Feature/alphanumeric password in passwordstore (#38121)
* Alphanumeric only password may be generated * Bump the ansible version this will have been added to 2.8
This commit is contained in:
parent
d2c5fc8cac
commit
1219aa811a
1 changed files with 17 additions and 2 deletions
|
@ -51,6 +51,11 @@ DOCUMENTATION = """
|
||||||
type: bool
|
type: bool
|
||||||
default: 'no'
|
default: 'no'
|
||||||
version_added: 2.7
|
version_added: 2.7
|
||||||
|
nosymbols:
|
||||||
|
description: use alphanumeric characters
|
||||||
|
type: bool
|
||||||
|
default: 'no'
|
||||||
|
version_added: 2.8
|
||||||
"""
|
"""
|
||||||
EXAMPLES = """
|
EXAMPLES = """
|
||||||
# Debug is used for examples, BAD IDEA to show passwords on screen
|
# Debug is used for examples, BAD IDEA to show passwords on screen
|
||||||
|
@ -72,6 +77,9 @@ EXAMPLES = """
|
||||||
debug:
|
debug:
|
||||||
msg: "{{ lookup('passwordstore', 'example/test create=true overwrite=true')}}"
|
msg: "{{ lookup('passwordstore', 'example/test create=true overwrite=true')}}"
|
||||||
|
|
||||||
|
- name: Create an alphanumeric password
|
||||||
|
debug: msg="{{ lookup('passwordstore', 'example/test create=true nosymbols=true) }}"
|
||||||
|
|
||||||
- name: Return the value for user in the KV pair user, username
|
- name: Return the value for user in the KV pair user, username
|
||||||
debug:
|
debug:
|
||||||
msg: "{{ lookup('passwordstore', 'example/test subkey=user')}}"
|
msg: "{{ lookup('passwordstore', 'example/test subkey=user')}}"
|
||||||
|
@ -96,6 +104,7 @@ from ansible.errors import AnsibleError, AnsibleAssertionError
|
||||||
from ansible.module_utils._text import to_bytes, to_native, to_text
|
from ansible.module_utils._text import to_bytes, to_native, to_text
|
||||||
from ansible.utils.encrypt import random_password
|
from ansible.utils.encrypt import random_password
|
||||||
from ansible.plugins.lookup import LookupBase
|
from ansible.plugins.lookup import LookupBase
|
||||||
|
from ansible import constants as C
|
||||||
|
|
||||||
|
|
||||||
# backhacked check_output with input for python 2.7
|
# backhacked check_output with input for python 2.7
|
||||||
|
@ -155,7 +164,7 @@ class LookupModule(LookupBase):
|
||||||
raise AnsibleError(e)
|
raise AnsibleError(e)
|
||||||
# check and convert values
|
# check and convert values
|
||||||
try:
|
try:
|
||||||
for key in ['create', 'returnall', 'overwrite', 'backup']:
|
for key in ['create', 'returnall', 'overwrite', 'backup', 'nosymbols']:
|
||||||
if not isinstance(self.paramvals[key], bool):
|
if not isinstance(self.paramvals[key], bool):
|
||||||
self.paramvals[key] = util.strtobool(self.paramvals[key])
|
self.paramvals[key] = util.strtobool(self.paramvals[key])
|
||||||
except (ValueError, AssertionError) as e:
|
except (ValueError, AssertionError) as e:
|
||||||
|
@ -198,10 +207,15 @@ class LookupModule(LookupBase):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def get_newpass(self):
|
def get_newpass(self):
|
||||||
|
if self.paramvals['nosymbols']:
|
||||||
|
chars = C.DEFAULT_PASSWORD_CHARS[:62]
|
||||||
|
else:
|
||||||
|
chars = C.DEFAULT_PASSWORD_CHARS
|
||||||
|
|
||||||
if self.paramvals['userpass']:
|
if self.paramvals['userpass']:
|
||||||
newpass = self.paramvals['userpass']
|
newpass = self.paramvals['userpass']
|
||||||
else:
|
else:
|
||||||
newpass = random_password(length=self.paramvals['length'])
|
newpass = random_password(length=self.paramvals['length'], chars=chars)
|
||||||
return newpass
|
return newpass
|
||||||
|
|
||||||
def update_password(self):
|
def update_password(self):
|
||||||
|
@ -250,6 +264,7 @@ class LookupModule(LookupBase):
|
||||||
'create': False,
|
'create': False,
|
||||||
'returnall': False,
|
'returnall': False,
|
||||||
'overwrite': False,
|
'overwrite': False,
|
||||||
|
'nosymbols': False,
|
||||||
'userpass': '',
|
'userpass': '',
|
||||||
'length': 16,
|
'length': 16,
|
||||||
'backup': False,
|
'backup': False,
|
||||||
|
|
Loading…
Reference in a new issue