Merge pull request #4 from albang/main

Add the possibility to use the gpg-agent and custom CA in the ansible…

README.md

@@ -29,6 +29,29 @@ Passbolt python module `pip install passbolt`
         msg: "{{ lookup('daniel_lynch.passbolt.get_password', 'Testing', gpgkey=gpgkey, passphrase=passphrase, passbolt_uri=passbolt_uri) }}"
 ```
 
+### Get Password using fingerprint.
+```bash
+#import your private key
+gpg --import private.key
+# Show fingerprint and use it in the playbook
+gpg --fingerprint
+
+```
+
+```yaml
+---
+- hosts: localhost
+  connection: local #with connection local the gpg agent will ask you your private key 
+  vars:
+    passbolt_uri: https://passbolt.djlynch.us
+    fingerprint: "BD12345678F2B05FE32FA07570848FF92005EABC"
+  tasks:
+    - debug:
+        msg: "{{ lookup('daniel_lynch.passbolt.get_password', 'Testing', fingerprint=fingerprint, passbolt_uri=passbolt_uri) }}"
+```
+
+
+
 ### Create User. [Docs](docs/source/modules/create_user.rst)
 ```yaml
 ---

plugins/lookup/get_password.py

@@ -25,11 +25,19 @@
   passphrase:
     description:
       - The Passphrase used with the GPG Private key used to access Passbolt.
-    required: true
+    required: false
   gpgkey:
     description:
       - The GPG Private key used to access Passbolt.
-    required: true
+    required: false
+  fingerprint:
+    description:
+      - The fingerprint of the imported Private key used to access Passbolt.
+    required: false
+  verify:
+    description:
+      - Whether to verify SSL or not. (Defaults to verify)
+    required: false
   return_format:
     description:
       - Controls how passwords are returned.
@@ -50,6 +58,9 @@
 - name: Get list of password dictionaries with the name Testing
   ansible.builtin.debug:
     msg: "{{ lookup('daniel_lynch.passbolt.get_password', 'Testing', return_format='dict', gpgkey=gpgkey, passphrase=passphrase, passbolt_uri=passbolt_uri) }}"
+- name: Get list of passwords with the name Testing Using Fingerprint
+  ansible.builtin.debug:
+    msg: "{{ lookup('daniel_lynch.passbolt.get_password', 'Testing', fingerprint=fingerprint, passbolt_uri=passbolt_uri) }}"
 """
 
 from ansible.errors import AnsibleError
@@ -97,8 +108,12 @@ def run(self, terms, variables=None, **kwargs):
                 passphrase = value
             if key == "passbolt_uri":
                 passbolt_uri = value
-
-        Passbolt = passbolt(gpgkey, passphrase, passbolt_uri)
+            if key == "fingerprint":
+                fingerprint = value
+            if key == "verify":
+                verify = value
+        Passbolt = passbolt(apiurl=passbolt_uri, privatekey=gpgkey, passphrase=passphrase, fingerprint=fingerprint,
+                 verify=verify)
         display.vvvv("Logged into Passbolt")
         ret = []
         for term in terms:

plugins/modules/create_group.py

@@ -13,6 +13,7 @@
 short_description: Create group in Passbolt
 description:
     - The Passbolt create group module creates a group in Passbolt via the API.
+    - You either need the gpgkey and the passphrase or the fingerprint of the secret key stored in the gpg-agent.
 author: "Daniel Lynch (@daniel-lynch)"
 options:
   passbolt_uri:
@@ -22,14 +23,22 @@
       - The Passbolt instance Fully Qualified Domain Name(FQDN)
   gpgkey:
     type: str
-    required: true
+    required: false
     description:
       - The GPG Private key used to access Passbolt.
   passphrase:
     type: str
-    required: true
+    required: false
     description:
       - The Passphrase used with the GPG Private key used to access Passbolt.
+  fingerprint:
+    description:
+      - The fingerprint of the imported Private key used to access Passbolt.
+    required: false
+  verify:
+    description:
+      - Whether to verify SSL or not. (Defaults to verify)
+    required: false
   name:
     type: str
     required: true
@@ -61,6 +70,17 @@
     users:
       - testing2@example.com
   delegate_to: localhost
+
+- name: Create Group Using Fingerprint
+  daniel_lynch.passbolt.create_group:
+    passbolt_uri: "https://passbolt.example.com"
+    fingerprint="{{ fingerprint }}"
+    name: "Users"
+    admins:
+      - testing@example.com
+    users:
+      - testing2@example.com
+  delegate_to: localhost
 """
 import traceback
 
