895ee0b404ef735fcf92b29c3dbcdd5fbc5844d5cb545d1d9fbde5", + "chksum_sha256": "bc32b9924cd06c20b06d7448b2be73a5affbcece5689573069cebf9ee92432ee", "format": 1 }, { "name": "roles/install/meta/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "aec443fa842205021f4e5df3be4263de4344d8ce157307eca5f4523718a736e2", + "chksum_sha256": "073b60bfdecd6e185bb9f8d02f7e7167bb2db02f7c8af4394cd6085aa54c15be", "format": 1 }, { @@ -606,14 +606,14 @@ "name": "roles/install/tasks/github_api.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "d2686f68158196c379e609f7c149d0ac8a3887b0685995ba3c6caac9f2990779", + "chksum_sha256": "e3dc6d2da9fbae52228765cc4f5f6d3a4a18af8a5d7691c13963943000df8219", "format": 1 }, { "name": "roles/install/tasks/github_latest_release.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "3fcf412aa7c3a0c87c08ab45f8d0235304180212d37c0c8efc9097326516adfc", + "chksum_sha256": "8d02ba847bc7b10996d2e762bc5304b4446af592594363edb573dff6ede1e7cb", "format": 1 }, { @@ -655,14 +655,14 @@ "name": "roles/install/vars/OS-Debian.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "f80fc923f141c7ea06989923786218befca11a5159372898d8b518110975715a", + "chksum_sha256": "68c63c8de33f7078997c2ae5c01998df4b33ab27dba401fe2c069d5ed311ca31", "format": 1 }, { "name": "roles/install/vars/OS-RedHat.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "69ec003b243d7a0e83e3787a2bc87e1ffd9eb88a42cf58e703deb97e03c63db3", + "chksum_sha256": "80434723c267d857e977bc19d9ceb8e60bb8b85eedf7e01d1fa339d772257720", "format": 1 }, { @@ -767,7 +767,7 @@ "name": "tests/ee/all.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "82f189010cba28eb4264c7a19ac085579c6f9fe7dd82e2f4c551d2e865dd132b", + "chksum_sha256": "34eaea22a6ab72535f9ed1e47e0bdf0c93648e900869b72b78b863118b3ec40e", "format": 1 }, { @@ -834,6 +834,34 @@ "format": 1 }, { + "name": "tests/integration/targets/filter__latest_version", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/filter__latest_version/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/filter__latest_version/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "eb403955be963645a440cc08e3b80cd5a20b831b51a7a54d05a63b2f56874626", + "format": 1 + }, + { + "name": "tests/integration/targets/filter__latest_version/aliases", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e5ced53ad61a1730fd8027e388426ff76ab537963c84bee1ad84ad5fc57dbb2a", + "format": 1 + }, + { "name": "tests/integration/targets/filter_decrypt", "ftype": "dir", "chksum_type": null, @@ -1527,6 +1555,20 @@ "format": 1 }, { + "name": "tests/integration/targets/role_install_latest/meta", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/role_install_latest/meta/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e11ca6edae518cc531ab425daa9eb93f78f89b9ddd515deabd239e8c7925323d", + "format": 1 + }, + { "name": "tests/integration/targets/role_install_latest/tasks", "ftype": "dir", "chksum_type": null, @@ -1555,6 +1597,20 @@ "format": 1 }, { + "name": "tests/integration/targets/role_install_localhost_remote/meta", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/role_install_localhost_remote/meta/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e11ca6edae518cc531ab425daa9eb93f78f89b9ddd515deabd239e8c7925323d", + "format": 1 + }, + { "name": "tests/integration/targets/role_install_localhost_remote/tasks", "ftype": "dir", "chksum_type": null, @@ -1583,6 +1639,20 @@ "format": 1 }, { + "name": "tests/integration/targets/role_install_version/meta", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/role_install_version/meta/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e11ca6edae518cc531ab425daa9eb93f78f89b9ddd515deabd239e8c7925323d", + "format": 1 + }, + { "name": "tests/integration/targets/role_install_version/tasks", "ftype": "dir", "chksum_type": null, @@ -1593,7 +1663,7 @@ "name": "tests/integration/targets/role_install_version/tasks/main.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "1754b5e36e03ba81600f3678fd0f30de5a1f25f48999aa9b6cd9a42347edcfdb", + "chksum_sha256": "b407ca27828842bd8034fb2e124019ce35a22d01b22607aec39f59eb4539234b", "format": 1 }, { @@ -1604,6 +1674,34 @@ "format": 1 }, { + "name": "tests/integration/targets/setup_pkg_mgr", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/setup_pkg_mgr/tasks", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/setup_pkg_mgr/tasks/archlinux.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "cd071a182e3762f530cddc36a67e55e9c1ea8c404bbc18316d8d12347f4fbe01", + "format": 1 + }, + { + "name": "tests/integration/targets/setup_pkg_mgr/tasks/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "0fb106d2ee26ad02f4d9f5328055b76932dbef01bc491dd336d2684ace8ee673", + "format": 1 + }, + { "name": "tests/integration/targets/setup_remote_tmp_dir", "ftype": "dir", "chksum_type": null, @@ -1660,6 +1758,20 @@ "format": 1 }, { + "name": "tests/integration/targets/setup_sops/meta", + "ftype": "dir", + "chksum_type": null, + "chksum_sha256": null, + "format": 1 + }, + { + "name": "tests/integration/targets/setup_sops/meta/main.yml", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "e11ca6edae518cc531ab425daa9eb93f78f89b9ddd515deabd239e8c7925323d", + "format": 1 + }, + { "name": "tests/integration/targets/setup_sops/tasks", "ftype": "dir", "chksum_type": null, @@ -1670,7 +1782,7 @@ "name": "tests/integration/targets/setup_sops/tasks/install.yml", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "e5577e9ad872bf1bf6c2b91d506af8a4d74560f677cbf248023bb1283e979862", + "chksum_sha256": "e0f475dd8981e6625aff8ae443e001e80a48ce493fbca78351a04218cfaa9fb6", "format": 1 }, { @@ -2244,7 +2356,7 @@ "name": "tests/integration/targets/var_sops/README.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "c43f777b5e871249b9b0ce642fe54d3eb5d04c8191dce97ab2c36c083e6168ae", + "chksum_sha256": "4060937137a2b2e254805ed81e6d02c71c39b9adaaa9989c5a8fe35ef306fb9f", "format": 1 }, { @@ -2300,7 +2412,7 @@ "name": "tests/sanity/extra/extra-docs.py", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "0fbd87476e9c35e4c5feb31be4aa1e8fc6aebf0de13058e5a267879f741ec0bf", + "chksum_sha256": "c52e316daf1292bbb063be19429fd1f06e02bce3c9d4622a8dfc61fa3af06688", "format": 1 }, { @@ -2356,7 +2468,7 @@ "name": "tests/sanity/ignore-2.10.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "339f0feb36bead5f3e7ea0b6f9e2a87c0c3206f495d294ecfad057f7defa0225", + "chksum_sha256": "207d9d00a3131630b45a21968dabaf3f694bb463a1774a7a78c8b51b6cda85ab", "format": 1 }, { @@ -2370,7 +2482,7 @@ "name": "tests/sanity/ignore-2.11.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "339f0feb36bead5f3e7ea0b6f9e2a87c0c3206f495d294ecfad057f7defa0225", + "chksum_sha256": "d26c7ab4c1dcbea0e31206fc725ae736cb801d6386cc2b35e1e7ba54e9fa05d2", "format": 1 }, { @@ -2384,7 +2496,7 @@ "name": "tests/sanity/ignore-2.12.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "339f0feb36bead5f3e7ea0b6f9e2a87c0c3206f495d294ecfad057f7defa0225", + "chksum_sha256": "d26c7ab4c1dcbea0e31206fc725ae736cb801d6386cc2b35e1e7ba54e9fa05d2", "format": 1 }, { @@ -2398,7 +2510,7 @@ "name": "tests/sanity/ignore-2.13.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "339f0feb36bead5f3e7ea0b6f9e2a87c0c3206f495d294ecfad057f7defa0225", + "chksum_sha256": "66755c2d6580a1638312b6a2cddcce6252ca5e054202be2e2bfc6dbd0fc22ed4", "format": 1 }, { @@ -2412,7 +2524,7 @@ "name": "tests/sanity/ignore-2.14.txt", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "339f0feb36bead5f3e7ea0b6f9e2a87c0c3206f495d294ecfad057f7defa0225", + "chksum_sha256": "66755c2d6580a1638312b6a2cddcce6252ca5e054202be2e2bfc6dbd0fc22ed4", "format": 1 }, { @@ -2451,13 +2563,27 @@ "format": 1 }, { - "name": "tests/sanity/ignore-2.9.txt", + "name": "tests/sanity/ignore-2.17.txt", "ftype": "file", "chksum_type": "sha256", "chksum_sha256": "339f0feb36bead5f3e7ea0b6f9e2a87c0c3206f495d294ecfad057f7defa0225", "format": 1 }, { + "name": "tests/sanity/ignore-2.17.txt.license", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "6eb915239f9f35407fa68fdc41ed6522f1fdcce11badbdcd6057548023179ac1", + "format": 1 + }, + { + "name": "tests/sanity/ignore-2.9.txt", + "ftype": "file", + "chksum_type": "sha256", + "chksum_sha256": "207d9d00a3131630b45a21968dabaf3f694bb463a1774a7a78c8b51b6cda85ab", + "format": 1 + }, + { "name": "tests/sanity/ignore-2.9.txt.license", "ftype": "file", "chksum_type": "sha256", @@ -2482,7 +2608,7 @@ "name": "CHANGELOG.rst", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "531c8f5e2e2dd47278c4fa5654e690b1fc6cd54dbdef459d025898900b02ca8c", + "chksum_sha256": "a7b18f61218c66190213237ad87a8a53538216df356e7ff98230b41861a520ef", "format": 1 }, { @@ -2510,7 +2636,7 @@ "name": "README.md", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "907940525a54d4a9d69b4048a78401b9179df58b138c4b2a1da500e827b093b6", + "chksum_sha256": "11a9e3713e564c010a8585c501e4d2e19157bbc741f1cc02fd4acb86cfb220ea", "format": 1 }, { diff --git a/ansible_collections/community/sops/MANIFEST.json b/ansible_collections/community/sops/MANIFEST.json index 036a68d46..4bb1d9cd0 100644 --- a/ansible_collections/community/sops/MANIFEST.json +++ b/ansible_collections/community/sops/MANIFEST.json @@ -2,7 +2,7 @@ "collection_info": { "namespace": "community", "name": "sops", - "version": "1.6.2", + "version": "1.6.7", "authors": [ "Edoardo Tenani" ], @@ -14,7 +14,7 @@ "secret", "vault" ], - "description": "Support usage of mozilla/sops from your Ansible playbooks", + "description": "Support usage of getsops/sops from your Ansible playbooks", "license": [ "GPL-3.0-or-later", "BSD-2-Clause" @@ -30,7 +30,7 @@ "name": "FILES.json", "ftype": "file", "chksum_type": "sha256", - "chksum_sha256": "e6916843346085be643662b3c5a4d3f0eef3494fef82743749705370497a308c", + "chksum_sha256": "f1faf463236d1f6e7b988b2cd3f36cf25adeb331a206014b589d00b32f402ad2", "format": 1 }, "format": 1 diff --git a/ansible_collections/community/sops/README.md b/ansible_collections/community/sops/README.md index 0e7c85213..537822ef4 100644 --- a/ansible_collections/community/sops/README.md +++ b/ansible_collections/community/sops/README.md @@ -8,9 +8,9 @@ SPDX-License-Identifier: GPL-3.0-or-later [](https://github.com/ansible-collections/community.sops/actions) [](https://codecov.io/gh/ansible-collections/community.sops) <!-- Describe the collection and why a user would want to use it. What does the collection do? --> -The `community.sops` collection allows integrating [`mozilla/sops`](https://github.com/mozilla/sops) in Ansible. +The `community.sops` collection allows integrating [`getsops/sops`](https://github.com/getsops/sops) in Ansible. -`mozilla/sops` is a tool for encryption and decryption of files using secure keys (GPG, KMS). It can be leveraged in Ansible to provide an easy to use and flexible to manage way to manage ecrypted secrets' files. +`getsops/sops` is a tool for encryption and decryption of files using secure keys (GPG, KMS, age). It can be leveraged in Ansible to provide an easy to use and flexible to manage way to manage ecrypted secrets' files. Please note that this collection does **not** support Windows targets. @@ -18,15 +18,15 @@ Please note that this collection does **not** support Windows targets. The following table shows which versions of sops were tested with which versions of the collection. Older (or newer) versions of sops can still work fine, it just means that we did not test them. In some cases, it could be that a minimal required version of sops is explicitly documented for a specific feature. Right now, that is not the case. -|`community.sops` version|`mozilla/sops` version| +|`community.sops` version|`getsops/sops` version| |---|---| |0.1.0|`3.5.0+`| |1.0.6|`3.5.0+`| -|`main` branch|`3.5.0`, `3.6.0`, `3.7.1`, `3.7.2`, `3.7.3`| +|`main` branch|`3.5.0`, `3.6.0`, `3.7.3`, `3.8.0`| ## Tested with Ansible -Tested with the current Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14 releases and the current development version of ansible-core. Ansible versions before 2.9.10 are not supported. +Tested with the current Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, ansible-core 2.14, ansible-core 2.15, and ansible-core 2.16 releases and the current development version of ansible-core. Ansible versions before 2.9.10 are not supported. The vars plugin requires ansible-base 2.10 or later. @@ -34,7 +34,7 @@ The vars plugin requires ansible-base 2.10 or later. <!-- List any external resources the collection depends on, for example minimum versions of an OS, libraries, or utilities. Do not list other Ansible collections here. --> -You will need to install [`sops`](https://github.com/mozilla/sops) manually before using plugins provided by this +You will need to install [`sops`](https://github.com/getsops/sops) manually before using plugins provided by this collection. ## Collection Documentation diff --git a/ansible_collections/community/sops/changelogs/changelog.yaml b/ansible_collections/community/sops/changelogs/changelog.yaml index a91ec5463..2638bca69 100644 --- a/ansible_collections/community/sops/changelogs/changelog.yaml +++ b/ansible_collections/community/sops/changelogs/changelog.yaml @@ -275,3 +275,78 @@ releases: - 1.6.2.yml - 146-install-facts.yml release_date: '2023-06-15' + 1.6.3: + changes: + known_issues: + - Ansible markup will show up in raw form on ansible-doc text output for ansible-core + before 2.15. If you have trouble deciphering the documentation markup, please + upgrade to ansible-core 2.15 (or newer), or read the HTML documentation on + https://docs.ansible.com/ansible/devel/collections/community/sops/. + release_summary: 'Maintenance release with updated documentation. + + + From this version on, community.sops is using the new `Ansible semantic markup + + <https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_documenting.html#semantic-markup-within-module-documentation>`__ + + in its documentation. If you look at documentation with the ansible-doc CLI + tool + + from ansible-core before 2.15, please note that it does not render the markup + + correctly. You should be still able to read it in most cases, but you need + + ansible-core 2.15 or later to see it as it is intended. Alternatively you + can + + look at `the devel docsite <https://docs.ansible.com/ansible/devel/collections/community/sops/>`__ + + for the rendered HTML version of the documentation of the latest release. + + ' + fragments: + - 1.6.3.yml + - semantic-markup.yml + release_date: '2023-06-27' + 1.6.4: + changes: + bugfixes: + - install role - fix ``sops_github_latest_detection=latest-release``, which + broke due to sops moving to another GitHub organization (https://github.com/ansible-collections/community.sops/pull/151). + release_summary: Maintenance/bugfix release for the move of sops to the new + `getsops GitHub organization <https://github.com/getsops>`__. + fragments: + - 1.6.4.yml + - 151-github.yml + release_date: '2023-06-30' + 1.6.5: + changes: + bugfixes: + - Avoid pre-releases when picking the latest version when using the GitHub API + method (https://github.com/ansible-collections/community.sops/pull/159). + - Fix changed DEB and RPM URLs for 3.8.0 and its prerelease(s) (https://github.com/ansible-collections/community.sops/pull/159). + release_summary: Make compatible with and test against sops 3.8.0-rc.1. + fragments: + - 1.6.5.yml + - 159-new-releases.yml + release_date: '2023-08-25' + 1.6.6: + changes: + bugfixes: + - Fix RPM URL for the 3.8.0 release (https://github.com/ansible-collections/community.sops/pull/161). + release_summary: Make fully compatible with and test against sops 3.8.0. + fragments: + - 1.6.6.yml + - 161-rhel-3.8.0.yml + release_date: '2023-09-15' + 1.6.7: + changes: + bugfixes: + - sops_encrypt - ensure that output-type is set to ``yaml`` when the file extension + ``.yml`` is used. Now both ``.yaml`` and ``.yml`` files use the SOPS ``--output-type=yaml`` + formatting (https://github.com/ansible-collections/community.sops/issues/164). + release_summary: Bugfix release. + fragments: + - 1.6.7.yml + - 165-yaml-output-for-yml-extension.yaml + release_date: '2023-10-29' diff --git a/ansible_collections/community/sops/docs/docsite/rst/guide.rst b/ansible_collections/community/sops/docs/docsite/rst/guide.rst index bc071a194..8f7118d88 100644 --- a/ansible_collections/community/sops/docs/docsite/rst/guide.rst +++ b/ansible_collections/community/sops/docs/docsite/rst/guide.rst @@ -8,9 +8,9 @@ Protecting Ansible secrets with Mozilla SOPS ============================================ -`Mozilla SOPS <https://github.com/mozilla/sops>`_ allows to encrypt and decrypt files using various key sources (GPG, AWS KMS, GCP KMS, ...). For structured data, such as YAML, JSON, INI and ENV files, it will encrypt values, but not mapping keys. For YAML files, it also encrypts comments. This makes it a great tool for encrypting credentials with Ansible: you can easily see which files contain which variable, but the variables themselves are encrypted. +`Mozilla SOPS <https://github.com/getsops/sops>`_ allows to encrypt and decrypt files using various key sources (GPG, AWS KMS, GCP KMS, ...). For structured data, such as YAML, JSON, INI and ENV files, it will encrypt values, but not mapping keys. For YAML files, it also encrypts comments. This makes it a great tool for encrypting credentials with Ansible: you can easily see which files contain which variable, but the variables themselves are encrypted. -The ability to utilize various keysources makes it easier to