VhddlmZmZmZeZdZdZdZddl Z ddl m Z ddl m Z ddlmZdd lmZmZdd lmZeZGd d e Zy) )absolute_importdivisionprint_functiona name: sops author: Edoardo Tenani (@endorama) short_description: Read SOPS-encrypted file contents version_added: '0.1.0' description: - This lookup returns the contents from a file on the Ansible controller's file system. - This lookup requires the C(sops) executable to be available in the controller PATH. options: _terms: description: Path(s) of files to read. required: true type: list elements: str rstrip: description: Whether to remove trailing newlines and spaces. type: bool default: true base64: description: - Base64-encodes the parsed result. - Use this if you want to store binary data in Ansible variables. type: bool default: false input_type: description: - Tell SOPS how to interpret the encrypted file. - By default, SOPS will chose the input type from the file extension. If it detects the wrong type for a file, this could result in decryption failing. - The value V(ini) is available since community.sops 1.9.0. type: str choices: - binary - json - yaml - dotenv - ini output_type: description: - Tell SOPS how to interpret the decrypted file. - By default, SOPS will chose the output type from the file extension. If it detects the wrong type for a file, this could result in decryption failing. - The value V(ini) is available since community.sops 1.9.0. type: str choices: - binary - json - yaml - dotenv - ini empty_on_not_exist: description: - When set to V(true), will not raise an error when a file cannot be found, but return an empty string instead. type: bool default: false extract: description: - Tell SOPS to extract a specific key from a JSON or YAML file. - Expects a string with the same 'querystring' syntax as SOPS' C(--encrypt) option, for example V(["somekey"][0]). - B(Note:) Escape quotes appropriately. type: str version_added: 1.9.0 extends_documentation_fragment: - community.sops.sops - community.sops.sops.ansible_variables - community.sops.sops.ansible_env - community.sops.sops.ansible_ini notes: - This lookup does not understand 'globbing' - use the P(ansible.builtin.fileglob#lookup) lookup instead. seealso: - plugin: community.sops.decrypt plugin_type: filter description: The decrypt filter can be used to descrypt SOPS-encrypted in-memory data. - plugin: community.sops.sops plugin_type: vars description: The sops vars plugin can be used to load SOPS-encrypted host or group variables. - module: community.sops.load_vars a --- - name: Output secrets to screen (BAD IDEA!) ansible.builtin.debug: msg: "Content: {{ lookup('community.sops.sops', item) }}" loop: - sops-encrypted-file.enc.yaml - name: Add SSH private key ansible.builtin.copy: # Note that rstrip=false is necessary for some SSH versions to be able to use the key content: "{{ lookup('community.sops.sops', user + '-id_rsa', rstrip=false) }}" dest: /home/{{ user }}/.ssh/id_rsa owner: "{{ user }}" group: "{{ user }}" mode: "0600" no_log: true # avoid content to be written to log - name: The file file.json is a YAML file, which contains the encryption of binary data ansible.builtin.debug: msg: "Content: {{ lookup('community.sops.sops', 'file.json', input_type='yaml', output_type='binary') }}" zK _raw: description: Decrypted file content. type: list elements: str N)AnsibleLookupError) LookupBase) to_native)Sops SopsError)DisplayceZdZddZy) LookupModuleNc j||jd}jd}jd}jd}jd}jd} g} fd} |D]} tjd | zj |d | | } tj d | z| s+|r| j d ^tdt| z tj| t|| ||| | }|rttj|}| j || S#t$r}tt|d}~wwxYw)N) var_optionsdirectrstripbase64 input_type output_typeempty_on_not_existextractc&j|SN) get_option) argument_nameselfs f/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/sops/plugins/lookup/sops.pyget_option_valuez*LookupModule.run..get_option_values??=1 1zSops lookup term: %sfiles)ignore_missingzSops lookup using %s as filez#could not locate file in lookup: %s)displayr decode_outputrrrr) set_optionsrr"debugfind_file_in_search_pathvvvvappendrrr decryptr r b64encode)rterms variableskwargsr use_base64rrrrretrterm lookupfileoutputes` rrunzLookupModule.runsj Yv>*__X. __\2 oom4 !__-AB//), 2 D MM047 866y'4`r6sJ LL8:E F%JJrN()NQZ[_Q`)`aa 7S]~){Ueovx "6#3#3F#;< JJv + .  7(166 7s:"E E3E..E3r)__name__ __module__ __qualname__r4rrr r s%rr ) __future__rrrtype __metaclass__ DOCUMENTATIONEXAMPLESRETURNransible.errorsransible.plugins.lookupr+ansible.module_utils.common.text.convertersrrDsQCB M ^ . --AX) )':'r