diff --git a/README.md b/README.md index cb02fe9..a831c63 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,8 @@ Requirements: `python 3`, `pykeepass==4.0.3` ## Variables - `keepass_dbx` - path to KeePass file -- `keepass_psw` - password -- `keepass_key` - *Optional*. Path to keyfile +- `keepass_psw` - *Optional*. Password (required if `keepass_key` is not set) +- `keepass_key` - *Optional*. Path to keyfile (required if `keepass_psw` is not set) - `keepass_ttl` - *Optional*. Socket TTL (will be closed automatically when not used). Default 60 seconds. diff --git a/galaxy.yml b/galaxy.yml index 96abec9..9b2da61 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -8,7 +8,7 @@ namespace: viczem name: keepass # The version of the collection. Must be compatible with semantic versioning -version: 0.7.0 +version: 0.7.1 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/plugins/lookup/keepass.py b/plugins/lookup/keepass.py index 3609dbd..c15e2df 100644 --- a/plugins/lookup/keepass.py +++ b/plugins/lookup/keepass.py @@ -21,7 +21,7 @@ from pykeepass.exceptions import CredentialsError DOCUMENTATION = """ lookup: keepass author: Victor Zemtsov - version_added: '0.6.0' + version_added: '0.7.1' short_description: Fetching data from KeePass file description: - This lookup returns a value of a property of a KeePass entry @@ -76,10 +76,11 @@ class LookupModule(LookupBase): if not os.path.isfile(var_key): raise AnsibleError("KeePass: '%s' is not found" % var_key) - # Check password (required) + # Check password (optional) var_psw = self._var(variables_.get("keepass_psw", "")) - if not var_psw: - raise AnsibleError("KeePass: 'keepass_psw' is not set") + + if not var_key and not var_psw: + raise AnsibleError("KeePass: 'keepass_psw' and/or 'keepass_key' is not set") # TTL of keepass socket (optional, default: 60 seconds) var_ttl = self._var(str(variables_.get("keepass_ttl", "60"))) @@ -121,7 +122,6 @@ class LookupModule(LookupBase): if resp[1] == "0": success = True else: - sock.send(_rq("close")) raise AnsibleError("KeePass: wrong dbx password") sock.close() break @@ -229,13 +229,14 @@ def _keepass_socket(kdbx, kdbx_key, sock_path, ttl=60, kdbx_password=None): # CMD: password if kp is None: - if arg_len == 0: - conn.send(_resp("password", 1)) - break - if cmd == "password" and arg[0]: + if cmd == "password" and arg_len > 0: kp = PyKeePass(kdbx, arg[0], kdbx_key) conn.send(_resp("password", 0)) break + elif cmd == "password" and kdbx_key: + kp = PyKeePass(kdbx, None, kdbx_key) + conn.send(_resp("password", 0)) + break else: conn.send(_resp("password", 1)) break diff --git a/tests/keepass-keyfile-only/ansible.kdbx b/tests/keepass-keyfile-only/ansible.kdbx new file mode 100644 index 0000000..5d680ac Binary files /dev/null and b/tests/keepass-keyfile-only/ansible.kdbx differ diff --git a/tests/keepass-keyfile-only/ansible.keyx b/tests/keepass-keyfile-only/ansible.keyx new file mode 100644 index 0000000..e4477e1 --- /dev/null +++ b/tests/keepass-keyfile-only/ansible.keyx @@ -0,0 +1,12 @@ + + + + 2.0 + + + + 8810353D 83453EDC 2266A931 A0A073F9 + 54B90B68 1E341EF4 6B47729B F42DBE0A + + + diff --git a/tests/keepass-keyfile-only/hosts.ini b/tests/keepass-keyfile-only/hosts.ini new file mode 100644 index 0000000..8e5bd59 --- /dev/null +++ b/tests/keepass-keyfile-only/hosts.ini @@ -0,0 +1,2 @@ +[test] +127.0.0.1 keepass_dbx=./ansible.kdbx keepass_key=./ansible.keyx keepass_ttl=3 \ No newline at end of file diff --git a/tests/keepass-keyfile-only/playbook.yml b/tests/keepass-keyfile-only/playbook.yml new file mode 100644 index 0000000..fb6c378 --- /dev/null +++ b/tests/keepass-keyfile-only/playbook.yml @@ -0,0 +1,11 @@ +--- +- name: test-keepass-keyfile-only + hosts: test + connection: local + vars: + test_username: "{{ lookup('viczem.keepass.keepass', 'test', 'username') }}" + test_password: "{{ lookup('viczem.keepass.keepass', 'test', 'password') }}" + + tasks: + - debug: + msg: "fetch entry: '/test'; username: '{{ test_username }}'; password: '{{ test_password }}'" diff --git a/tests/keepass-keyfile-only/run.sh b/tests/keepass-keyfile-only/run.sh new file mode 100644 index 0000000..81cfeb1 --- /dev/null +++ b/tests/keepass-keyfile-only/run.sh @@ -0,0 +1,2 @@ +#!