use in complex environments than `Ansible Vault <https://docs.ansible.com/ansible/latest/user_guide/vault.html>`_. +The ability to utilize various keysources makes it easier to use in complex environments than :ref:`Ansible Vault <vault_guide_index>`. .. contents:: :local: @@ -19,9 +19,9 @@ The ability to utilize various keysources makes it easier to use in complex envi Installing sops --------------- -You can find binaries and packages `on the project's release page <https://github.com/mozilla/sops/releases>`_. Depending on your operating system, you might also be able to install it with your system's package manager. +You can find binaries and packages `on the project's release page <https://github.com/getsops/sops/releases>`_. Depending on your operating system, you might also be able to install it with your system's package manager. -This collection provides a `role community.sops.install <ansible_collections.community.sops.install_role>`_ which allows to install sops and `GNU Privacy Guard (GPG) <https://en.wikipedia.org/wiki/GNU_Privacy_Guard>`__. The role allows to install sops from the system's package manager or from GitHub. Both sops and GPG can be installed on the remote hosts or the Ansible controller. +This collection provides a :ansplugin:`role community.sops.install <community.sops.install#role>` which allows to install sops and `GNU Privacy Guard (GPG) <https://en.wikipedia.org/wiki/GNU_Privacy_Guard>`__. The role allows to install sops from the system's package manager or from GitHub. Both sops and GPG can be installed on the remote hosts or the Ansible controller. .. code-block:: yaml @@ -63,24 +63,24 @@ The simplest way of ensuring this is to use the ``community.sops.install_localho .. code-block:: yaml --- - version: 1 + version: 3 dependencies: galaxy: requirements.yml additional_build_steps: - append: + append_final: # Ensure that sops is installed in the EE, assuming the EE is for ansible-core 2.11 or newer - RUN ansible-playbook -v community.sops.install_localhost -Note that this only works if the execution environment is built with ansible-core 2.11 or newer. When using an execution environment with Ansible 2.9, you have to use the ``community.sops.install`` role manually. Also note that you need to make sure that Ansible 2.9 uses the correct Python interpreter to be able to install system packages with; in the below example we are assuming a RHEL/CentOS based execution environment base image: +Note that this only works if the execution environment is built with ansible-core 2.11 or newer. When using an execution environment with Ansible 2.9, you have to use the :ansplugin:`community.sops.install#role` role manually. Also note that you need to make sure that Ansible 2.9 uses the correct Python interpreter to be able to install system packages with; in the below example we are assuming a RHEL/CentOS based execution environment base image: .. code-block:: yaml --- - version: 1 + version: 3 dependencies: galaxy: requirements.yml additional_build_steps: - append: + append_final: # Special step needed for Ansible 2.9 based EEs - >- RUN ansible localhost -m include_role -a name=community.sops.install @@ -160,7 +160,7 @@ At the end, the ``sops`` section contains metadata, which includes the private k Working with encrypted files ---------------------------- -You can decrypt sops-encrypted files with the :ref:`community.sops.sops lookup plugin <ansible_collections.community.sops.sops_lookup>`, and dynamically encrypt data with the :ref:`community.sops.sops_encrypt module <ansible_collections.community.sops.sops_encrypt_module>`. Being able to encrypt is useful when you create or update secrets in your Ansible playbooks. +You can decrypt sops-encrypted files with the :ansplugin:`community.sops.sops lookup plugin <community.sops.sops#lookup>`, and dynamically encrypt data with the :ansplugin:`community.sops.sops_encrypt module <community.sops.sops_encrypt#module>`. Being able to encrypt is useful when you create or update secrets in your Ansible playbooks. Assume that you have an encrypted private key ``keys/private_key.pem.sops``, which was in PEM format before being encrypted by sops: @@ -170,7 +170,7 @@ Assume that you have an encrypted private key ``keys/private_key.pem.sops``, whi $ sops --encrypt keys/private_key.pem > keys/private_key.pem.sops $ wipe keys/private_key.pem -To use it in a playbook, for example to pass it to the :ref:`community.crypto.openssl_csr module <ansible_collections.community.crypto.openssl_csr_module>` to create a certificate signing request (CSR), you can use the :ref:`community.sops.sops lookup plugin <ansible_collections.community.sops.sops_lookup>` to load it: +To use it in a playbook, for example to pass it to the :ansplugin:`community.crypto.openssl_csr module <community.crypto.openssl_csr#module>` to create a certificate signing request (CSR), you can use the :ansplugin:`community.sops.sops lookup plugin <community.sops.sops#lookup>` to load it: .. code-block:: yaml+jinja @@ -205,7 +205,7 @@ This results in the following output: Afterwards, you will have a CSR ``ansible.com.csr`` for the encrypted private key ``keys/private_key.pem.sops``. -If you want to use Ansible to generate (or update) the encrypted private key, you can use the :ref:`community.crypto.openssl_privatekey_pipe module <ansible_collections.community.crypto.openssl_privatekey_pipe_module>` to generate (or update) the private key, and use the :ref:`community.sops.sops_encrypt module <ansible_collections.community.sops.sops_encrypt_module>` to write it to disk in encrypted form: +If you want to use Ansible to generate (or update) the encrypted private key, you can use the :ansplugin:`community.crypto.openssl_privatekey_pipe module <community.crypto.openssl_privatekey_pipe#module>` to generate (or update) the private key, and use the :ansplugin:`community.sops.sops_encrypt module <community.sops.sops_encrypt#module>` to write it to disk in encrypted form: .. code-block:: yaml+jinja @@ -266,7 +266,7 @@ This playbook creates a new key on every run. If you want the private key creati set_fact: private_key: '' -The ``empty_on_not_exist=true`` flag is needed to avoid the lookup to fail when the key does not yet exist. When this playbook is run twice, the output will be: +The :ansopt:`community.sops.sops#lookup:empty_on_not_exist=true` flag is needed to avoid the lookup to fail when the key does not yet exist. When this playbook is run twice, the output will be: .. code-block:: ansible-output @@ -287,9 +287,9 @@ The ``empty_on_not_exist=true`` flag is needed to avoid the lookup to fail when Working with encrypted data from other sources ---------------------------------------------- -You can use the :ref:`community.sops.decrypt Jinja2 filter <ansible_collections.community.sops.decrypt_filter>` to decrypt arbitrary data. This can be data read earlier from a file, returned from an action, or obtained through some other means. +You can use the :ansplugin:`community.sops.decrypt Jinja2 filter <community.sops.decrypt#filter>` to decrypt arbitrary data. This can be data read earlier from a file, returned from an action, or obtained through some other means. -For example, assume that you want to decrypt a file retrieved from a HTTPS server with the `ansible.builtin.uri module <ansible_collections.ansible.builtin.uri_module>`_. To use the :ref:`community.sops.sops lookup <ansible_collections.community.sops.sops_lookup>`, you have to write it to a file first. With the filter, you can directly decrypt it: +For example, assume that you want to decrypt a file retrieved from a HTTPS server with the :ansplugin:`ansible.builtin.uri module <ansible.builtin.uri#module>`. To use the :ansplugin:`community.sops.sops lookup <community.sops.sops#lookup>`, you have to write it to a file first. With the filter, you can directly decrypt it: .. code-block:: yaml+jinja @@ -300,7 +300,7 @@ For example, assume that you want to decrypt a file retrieved from a HTTPS serve tasks: - name: Fetch file from URL ansible.builtin.uri: - url: https://raw.githubusercontent.com/mozilla/sops/master/functional-tests/res/comments.enc.yaml + url: https://raw.githubusercontent.com/getsops/sops/master/functional-tests/res/comments.enc.yaml return_content: true register: encrypted_content @@ -365,7 +365,7 @@ The output will be: PLAY RECAP ******************************************************************************************************* localhost : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 -Please note that if you put a Jinja2 expression in a variable, it will be evaluated **every time it is used**. Decrypting data takes a certain amount of time. If you need to use an expression multiple times, it