@@ -79,11 +99,13 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             passbolt_uri=dict(type='str', required=True, no_log=True),
-            gpgkey=dict(type='str', required=True, no_log=True),
-            passphrase=dict(type='str', required=True, no_log=True),
+            gpgkey=dict(type='str', required=False, no_log=True),
+            passphrase=dict(type='str', required=False, no_log=True),
             name=dict(type='str', required=True),
             admins=dict(type='list', elements='str', required=True),
-            users=dict(type='list', elements='str', required=False)
+            users=dict(type='list', elements='str', required=False),
+            fingerprint = dict(type='str', required=False, default=None),
+            verify = dict(type='str', required=False, default=True),
         ),
         supports_check_mode=True,
     )
@@ -97,8 +119,11 @@ def main():
     name = module.params['name']
     admins = module.params['admins']
     users = module.params['users']
+    verify = module.params['verify']
+    fingerprint = module.params['fingerprint']
 
-    Passbolt = passbolt(gpgkey, passphrase, passbolt_uri)
+    Passbolt = passbolt(apiurl=passbolt_uri, privatekey=gpgkey, passphrase=passphrase, keyfingerprint=fingerprint,
+                        verify=verify)
 
     response = Passbolt.creategroup(name, admins, users)
     if response == "The group has been added successfully.":

plugins/modules/create_password.py

@@ -13,6 +13,7 @@
 short_description: Create password in Passbolt
 description:
     - The Passbolt create password module creates a password in Passbolt via the API.
+    - You either need the gpgkey and the passphrase or the fingerprint of the secret key stored in the gpg-agent.    
 author: "Daniel Lynch (@daniel-lynch)"
 options:
   passbolt_uri:
@@ -22,14 +23,22 @@
       - The Passbolt instance Fully Qualified Domain Name(FQDN)
   gpgkey:
     type: str
-    required: true
+    required: false
     description:
       - The GPG Private key used to access Passbolt.
   passphrase:
     type: str
-    required: true
+    required: false
     description:
       - The Passphrase used with the GPG Private key used to access Passbolt.
+  fingerprint:
+    description:
+      - The fingerprint of the imported Private key used to access Passbolt.
+    required: false
+  verify:
+    description:
+      - Whether to verify SSL or not. (Defaults to verify)
+    required: false
   name:
     type: str
     required: true
@@ -75,6 +84,17 @@
     uri: "test.com"
     description: "This is a description"
   delegate_to: localhost
+
+- name: Create Password Using Fingerprint
+  daniel_lynch.passbolt.create_password:
+    passbolt_uri: "https://passbolt.example.com"
+    fingerprint="{{ fingerprint }}"
+    name: "Testing"
+    password: "password"
+    username: "Test"
+    uri: "test.com"
+    description: "This is a description"
+  delegate_to: localhost
 """
 import traceback
 
@@ -93,14 +113,16 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             passbolt_uri=dict(type='str', required=True, no_log=True),
-            gpgkey=dict(type='str', required=True, no_log=True),
-            passphrase=dict(type='str', required=True, no_log=True),
+            gpgkey=dict(type='str', required=False, no_log=True),
+            passphrase=dict(type='str', required=False, no_log=True),
             name=dict(type='str', required=True),
             password=dict(type='str', required=True, no_log=True),
             username=dict(type='str', required=False),
             uri=dict(type='str', required=False),
             description=dict(type='str', required=False),
-            encrypt_description=dict(type='bool', required=False, default=True)
+            encrypt_description=dict(type='bool', required=False, default=True),
+            fingerprint=dict(type='str', required=False, default=None),
+            verify=dict(type='str', required=False, default=True),
         ),
         supports_check_mode=True,
     )
@@ -117,8 +139,11 @@ def main():
     uri = module.params['uri']
     description = module.params['description']
     encrypt_description = module.params['encrypt_description']
+    verify = module.params['verify']
+    fingerprint = module.params['fingerprint']
 
-    Passbolt = passbolt(gpgkey, passphrase, passbolt_uri)
+    Passbolt = passbolt(apiurl=passbolt_uri, privatekey=gpgkey, passphrase=passphrase, keyfingerprint=fingerprint,
+                        verify=verify)
 
     response = Passbolt.createpassword(name, password, username, uri, description, encrypt_description)
     if response == "The resource has been added successfully.":

