diff --git a/lib/ansible/plugins/lookup/passwordstore.py b/lib/ansible/plugins/lookup/passwordstore.py index 89c389ae483..be74dc9b8b2 100644 --- a/lib/ansible/plugins/lookup/passwordstore.py +++ b/lib/ansible/plugins/lookup/passwordstore.py @@ -51,6 +51,11 @@ DOCUMENTATION = """ type: bool default: 'no' version_added: 2.7 + nosymbols: + description: use alphanumeric characters + type: bool + default: 'no' + version_added: 2.8 """ EXAMPLES = """ # Debug is used for examples, BAD IDEA to show passwords on screen @@ -72,6 +77,9 @@ EXAMPLES = """ debug: msg: "{{ lookup('passwordstore', 'example/test create=true overwrite=true')}}" +- name: Create an alphanumeric password + debug: msg="{{ lookup('passwordstore', 'example/test create=true nosymbols=true) }}" + - name: Return the value for user in the KV pair user, username debug: msg: "{{ lookup('passwordstore', 'example/test subkey=user')}}" @@ -96,6 +104,7 @@ from ansible.errors import AnsibleError, AnsibleAssertionError from ansible.module_utils._text import to_bytes, to_native, to_text from ansible.utils.encrypt import random_password from ansible.plugins.lookup import LookupBase +from ansible import constants as C # backhacked check_output with input for python 2.7 @@ -155,7 +164,7 @@ class LookupModule(LookupBase): raise AnsibleError(e) # check and convert values try: - for key in ['create', 'returnall', 'overwrite', 'backup']: + for key in ['create', 'returnall', 'overwrite', 'backup', 'nosymbols']: if not isinstance(self.paramvals[key], bool): self.paramvals[key] = util.strtobool(self.paramvals[key]) except (ValueError, AssertionError) as e: @@ -198,10 +207,15 @@ class LookupModule(LookupBase): return True def get_newpass(self): + if self.paramvals['nosymbols']: + chars = C.DEFAULT_PASSWORD_CHARS[:62] + else: + chars = C.DEFAULT_PASSWORD_CHARS + if self.paramvals['userpass']: newpass = self.paramvals['userpass'] else: - newpass = random_password(length=self.paramvals['length']) + newpass = random_password(length=self.paramvals['length'], chars=chars) return newpass def update_password(self): @@ -250,6 +264,7 @@ class LookupModule(LookupBase): 'create': False, 'returnall': False, 'overwrite': False, + 'nosymbols': False, 'userpass': '', 'length': 16, 'backup': False,