is better to store its evaluated form as a fact with `ansible.bulitin.set_fact <ansible_collections.ansible.builtin.set_fact_module>`_ first. This can be important if decrypted data should be passed to a role +Please note that if you put a Jinja2 expression in a variable, it will be evaluated **every time it is used**. Decrypting data takes a certain amount of time. If you need to use an expression multiple times, it is better to store its evaluated form as a fact with :ansplugin:`ansible.bulitin.set_fact <ansible.builtin.set_fact#module>` first. This can be important if decrypted data should be passed to a role .. code-block:: yaml+jinja @@ -376,7 +376,7 @@ Please note that if you put a Jinja2 expression in a variable, it will be evalua tasks: - name: Fetch file from URL ansible.builtin.uri: - url: https://raw.githubusercontent.com/mozilla/sops/master/functional-tests/res/comments.enc.yaml + url: https://raw.githubusercontent.com/getsops/sops/master/functional-tests/res/comments.enc.yaml return_content: true register: encrypted_content @@ -403,7 +403,7 @@ Please note that if you put a Jinja2 expression in a variable, it will be evalua Working with encrypted variables -------------------------------- -You can load encrypted variables similarly to the :ref:`ansible.builtin.host_group_vars vars plugin <ansible_collections.ansible.builtin.host_group_vars_vars>` with the :ref:`community.sops.sops vars plugin <ansible_collections.community.sops.sops_vars>`. If you need to load variables dynamically similarly to the :ref:`ansible.builtin.include_vars action <ansible_collections.ansible.builtin.include_vars_module>`, you can use the :ref:`community.sops.load_vars action <ansible_collections.community.sops.load_vars_module>`. +You can load encrypted variables similarly to the :ansplugin:`ansible.builtin.host_group_vars vars plugin <ansible.builtin.host_group_vars#vars>` with the :ansplugin:`community.sops.sops vars plugin <community.sops.sops#vars>`. If you need to load variables dynamically similarly to the :ansplugin:`ansible.builtin.include_vars action <ansible.builtin.include_vars#module>`, you can use the :ansplugin:`community.sops.load_vars action <community.sops.load_vars#module>`. To use the vars plugin, you need to enable it in your Ansible config file (``ansible.cfg``): @@ -420,9 +420,9 @@ See :ref:`VARIABLE_PLUGINS_ENABLED <VARIABLE_PLUGINS_ENABLED>` for more details The vars plugin will decrypt them and you can use their unencrypted content transparently. -If you need to dynamically load encrypted variables, similar to the built-in :ref:`ansible.builtin.include_vars action <ansible_collections.ansible.builtin.include_vars_module>`, you can use the :ref:`community.sops.load_vars action <ansible_collections.community.sops.load_vars_module>` action. Please note that it is not a perfect replacement, since the built-in action relies on some hard-coded special casing in ansible-core which allows it to load the variables actually as variables (more precisely: as "unsafe" Jinja2 expressions which are automatically evaluated when used). Other action plugins, such as ``community.sops.load_vars``, cannot do that and have to load the variables as facts instead. +If you need to dynamically load encrypted variables, similar to the built-in :ansplugin:`ansible.builtin.include_vars action <ansible.builtin.include_vars#module>`, you can use the :ansplugin:`community.sops.load_vars action <community.sops.load_vars#module>` action. Please note that it is not a perfect replacement, since the built-in action relies on some hard-coded special casing in ansible-core which allows it to load the variables actually as variables (more precisely: as "unsafe" Jinja2 expressions which are automatically evaluated when used). Other action plugins, such as :ansplugin:`community.sops.load_vars#module`, cannot do that and have to load the variables as facts instead. -This is mostly relevant if you use Jinja2 expressions in the encrypted variable file. When ``include_vars`` loads a variable file with expressions, these expressions will only be evaluated when the variable that defines them needs to be evaluated (lazy evaluation). Since ``community.sops.load_vars`` returns facts, it has to directly evaluate expressions at load time. (For this, set its ``expressions`` option to ``evaluate-on-load``.) This is mostly relevant if you want to refer to other variables from the same file: this will not work, since Ansible does not know the other variable yet while evaluating the first. It will only "know" them as facts after all have been evaluated and the action finishes. +This is mostly relevant if you use Jinja2 expressions in the encrypted variable file. When :ansplugin:`ansible.builtin.include_vars#module` loads a variable file with expressions, these expressions will only be evaluated when the variable that defines them needs to be evaluated (lazy evaluation). Since :ansplugin:`community.sops.load_vars#module` returns facts, it has to directly evaluate expressions at load time. (For this, set its :ansopt:`community.sops.load_vars#module:expressions` option to :ansval:`evaluate-on-load`.) This is mostly relevant if you want to refer to other variables from the same file: this will not work, since Ansible does not know the other variable yet while evaluating the first. It will only "know" them as facts after all have been evaluated and the action finishes. For the following example, assume you have the encrypted file ``keys/credentials.sops.yml`` which decrypts to: diff --git a/ansible_collections/community/sops/plugins/doc_fragments/sops.py b/ansible_collections/community/sops/plugins/doc_fragments/sops.py index ffbfe2d54..15a0ea118 100644 --- a/ansible_collections/community/sops/plugins/doc_fragments/sops.py +++ b/ansible_collections/community/sops/plugins/doc_fragments/sops.py @@ -20,14 +20,14 @@ options: age_key: description: - One or more age private keys that can be used to decrypt encrypted files. - - Will be set as the C(SOPS_AGE_KEY) environment variable when calling sops. + - Will be set as the E(SOPS_AGE_KEY) environment variable when calling sops. type: str version_added: 1.4.0 age_keyfile: description: - The file containing the age private keys that sops can use to decrypt encrypted files. - - Will be set as the C(SOPS_AGE_KEY_FILE) environment variable when calling sops. + - Will be set as the E(SOPS_AGE_KEY_FILE) environment variable when calling sops. - By default, sops looks for C(sops/age/keys.txt) inside your user configuration directory. type: path @@ -41,19 +41,19 @@ options: aws_access_key_id: description: - The AWS access key ID to use for requests to AWS. - - Sets the environment variable C(AWS_ACCESS_KEY_ID) for the sops call. + - Sets the environment variable E(AWS_ACCESS_KEY_ID) for the sops call. type: str version_added: 1.0.0 aws_secret_access_key: description: - The AWS secret access key to use for requests to AWS. - - Sets the environment variable C(AWS_SECRET_ACCESS_KEY) for the sops call. + - Sets the environment variable E(AWS_SECRET_ACCESS_KEY) for the sops call. type: str version_added: 1.0.0 aws_session_token: description: - The AWS session token to use for requests to AWS. - - Sets the environment variable C(AWS_SESSION_TOKEN) for the sops call. + - Sets the environment variable E(AWS_SESSION_TOKEN) for the sops call. type: str version_added: 1.0.0 config_path: @@ -264,7 +264,7 @@ options: description: - Override the encrypted key suffix. - When set to an empty string, all keys will be encrypted that are not explicitly - marked by I(unencrypted_suffix). + marked by O(unencrypted_suffix). - This corresponds to the sops C(--encrypted-suffix) option. type: str version_added: 1.0.0 @@ -293,7 +293,7 @@ options: description: - The number of distinct keys required to retrieve the data key with L(Shamir's Secret Sharing, https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing). - - If not set here and in the sops config file, will default to C(0). + - If not set here and in the sops config file, will default to V(0). - This corresponds to the sops C(--shamir-secret-sharing-threshold) option. type: int version_added: 1.0.0 diff --git a/ansible_collections/community/sops/plugins/filter/_latest_version.py b/ansible_collections/community/sops/plugins/filter/_latest_version.py index a4de0f17b..9aecc45d7 100644 --- a/ansible_collections/community/sops/plugins/filter/_latest_version.py +++ b/ansible_collections/community/sops/plugins/filter/_latest_version.py @@ -62,6 +62,8 @@ except ImportError: def pick_latest_version(version_list): '''Pick latest version from a list of versions.''' + # Remove all prereleases (versions with '+' or '-' in them) + version_list = [v for v in