plugins/modules/create_user.py

@@ -13,6 +13,7 @@
 short_description: Create user in Passbolt
 description:
     - The Passbolt create user module creates a user in Passbolt via the API.
+    - You either need the gpgkey and the passphrase or the fingerprint of the secret key stored in the gpg-agent.
 author: "Daniel Lynch (@daniel-lynch)"
 options:
   passbolt_uri:
@@ -22,14 +23,22 @@
       - The Passbolt instance Fully Qualified Domain Name(FQDN)
   gpgkey:
     type: str
-    required: true
+    required: false
     description:
       - The GPG Private key used to access Passbolt.
   passphrase:
     type: str
-    required: true
+    required: false
     description:
       - The Passphrase used with the GPG Private key used to access Passbolt.
+  fingerprint:
+    description:
+      - The fingerprint of the imported Private key used to access Passbolt.
+    required: false
+  verify:
+    description:
+      - Whether to verify SSL or not. (Defaults to verify)
+    required: false
   username:
     type: str
     required: true
@@ -64,6 +73,16 @@
     lastname: "Ing"
     admin: True
   delegate_to: localhost
+
+- name: Create User Using Fingerprint
+  daniel_lynch.passbolt.create_user:
+    passbolt_uri: "https://passbolt.example.com"
+    fingerprint="{{ fingerprint }}"
+    username: "testing@example.com"
+    firstname: "Test"
+    lastname: "Ing"
+    admin: True
+  delegate_to: localhost
 """
 import traceback
 
@@ -87,7 +106,9 @@ def main():
             username=dict(type='str', required=True),
             firstname=dict(type='str', required=True),
             lastname=dict(type='str', required=True),
-            admin=dict(type='bool', required=False, default=False)
+            admin=dict(type='bool', required=False, default=False),
+            fingerprint=dict(type='str', required=False, default=None),
+            verify=dict(type='str', required=False, default=True),
         ),
         supports_check_mode=True,
     )
@@ -102,8 +123,11 @@ def main():
     firstname = module.params['firstname']
     lastname = module.params['lastname']
     admin = module.params['admin']
+    verify = module.params['verify']
+    fingerprint = module.params['fingerprint']
 
-    Passbolt = passbolt(gpgkey, passphrase, passbolt_uri)
+    Passbolt = passbolt(apiurl=passbolt_uri, privatekey=gpgkey, passphrase=passphrase, keyfingerprint=fingerprint,
+                        verify=verify)
 
     response = Passbolt.createuser(username, firstname, lastname, admin)
     if response == "The user was successfully added. This user now need to complete the setup.":

plugins/modules/delete_group.py

@@ -13,6 +13,7 @@
 short_description: Delete group in Passbolt
 description:
     - The Passbolt delete group module deletes a group in Passbolt via the API.
+    - You either need the gpgkey and the passphrase or the fingerprint of the secret key stored in the gpg-agent.
 author: "Daniel Lynch (@daniel-lynch)"
 options:
   passbolt_uri:
@@ -22,14 +23,22 @@
       - The Passbolt instance Fully Qualified Domain Name(FQDN)
   gpgkey:
     type: str
-    required: true
+    required: false
     description:
       - The GPG Private key used to access Passbolt.
   passphrase:
     type: str
-    required: true
+    required: false
     description:
       - The Passphrase used with the GPG Private key used to access Passbolt.
+  fingerprint:
+    description:
+      - The fingerprint of the imported Private key used to access Passbolt.
+    required: false
+  verify:
+    description:
+      - Whether to verify SSL or not. (Defaults to verify)
+    required: false
   name:
     type: str
     required: true
@@ -45,6 +54,13 @@
     passphrase: "password"
     name: "Users"
   delegate_to: localhost
+
+- name: Delete Group Using Fingerprint
+  daniel_lynch.passbolt.delete_group:
+    passbolt_uri: "https://passbolt.example.com"
+    fingerprint="{{ fingerprint }}"
+    name: "Users"
+  delegate_to: localhost
 """
 import traceback
 
@@ -63,9 +79,11 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             passbolt_uri=dict(type='str', required=True, no_log=True),
-            gpgkey=dict(type='str', required=True, no_log=True),
-            passphrase=dict(type='str', required=True, no_log=True),
-            name=dict(type='str', required=True)
+            gpgkey=dict(type='str', required=False, no_log=True),
+            passphrase=dict(type='str', required=False, no_log=True),
+            name=dict(type='str', required=True),
+            fingerprint=dict(type='str', required=False, default=None),
+            verify=dict(type='str', required=False, default=True),
         ),
         supports_check_mode=True,
     )
@@ -77,8 +95,11 @@ def main():
     gpgkey = module.params['gpgkey']
     passphrase = module.params['passphrase']
     name = module.params['name']
+    verify = module.params['verify']
+    fingerprint = module.params['fingerprint']
 
-    Passbolt = passbolt(gpgkey, passphrase, passbolt_uri)
+    Passbolt = passbolt(apiurl=passbolt_uri, privatekey=gpgkey, passphrase=passphrase, keyfingerprint=fingerprint,
+                        verify=verify)
 
     response = Passbolt.deletegroup(name)
     if response == "The group was deleted successfully.":