/bin/sh +ansible-playbook -i hosts.ini -vvvv playbook.yml \ No newline at end of file diff --git a/tests/keepass-password-keyfile/ansible.kdbx b/tests/keepass-password-keyfile/ansible.kdbx new file mode 100644 index 0000000..e775947 Binary files /dev/null and b/tests/keepass-password-keyfile/ansible.kdbx differ diff --git a/tests/keepass-password-keyfile/ansible.keyx b/tests/keepass-password-keyfile/ansible.keyx new file mode 100644 index 0000000..388c3e8 --- /dev/null +++ b/tests/keepass-password-keyfile/ansible.keyx @@ -0,0 +1,12 @@ + + + + 2.0 + + + + D7A7EA4F D6DCBFD7 B2DFE21C E89FFBB0 + B203AAA5 4A32C405 D6C1B3CA B69C40BF + + + diff --git a/tests/keepass-password-keyfile/hosts.ini b/tests/keepass-password-keyfile/hosts.ini new file mode 100644 index 0000000..69f3d79 --- /dev/null +++ b/tests/keepass-password-keyfile/hosts.ini @@ -0,0 +1,2 @@ +[test] +127.0.0.1 keepass_dbx=./ansible.kdbx keepass_psw=spamham keepass_key=./ansible.keyx keepass_ttl=3 \ No newline at end of file diff --git a/tests/keepass-password-keyfile/playbook.yml b/tests/keepass-password-keyfile/playbook.yml new file mode 100644 index 0000000..fb6c378 --- /dev/null +++ b/tests/keepass-password-keyfile/playbook.yml @@ -0,0 +1,11 @@ +--- +- name: test-keepass-keyfile-only + hosts: test + connection: local + vars: + test_username: "{{ lookup('viczem.keepass.keepass', 'test', 'username') }}" + test_password: "{{ lookup('viczem.keepass.keepass', 'test', 'password') }}" + + tasks: + - debug: + msg: "fetch entry: '/test'; username: '{{ test_username }}'; password: '{{ test_password }}'" diff --git a/tests/keepass-password-keyfile/run.sh b/tests/keepass-password-keyfile/run.sh new file mode 100644 index 0000000..81cfeb1 --- /dev/null +++ b/tests/keepass-password-keyfile/run.sh @@ -0,0 +1,2 @@ +#!/bin/sh +ansible-playbook -i hosts.ini -vvvv playbook.yml \ No newline at end of file diff --git a/tests/keepass-password-only/ansible.kdbx b/tests/keepass-password-only/ansible.kdbx new file mode 100644 index 0000000..ba3059d Binary files /dev/null and b/tests/keepass-password-only/ansible.kdbx differ diff --git a/tests/keepass-password-only/hosts.ini b/tests/keepass-password-only/hosts.ini new file mode 100644 index 0000000..a0d6e69 --- /dev/null +++ b/tests/keepass-password-only/hosts.ini @@ -0,0 +1,2 @@ +[test] +127.0.0.1 keepass_dbx=./ansible.kdbx keepass_psw=spamham keepass_ttl=3 \ No newline at end of file diff --git a/tests/keepass-password-only/playbook.yml b/tests/keepass-password-only/playbook.yml new file mode 100644 index 0000000..fb6c378 --- /dev/null +++ b/tests/keepass-password-only/playbook.yml @@ -0,0 +1,11 @@ +--- +- name: test-keepass-keyfile-only + hosts: test + connection: local + vars: + test_username: "{{ lookup('viczem.keepass.keepass', 'test', 'username') }}" + test_password: "{{ lookup('viczem.keepass.keepass', 'test', 'password') }}" + + tasks: + - debug: + msg: "fetch entry: '/test'; username: '{{ test_username }}'; password: '{{ test_password }}'" diff --git a/tests/keepass-password-only/run.sh b/tests/keepass-password-only/run.sh new file mode 100644 index 0000000..81cfeb1 --- /dev/null +++ b/tests/keepass-password-only/run.sh @@ -0,0 +1,2 @@ +#!/bin/sh +ansible-playbook -i hosts.ini -vvvv playbook.yml \ No newline at end of file