version_list if '-' not in v and '+' not in v] if not version_list: return '' return sorted(version_list, key=LooseVersion, reverse=True)[0] diff --git a/ansible_collections/community/sops/plugins/filter/decrypt.py b/ansible_collections/community/sops/plugins/filter/decrypt.py index a27d1c70f..015d93881 100644 --- a/ansible_collections/community/sops/plugins/filter/decrypt.py +++ b/ansible_collections/community/sops/plugins/filter/decrypt.py @@ -46,9 +46,9 @@ options: output_type: description: - Tell sops how to interpret the decrypted file. - - Please note that the output is always text or bytes, depending on the value of I(decode_output). - To parse the resulting JSON or YAML, use corresponding filters such as C(ansible.builtin.from_json) - and C(ansible.builtin.from_yaml). + - Please note that the output is always text or bytes, depending on the value of O(decode_output). + To parse the resulting JSON or YAML, use corresponding filters such as P(ansible.builtin.from_json#filter) + and P(ansible.builtin.from_yaml#filter). type: str choices: - binary @@ -59,8 +59,8 @@ options: decode_output: description: - Whether to decode the output to bytes. - - When I(output_type=binary), and the file isn't known to contain UTF-8 encoded text, - this should better be set to C(false) to prevent mangling the data with UTF-8 decoding. + - When O(output_type=binary), and the file isn't known to contain UTF-8 encoded text, + this should better be set to V(false) to prevent mangling the data with UTF-8 decoding. type: bool default: true extends_documentation_fragment: @@ -80,7 +80,7 @@ EXAMPLES = ''' tasks: - name: Fetch file from URL ansible.builtin.uri: - url: https://raw.githubusercontent.com/mozilla/sops/master/functional-tests/res/comments.enc.yaml + url: https://raw.githubusercontent.com/getsops/sops/master/functional-tests/res/comments.enc.yaml return_content: true register: encrypted_content @@ -100,7 +100,7 @@ EXAMPLES = ''' RETURN = ''' _value: description: - - Decrypted data as text (I(decode_output=true), default) or binary string (I(decode_output=false)). + - Decrypted data as text (O(decode_output=true), default) or binary string (O(decode_output=false)). type: string ''' diff --git a/ansible_collections/community/sops/plugins/lookup/sops.py b/ansible_collections/community/sops/plugins/lookup/sops.py index 64990ae55..8d39432f5 100644 --- a/ansible_collections/community/sops/plugins/lookup/sops.py +++ b/ansible_collections/community/sops/plugins/lookup/sops.py @@ -55,7 +55,7 @@ DOCUMENTATION = """ - dotenv empty_on_not_exist: description: - - When set to C(true), will not raise an error when a file cannot be found, + - When set to V(true), will not raise an error when a file cannot be found, but return an empty string instead. type: bool default: false @@ -67,14 +67,12 @@ DOCUMENTATION = """ notes: - This lookup does not understand 'globbing' - use the fileglob lookup instead. seealso: - - ref: community.sops.decrypt filter <ansible_collections.community.sops.decrypt_filter> + - plugin: community.sops.decrypt + plugin_type: filter description: The decrypt filter can be used to descrypt sops-encrypted in-memory data. - # - plugin: community.sops.decrypt - # plugin_type: filter - - ref: community.sops.sops vars plugin <ansible_collections.community.sops.sops_vars> + - plugin: community.sops.sops + plugin_type: vars description: The sops vars plugin can be used to load sops-encrypted host or group variables. - # - plugin: community.sops.sops - # plugin_type: vars - module: community.sops.load_vars """ diff --git a/ansible_collections/community/sops/plugins/module_utils/sops.py b/ansible_collections/community/sops/plugins/module_utils/sops.py index d3c98d1d2..c66405237 100644 --- a/ansible_collections/community/sops/plugins/module_utils/sops.py +++ b/ansible_collections/community/sops/plugins/module_utils/sops.py @@ -14,7 +14,7 @@ from ansible.module_utils.common.text.converters import to_text, to_native from subprocess import Popen, PIPE -# From https://github.com/mozilla/sops/blob/master/cmd/sops/codes/codes.go +# From https://github.com/getsops/sops/blob/master/cmd/sops/codes/codes.go # Should be manually updated SOPS_ERROR_CODES = { 1: "ErrorGeneric", @@ -112,7 +112,7 @@ ENCRYPT_OPTIONS = { class SopsError(Exception): - ''' Extend Exception class with sops specific informations ''' + ''' Extend Exception class with sops specific information ''' def __init__(self, filename, exit_code, message, decryption=True): if exit_code in SOPS_ERROR_CODES: diff --git a/ansible_collections/community/sops/plugins/modules/load_vars.py b/ansible_collections/community/sops/plugins/modules/load_vars.py index 27e9ae8c2..26366078f 100644 --- a/ansible_collections/community/sops/plugins/modules/load_vars.py +++ b/ansible_collections/community/sops/plugins/modules/load_vars.py @@ -28,13 +28,13 @@ options: name: description: - The name of a variable into which assign the included vars. - - If omitted (C(null)) they will be made top level vars. + - If omitted (V(null)) they will be made top level vars. type: str expressions: description: - This option controls how Jinja2 expressions in values in the loaded file are handled. - - If set to C(ignore), expressions will not be evaluated, but treated as regular strings. - - If set to C(evaluate-on-load), expressions will be evaluated on execution of this module, + - If set to V(ignore), expressions will not be evaluated, but treated as regular strings. + - If set to V(evaluate-on-load), expressions will be evaluated on execution of this module, in other words, when the file is loaded. - Unfortunately, there is no way for non-core modules to handle expressions "unsafe", in other words, evaluate them only on use. This can only achieved by M(ansible.builtin.include_vars), @@ -69,18 +69,15 @@ seealso: - module: ansible.builtin.include_vars - ref: playbooks_delegation description: More information related to task delegation. - - ref: community.sops.sops lookup <ansible_collections.community.sops.sops_lookup> + - plugin: community.sops.sops + plugin_type: lookup description: The sops lookup can be used decrypt sops-encrypted files. - # - plugin: community.sops.sops - # plugin_type: lookup - - ref: community.sops.decrypt filter <ansible_collections.community.sops.decrypt_filter> + - plugin: community.sops.decrypt + plugin_type: filter description: The decrypt filter can be used to descrypt sops-encrypted in-memory data. - # - plugin: community.sops.decrypt - # plugin_type: filter - - ref: community.sops.sops vars plugin <ansible_collections.community.sops.sops_vars> + - plugin: community.sops.sops + plugin_type: vars description: The sops vars plugin can be used to load sops-encrypted host or group variables. - # - plugin: community.sops.sops - # plugin_type: vars ''' EXAMPLES = r''' diff --git a/ansible_collections/community/sops/plugins/modules/sops_encrypt.py b/ansible_collections/community/sops/plugins/modules/sops_encrypt.py index d4ba34353..9fd9b5081 100644 --- a/ansible_collections/community/sops/plugins/modules/sops_encrypt.py +++ b/ansible_collections/community/sops/plugins/modules/sops_encrypt.py @@ -32,24 +32,24 @@ options: description: - The data to encrypt. Must be a Unicode text. - Please note that the module might not be idempotent if the text can be parsed as JSON or YAML. - - Exactly one of I(content_text), I(content_binary), I(content_json) and I(content_yaml) must be specified. + - Exactly one of O(content_text), O(content_binary), O(content_json), and O(content_yaml) must be specified. type: str content_binary: description: - The data to encrypt. Must be L(Base64 encoded,https://en.wikipedia.org/wiki/Base64) binary data. - Please note that the module might not be idempotent if the data can be parsed as JSON or YAML. - - Exactly one of I(content_text), I(content_binary), I(content_json) and I(content_yaml) must be specified. + - Exactly one of O(content_text), O(content_binary), O(content_json), and O(content_yaml) must be specified. type: str content_json: description: - The data to encrypt. Must be a JSON dictionary. - - Exactly one of I(content_text), I(content_binary), I(content_json) and I(content_yaml) must be specified. + - Exactly one of O(content_text), O(content_binary), O(content_json), and O(content_yaml) must be specified. type: dict content_yaml: description: - The data to encrypt. Must be a YAML dictionary. - Please note that Ansible only allows to pass data that can be represented as a JSON dictionary. - - Exactly one of I(content_text), I(content_binary), I(content_json) and I(content_yaml) must be specified. + - Exactly one of O(content_text), O(content_binary), O(content_json), and O(content_yaml) must be specified. type: dict