Hi all,
Last weekend i decided to put some effort in creating a new ansible lookup plugin for pass for my own needs. As this is my first lookup plugin and i’d like some opinions about the plugin. Perhaps some tips and tricks in order to make it even better. Unfortunately the development docs about lookup plugins is even more scarce.
My usecases were:
lookup a password ( password="{{ lookup(‘pass’, ‘example/test’}} )
If the password does not exist, create one at random (specified by create=true flag)
If the password exists and needs to be overwritten (create=true overwrite=true)
change the directory of the password store (specified by directory=dir)
specify the password length when creating (specified by length=42, default is 16 chars)
return all lines from the password file (specified by returnall=true)
Finally i wanted to ensure myself that old passwords and comments were retained when updating passwords, so this lookup adds a copy of old content/password in the password file.
For now all functionality does seem to work and i’ve tested both with the latest stable version of pass and the Ubuntu 14.04 default. Some quirky bug in pass 1.4.6 printed the stderr at exit 1 on stdout in the older version forcing me to check both stderr and stdin for the same error messages.
I have tested this plugin on ansible 2.0.1, but it should work on earlier versions too.
For those interested you can find the plugin at: https://github.com/morphje/ansible_pass_lookup
As good as any other person I love kudos but i love useful development comments even more.
Regards,
Patrick Deelman