extends_documentation_fragment: - ansible.builtin.files @@ -65,10 +65,9 @@ attributes: safe_file_operations: support: full seealso: - - ref: community.sops.sops lookup <ansible_collections.community.sops.sops_lookup> + - plugin: community.sops.sops + plugin_type: lookup description: The sops lookup can be used decrypt sops-encrypted files. - # - plugin: community.sops.sops - # plugin_type: lookup ''' EXAMPLES = r''' @@ -217,7 +216,7 @@ def main(): output_type = None if path.endswith('.json'): output_type = 'json' - elif path.endswith('.yaml'): + elif path.endswith('.yaml') or path.endswith('.yml'): output_type = 'yaml' data = Sops.encrypt( data=input_data, cwd=directory, input_type=input_type, output_type=output_type, diff --git a/ansible_collections/community/sops/plugins/vars/sops.py b/ansible_collections/community/sops/plugins/vars/sops.py index 547480351..8b83a06b3 100644 --- a/ansible_collections/community/sops/plugins/vars/sops.py +++ b/ansible_collections/community/sops/plugins/vars/sops.py @@ -38,7 +38,7 @@ DOCUMENTATION = ''' - If the cache is disabled, the files will be decrypted for almost every task. This is very slow! - Only disable caching if you modify the variable files during a playbook run and want the updated result to be available from the next task on. - - "Note that setting I(stage) to C(inventory) has the same effect as setting I(cache) to C(true): + - "Note that setting O(stage=inventory) has the same effect as setting O(cache=true): the variables will be loaded only once (during inventory loading) and the vars plugin will not be called for every task." type: bool @@ -64,14 +64,12 @@ DOCUMENTATION = ''' - community.sops.sops.ansible_env - community.sops.sops.ansible_ini seealso: - - ref: community.sops.sops lookup <ansible_collections.community.sops.sops_lookup> + - plugin: community.sops.sops + plugin_type: lookup description: The sops lookup can be used decrypt sops-encrypted files. - # - plugin: community.sops.sops - # plugin_type: lookup - - ref: community.sops.decrypt filter <ansible_collections.community.sops.decrypt_filter> + - plugin: community.sops.decrypt + plugin_type: filter description: The decrypt filter can be used to descrypt sops-encrypted in-memory data. - # - plugin: community.sops.decrypt - # plugin_type: filter - module: community.sops.load_vars ''' @@ -137,7 +135,7 @@ class VarsModule(BaseVarsPlugin): if os.path.exists(b_opath): if os.path.isdir(b_opath): self._display.debug("\tprocessing dir %s" % opath) - # NOTE: iterating without extension allow retriving files recursively + # NOTE: iterating without extension allow retrieving files recursively # A filter is then applied by iterating on all results and filtering by # extension. # See: diff --git a/ansible_collections/community/sops/roles/install/meta/argument_specs.yml b/ansible_collections/community/sops/roles/install/meta/argument_specs.yml index e6f3e8746..83c890a5b 100644 --- a/ansible_collections/community/sops/roles/install/meta/argument_specs.yml +++ b/ansible_collections/community/sops/roles/install/meta/argument_specs.yml @@ -8,7 +8,7 @@ argument_specs: short_description: Install Mozilla sops version_added: 1.5.0 description: - - This role installs L(Mozilla sops,https://github.com/mozilla/sops) and Gnu Privacy Guard (GPG). + - This role installs L(Mozilla sops,https://github.com/getsops/sops) and Gnu Privacy Guard (GPG). - >- This role supports the following operating systems: Alpine (new enough), @@ -19,7 +19,7 @@ argument_specs: RHEL 7 or newer, Ubuntu 16.04 or newer LTS versions - The Ansible facts C(ansible_facts.architecture), C(ansible_facts.distribution), C(ansible_facts.distribution_major_version), - C(ansible_facts.distribution_version), and C(ansible_facts.os_family) are expected to be present if I(sops_install_on_localhost) is C(false). + C(ansible_facts.distribution_version), and C(ansible_facts.os_family) are expected to be present if O(sops_install_on_localhost) is V(false). author: - Felix Fontein (@felixfontein) options: @@ -27,15 +27,15 @@ argument_specs: default: latest description: - The version of sops to install. - - Should be a version like C(3.7.2). The special value C(latest) will select the latest version available form the given source. + - Should be a version like V(3.7.2). The special value V(latest) will select the latest version available form the given source. type: str sops_source: default: auto description: - Determines the source from where sops is installed. - - The value C(github) will install sops from the Mozilla sops releases on GitHub (U(https://github.com/mozilla/sops/releases/)). - - The value C(system) will install sops from the system packages. Note that not all system package repositories support sops. - - The value C(auto) will determine the best source to install sops from. Here, system package repositories are preferred over GitHub. + - The value V(github) will install sops from the Mozilla sops releases on GitHub (U(https://github.com/getsops/sops/releases/)). + - The value V(system) will install sops from the system packages. Note that not all system package repositories support sops. + - The value V(auto) will determine the best source to install sops from. Here, system package repositories are preferred over GitHub. type: str choices: - auto @@ -54,9 +54,9 @@ argument_specs: sops_github_latest_detection: description: - When installing the latest sops version from GitHub, configures how the latest release is detected. - - C(auto) tries C(api) first and then uses C(latest-release). - - C(api) asks the GitHub API for a list of recent releases and picks the highest version. - - C(latest-release) uses a not fully documented URL to retrieve the release marked as "latest" by the repository maintainers. + - V(auto) tries V(api) first and then uses V(latest-release). + - V(api) asks the GitHub API for a list of recent releases and picks the highest version. Pre-releases are avoided. + - V(latest-release) uses a not fully documented URL to retrieve the release marked as "latest" by the repository maintainers. type: str choices: - auto diff --git a/ansible_collections/community/sops/roles/install/meta/main.yml b/ansible_collections/community/sops/roles/install/meta/main.yml index f6dc6814e..376d956b6 100644 --- a/ansible_collections/community/sops/roles/install/meta/main.yml +++ b/ansible_collections/community/sops/roles/install/meta/main.yml @@ -6,6 +6,6 @@ galaxy_info: standalone: false description: > - Install Mozilla sops (https://github.com/mozilla/sops). + Install Mozilla sops (https://github.com/getsops/sops). dependencies: [] diff --git a/ansible_collections/community/sops/roles/install/tasks/github_api.yml b/ansible_collections/community/sops/roles/install/tasks/github_api.yml index 01d9b77b3..43dc526b4 100644 --- a/ansible_collections/community/sops/roles/install/tasks/github_api.yml +++ b/ansible_collections/community/sops/roles/install/tasks/github_api.yml @@ -11,7 +11,7 @@ status_code: - 200 - 403 # "HTTP Error 403: rate limit exceeded" - url: https://api.github.com/repos/mozilla/sops/releases + url: https://api.github.com/repos/getsops/sops/releases register: _community_sops_install_github_releases delegate_to: localhost run_once: true diff --git a/ansible_collections/community/sops/roles/install/tasks/github_latest_release.yml b/ansible_collections/community/sops/roles/install/tasks/github_latest_release.yml index ca67b3cd6..748918657 100644 --- a/ansible_collections/community/sops/roles/install/tasks/github_latest_release.yml +++ b/ansible_collections/community/sops/roles/install/tasks/github_latest_release.yml @@ -9,7 +9,7 @@ status_code: - 302 - 307 - url: https://github.com/mozilla/sops/releases/latest/ + url: https://github.com/getsops/sops/releases/latest/ register: _community_sops_install_github_latest_release delegate_to: localhost run_once: true @@ -28,7 +28,7 @@ - name: In case this failed, inform user ansible.builtin.debug: msg: >- - Could not obtain latest version from https://github.com/mozilla/sops/releases/latest/. + Could not obtain latest version from https://github.com/getsops/sops/releases/latest/. Please create an issue in https://github.com/ansible-collections/community.sops/issues/ if there is not already one. when: _community_sops_install_effective_sops_version == '' diff --git a/ansible_collections/community/sops/roles/install/vars/OS-Debian.yml b/ansible_collections/community/sops/roles/install/vars/OS-Debian.yml index 5f9cf2609..64e23f2d5 100644 --- a/ansible_collections/community/sops/roles/install/vars/OS-Debian.yml +++ b/ansible_collections/community/sops/roles/install/vars/OS-Debian.yml @@ -16,10 +16,10 @@ _community_sops_install_system_packages_unsigned: [] _community_sops_install_arch_transform: x86_64: amd64 _community_sops_install_system_package_deb_github: >- - https://github.com/mozilla/sops/releases/download/v{{ + https://github.com/getsops/sops/releases/download/v{{ _community_sops_install_effective_sops_version }}/sops_{{ - _community_sops_install_effective_sops_version + _community_sops_install_effective_sops_version.replace('-', '.') }}_{{ _community_sops_install_arch_transform.get(ansible_facts.architecture, ansible_facts.architecture) }}.deb diff --git a/ansible_collections/community/sops/roles/install/vars/OS-RedHat.yml b/ansible_collections/community/sops/roles/install/vars/OS-RedHat.yml index 95f7d2abe..e06c62806 100644 --- a/ansible_collections/community/sops/roles/install/vars/OS-RedHat.yml +++ b/ansible_collections/community/sops/roles/install/vars/OS-RedHat.yml @@ -17,13 +17,15 @@ _community_sops_install_system_package_deb_github: false _community_sops_install_system_packages_github: [] _community_sops_install_system_packages_unsigned_github: - >- - https://github.com/mozilla/sops/releases/download/v{{ + https://github.com/getsops/sops/releases/download/v{{ _community_sops_install_effective_sops_version }}/sops-{{ (_community_sops_install_effective_sops_version is version('3.6.0', '<')) | ternary('v', '') }}{{ - _community_sops_install_effective_sops_version - }}-1.{{ + _community_sops_install_effective_sops_version.replace('-', '.') + }}{{ + (_community_sops_install_effective_sops_version is version('3.8.0', '<')) | ternary('-1', '') + }}.{{ ansible_facts.architecture }}.rpm diff --git a/ansible_collections/community/sops/tests/ee/all.yml b/ansible_collections/community/sops/tests/ee/all.yml index 18c7eda41..f42fdb634 100644 --- a/ansible_collections/community/sops/tests/ee/all.yml +++ b/ansible_collections/community/sops/tests/ee/all.yml @@ -7,7 +7,7 @@ tasks: - name: Download sops test GPG key on localhost get_url: - url: https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc + url: https://raw.githubusercontent.com/getsops/sops/master/pgp/sops_functional_tests_key.asc dest: /tmp/sops_functional_tests_key.asc - name: Import sops test GPG key on localhost command: gpg --import /tmp/sops_functional_tests_key.asc diff --git a/ansible_collections/community/sops/tests/integration/targets/filter__latest_version/aliases b/ansible_collections/community/sops/tests/integration/targets/filter__latest_version/aliases new file mode 100644 index 000000000..977ec3882 --- /dev/null +++ b/ansible_collections/community/sops/tests/integration/targets/filter__latest_version/aliases @@ -0,0 +1,9 @@ +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +gha/main +skip/aix +skip/osx +skip/freebsd +skip/python2.6 # lookups are controller only, and we no longer support Python 2.6 on the controller diff --git a/ansible_collections/community/sops/tests/integration/targets/filter__latest_version/tasks/main.yml b/ansible_collections/community/sops/tests/integration/targets/filter__latest_version/tasks/main.yml new file mode 100644 index 000000000..6d1ba661d --- /dev/null +++ b/ansible_collections/community/sops/tests/integration/targets/filter__latest_version/tasks/main.yml @@ -0,0 +1,39 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- name: Test _latest_version filter + ansible.builtin.assert: + that: + - list_0 | community.sops._latest_version == '1.0.0' + - list_1 | community.sops._latest_version == '1.2.1' + - list_2 | community.sops._latest_version == '1.2.1' + - list_3 | community.sops._latest_version == '1.2.3' + - list_4 | community.sops._latest_version == '' + - "[] | community.sops._latest_version == ''" + vars: + list_0: + - '1' + - '1.0' + - 1.0.0 + list_1: + - '1.0' + - 1.2.1 + - 1.0.0 + list_2: + - '1.0' + - 1.2.1 + - 1.2.1-rc.1 + - 1.0.0 + list_3: + - '1.0' + - 1.2.3 + - 1.4.0-rc.1 + - 1.4.0-a1+5 + - 1.4.0+5 + - 1.0.0 + list_4: + - 1.4.0-rc.1 + - 1.4.0-a1+5 + - 1.4.0+5 diff --git a/ansible_collections/community/sops/tests/integration/targets/role_install_latest/meta/main.yml b/ansible_collections/community/sops/tests/integration/targets/role_install_latest/meta/main.yml new file mode 100644 index 000000000..2fcd152f9 --- /dev/null +++ b/ansible_collections/community/sops/tests/integration/targets/role_install_latest/meta/main.yml @@ -0,0 +1,7 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +dependencies: + - setup_pkg_mgr diff --git a/ansible_collections/community/sops/tests/integration/targets/role_install_localhost_remote/meta/main.yml b/ansible_collections/community/sops/tests/integration/targets/role_install_localhost_remote/meta/main.yml new file mode 100644 index 000000000..2fcd152f9 --- /dev/null +++ b/ansible_collections/community/sops/tests/integration/targets/role_install_localhost_remote/meta/main.yml @@ -0,0 +1,7 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +dependencies: + - setup_pkg_mgr diff --git a/ansible_collections/community/sops/tests/integration/targets/role_install_version/meta/main.yml b/ansible_collections/community/sops/tests/integration/targets/role_install_version/meta/main.yml new file mode 100644 index 000000000..2fcd152f9 --- /dev/null +++ b/ansible_collections/community/sops/tests/integration/targets/role_install_version/meta/main.yml @@ -0,0 +1,7 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +dependencies: + - setup_pkg_mgr diff --git a/ansible_collections/community/sops/tests/integration/targets/role_install_version/tasks/main.yml b/ansible_collections/community/sops/tests/integration/targets/role_install_version/tasks/main.yml index 037a13b58..6443596b5 100644 --- a/ansible_collections/community/sops/tests/integration/targets/role_install_version/tasks/main.yml +++ b/ansible_collections/community/sops/tests/integration/targets/role_install_version/tasks/main.yml @@ -38,3 +38,21 @@ that: - >- 'sops 3.7.0' in output.stdout + +- name: Install sops 3.8.0-rc.1 + include_role: + name: community.sops.install + vars: + sops_version: 3.8.0-rc.1 + sops_github_token: "{{ github_token | default('') | string }}" + +- name: Figure out sops version + command: + cmd: sops --version --disable-version-check + register: output + +- name: Check sops version + assert: + that: + - >- + 'sops 3.8.0-rc.1' == output.stdout diff --git a/ansible_collections/community/sops/tests/integration/targets/setup_pkg_mgr/tasks/archlinux.yml b/ansible_collections/community/sops/tests/integration/targets/setup_pkg_mgr/tasks/archlinux.yml new file mode 100644 index 000000000..f471cc19a --- /dev/null +++ b/ansible_collections/community/sops/tests/integration/targets/setup_pkg_mgr/tasks/archlinux.yml @@ -0,0 +1,28 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +# Since Arch Linux is a rolling distribution, it regularly needs its packages upgraded, otherwise some tests might +# stop working due to conflicts during package installation. Since there is no good way to do this on container +# startup time, we use the setup_pkg_mgr setup role to do this once per CI run (hopefully). In case the Arch Linux +# tests are run outside of a container, we're using a date-based tag (see below) to avoid this running more than +# once per day. + +- name: Create tag + copy: + dest: /tmp/.ansible_archlinux_sysupgrade_tag + content: | + Last ArchLinux system upgrade by integration tests was done on {{ ansible_facts.date_time.date }}. + register: archlinux_upgrade_tag + +- name: Upgrade all packages + pacman: + update_cache: true + upgrade: true + when: archlinux_upgrade_tag is changed + +- name: Remove EXTERNALLY-MANAGED file + file: + path: /usr/lib/python{{ ansible_python.version.major }}.{{ ansible_python.version.minor }}/EXTERNALLY-MANAGED + state: absent diff --git a/ansible_collections/community/sops/tests/integration/targets/setup_pkg_mgr/tasks/main.yml b/ansible_collections/community/sops/tests/integration/targets/setup_pkg_mgr/tasks/main.yml new file mode 100644 index 000000000..5b4c0be38 --- /dev/null +++ b/ansible_collections/community/sops/tests/integration/targets/setup_pkg_mgr/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +- when: ansible_os_family == "Archlinux" + block: + - name: ArchLinux specific setup + include_tasks: archlinux.yml diff --git a/ansible_collections/community/sops/tests/integration/targets/setup_sops/meta/main.yml b/ansible_collections/community/sops/tests/integration/targets/setup_sops/meta/main.yml new file mode 100644 index 000000000..2fcd152f9 --- /dev/null +++ b/ansible_collections/community/sops/tests/integration/targets/setup_sops/meta/main.yml @@ -0,0 +1,7 @@ +--- +# Copyright (c) Ansible Project +# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +# SPDX-License-Identifier: GPL-3.0-or-later + +dependencies: + - setup_pkg_mgr diff --git a/ansible_collections/community/sops/tests/integration/targets/setup_sops/tasks/install.yml b/ansible_collections/community/sops/tests/integration/targets/setup_sops/tasks/install.yml index 29ff98e18..86416fa68 100644 --- a/ansible_collections/community/sops/tests/integration/targets/setup_sops/tasks/install.yml +++ b/ansible_collections/community/sops/tests/integration/targets/setup_sops/tasks/install.yml @@ -19,7 +19,7 @@ - name: Download sops test GPG key on localhost get_url: - url: https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc + url: https://raw.githubusercontent.com/getsops/sops/master/pgp/sops_functional_tests_key.asc dest: /tmp/sops_functional_tests_key.asc delegate_to: localhost @@ -43,7 +43,7 @@ - name: Download sops test GPG key on remote get_url: - url: https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc + url: https://raw.githubusercontent.com/getsops/sops/master/pgp/sops_functional_tests_key.asc dest: /tmp/sops_functional_tests_key.asc - name: Import sops test GPG key on remote diff --git a/ansible_collections/community/sops/tests/integration/targets/var_sops/README.md b/ansible_collections/community/sops/tests/integration/targets/var_sops/README.md index 38a3cfaa5..dad222e7a 100644 --- a/ansible_collections/community/sops/tests/integration/targets/var_sops/README.md +++ b/ansible_collections/community/sops/tests/integration/targets/var_sops/README.md @@ -23,4 +23,4 @@ If possible, extend an existing test. If that's not possible, or if you are afra 2. Create a `playbook.yml` and `validate.sh` in there (copy from a similar test and adjust); 3. Create subdirectories `group_vars` and/or `host_vars` and fill them as needed. -For creating sops encrypted files, use the private GPG keys from https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc. There is a `.sops.yaml` file in this directory which makes sure that sops automatically uses the correct one of the keys provided in that file. +For creating sops encrypted files, use the private GPG keys from https://raw.githubusercontent.com/getsops/sops/master/pgp/sops_functional_tests_key.asc. There is a `.sops.yaml` file in this directory which makes sure that sops automatically uses the correct one of the keys provided in that file. diff --git a/ansible_collections/community/sops/tests/sanity/extra/extra-docs.py b/ansible_collections/community/sops/tests/sanity/extra/extra-docs.py index c636beb08..251e6d70f 100755 --- a/ansible_collections/community/sops/tests/sanity/extra/extra-docs.py +++ b/ansible_collections/community/sops/tests/sanity/extra/extra-docs.py @@ -17,7 +17,7 @@ def main(): suffix = ':{env}'.format(env=env["ANSIBLE_COLLECTIONS_PATH"]) if 'ANSIBLE_COLLECTIONS_PATH' in env else '' env['ANSIBLE_COLLECTIONS_PATH'] = '{root}{suffix}'.format(root=os.path.dirname(os.path.dirname(os.path.dirname(os.getcwd()))), suffix=suffix) p = subprocess.run( - ['antsibull-docs', 'lint-collection-docs', '--plugin-docs', '--disallow-semantic-markup', '--skip-rstcheck', '.'], + ['antsibull-docs', 'lint-collection-docs', '--plugin-docs', '--skip-rstcheck', '.'], env=env, check=False, ) diff --git a/ansible_collections/community/sops/tests/sanity/ignore-2.10.txt b/ansible_collections/community/sops/tests/sanity/ignore-2.10.txt index 787dfec72..aacf26fbd 100644 --- a/ansible_collections/community/sops/tests/sanity/ignore-2.10.txt +++ b/ansible_collections/community/sops/tests/sanity/ignore-2.10.txt @@ -1,3 +1,6 @@ +docs/docsite/rst/guide.rst rstcheck +plugins/modules/load_vars.py validate-modules:invalid-documentation +plugins/modules/sops_encrypt.py validate-modules:invalid-documentation tests/integration/targets/filter_decrypt/files/hidden-binary.yaml yamllint:error tests/integration/targets/filter_decrypt/files/hidden-json.yaml yamllint:error tests/integration/targets/lookup_sops/files/hidden-binary.yaml yamllint:error diff --git a/ansible_collections/community/sops/tests/sanity/ignore-2.11.txt b/ansible_collections/community/sops/tests/sanity/ignore-2.11.txt index 787dfec72..0db7d8897 100644 --- a/ansible_collections/community/sops/tests/sanity/ignore-2.11.txt +++ b/ansible_collections/community/sops/tests/sanity/ignore-2.11.txt @@ -1,3 +1,5 @@ +plugins/modules/load_vars.py validate-modules:invalid-documentation +plugins/modules/sops_encrypt.py validate-modules:invalid-documentation tests/integration/targets/filter_decrypt/files/hidden-binary.yaml yamllint:error tests/integration/targets/filter_decrypt/files/hidden-json.yaml yamllint:error tests/integration/targets/lookup_sops/files/hidden-binary.yaml yamllint:error diff --git a/ansible_collections/community/sops/tests/sanity/ignore-2.12.txt b/ansible_collections/community/sops/tests/sanity/ignore-2.12.txt index 787dfec72..0db7d8897 100644 --- a/ansible_collections/community/sops/tests/sanity/ignore-2.12.txt +++ b/ansible_collections/community/sops/tests/sanity/ignore-2.12.txt @@ -1,3 +1,5 @@ +plugins/modules/load_vars.py validate-modules:invalid-documentation +plugins/modules/sops_encrypt.py validate-modules:invalid-documentation tests/integration/targets/filter_decrypt/files/hidden-binary.yaml yamllint:error tests/integration/targets/filter_decrypt/files/hidden-json.yaml yamllint:error tests/integration/targets/lookup_sops/files/hidden-binary.yaml yamllint:error diff --git a/ansible_collections/community/sops/tests/sanity/ignore-2.13.txt b/ansible_collections/community/sops/tests/sanity/ignore-2.13.txt index 787dfec72..be35d9d66 100644 --- a/ansible_collections/community/sops/tests/sanity/ignore-2.13.txt +++ b/ansible_collections/community/sops/tests/sanity/ignore-2.13.txt @@ -1,3 +1,7 @@ +plugins/lookup/sops.py validate-modules:invalid-documentation +plugins/modules/load_vars.py validate-modules:invalid-documentation +plugins/modules/sops_encrypt.py validate-modules:invalid-documentation +plugins/vars/sops.py validate-modules:invalid-documentation tests/integration/targets/filter_decrypt/files/hidden-binary.yaml yamllint:error tests/integration/targets/filter_decrypt/files/hidden-json.yaml yamllint:error tests/integration/targets/lookup_sops/files/hidden-binary.yaml yamllint:error diff --git a/ansible_collections/community/sops/tests/sanity/ignore-2.14.txt b/ansible_collections/community/sops/tests/sanity/ignore-2.14.txt index 787dfec72..be35d9d66 100644 --- a/ansible_collections/community/sops/tests/sanity/ignore-2.14.txt +++ b/ansible_collections/community/sops/tests/sanity/ignore-2.14.txt @@ -1,3 +1,7 @@ +plugins/lookup/sops.py validate-modules:invalid-documentation +plugins/modules/load_vars.py validate-modules:invalid-documentation +plugins/modules/sops_encrypt.py validate-modules:invalid-documentation +plugins/vars/sops.py validate-modules:invalid-documentation tests/integration/targets/filter_decrypt/files/hidden-binary.yaml yamllint:error tests/integration/targets/filter_decrypt/files/hidden-json.yaml yamllint:error tests/integration/targets/lookup_sops/files/hidden-binary.yaml yamllint:error diff --git a/ansible_collections/community/sops/tests/sanity/ignore-2.17.txt b/ansible_collections/community/sops/tests/sanity/ignore-2.17.txt new file mode 100644 index 000000000..787dfec72 --- /dev/null +++ b/ansible_collections/community/sops/tests/sanity/ignore-2.17.txt @@ -0,0 +1,4 @@ +tests/integration/targets/filter_decrypt/files/hidden-binary.yaml yamllint:error +tests/integration/targets/filter_decrypt/files/hidden-json.yaml yamllint:error +tests/integration/targets/lookup_sops/files/hidden-binary.yaml yamllint:error +tests/integration/targets/lookup_sops/files/hidden-json.yaml yamllint:error diff --git a/ansible_collections/community/sops/tests/sanity/ignore-2.17.txt.license b/ansible_collections/community/sops/tests/sanity/ignore-2.17.txt.license new file mode 100644 index 000000000..edff8c768 --- /dev/null +++ b/ansible_collections/community/sops/tests/sanity/ignore-2.17.txt.license @@ -0,0 +1,3 @@ +GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt) +SPDX-License-Identifier: GPL-3.0-or-later +SPDX-FileCopyrightText: Ansible Project diff --git a/ansible_collections/community/sops/tests/sanity/ignore-2.9.txt b/ansible_collections/community/sops/tests/sanity/ignore-2.9.txt index 787dfec72..aacf26fbd 100644 --- a/ansible_collections/community/sops/tests/sanity/ignore-2.9.txt +++ b/ansible_collections/community/sops/tests/sanity/ignore-2.9.txt @@ -1,3 +1,6 @@ +docs/docsite/rst/guide.rst rstcheck +plugins/modules/load_vars.py validate-modules:invalid-documentation +plugins/modules/sops_encrypt.py validate-modules:invalid-documentation tests/integration/targets/filter_decrypt/files/hidden-binary.yaml yamllint:error tests/integration/targets/filter_decrypt/files/hidden-json.yaml yamllint:error tests/integration/targets/lookup_sops/files/hidden-binary.yaml yamllint:error |