community.crypto/plugins/lookup/gpg_fingerprint.py

# -*- coding: utf-8 -*-
# Copyright (c) 2023, Felix Fontein <felix@fontein.de>
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later

from __future__ import (absolute_import, division, print_function)
__metaclass__ = type

DOCUMENTATION = """
name: gpg_fingerprint
short_description: Retrieve a GPG fingerprint from a GPG public or private key file
author: Felix Fontein (@felixfontein)
version_added: 2.15.0
description:
  - "Takes a list of filenames pointing to GPG public or private key files. Returns the fingerprints for each of these keys."
options:
  _terms:
    description:
      - A path to a GPG public or private key.
    type: list
    elements: path
    required: true
requirements:
  - GnuPG (C(gpg) executable)
seealso:
  - plugin: community.crypto.gpg_fingerprint
    plugin_type: filter
"""

EXAMPLES = """
- name: Show fingerprint of GPG public key
  ansible.builtin.debug:
    msg: "{{ lookup('community.crypto.gpg_fingerprint', '/path/to/public_key.gpg') }}"
"""

RETURN = """
  _value:
    description:
      - The fingerprints of the provided public or private GPG keys.
      - The list has one entry for every path provided.
    type: list
    elements: string
"""

from ansible.plugins.lookup import LookupBase
from ansible.errors import AnsibleLookupError
from ansible.module_utils.common.text.converters import to_native

from ansible_collections.community.crypto.plugins.module_utils.gnupg.cli import GPGError, get_fingerprint_from_file
from ansible_collections.community.crypto.plugins.plugin_utils.gnupg import PluginGPGRunner


class LookupModule(LookupBase):
    def run(self, terms, variables=None, **kwargs):
        self.set_options(direct=kwargs)

        try:
            gpg = PluginGPGRunner(cwd=self._loader.get_basedir())
            result = []
            for path in terms:
                result.append(get_fingerprint_from_file(gpg, path))
            return result
        except GPGError as exc:
            raise AnsibleLookupError(to_native(exc))
Add gpg_fingerprint lookup and filter (#639) * Add gpg_fingerprint lookup. * Work around problems on some CI targets. * Use get_bin_path to find the gpg executable. Document that we need it. * Improve and test error handling. * Refactor (potentially) common code to module_utils and plugin_utils. This will be useful to create a filter version of this, and further lookups, filters, and modules. * Do not create a keyring when there isn't one. * Fixups. * Fix description. * More fixes for lookup. * Also add a gpg_fingerprint filter. * Improve formulation. Co-authored-by: Sandra McCann <samccann@redhat.com> --------- Co-authored-by: Sandra McCann <samccann@redhat.com> 2023-08-02 09:16:34 +00:00			`# -- coding: utf-8 --`
			`# Copyright (c) 2023, Felix Fontein <felix@fontein.de>`
			`# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)`
			`# SPDX-License-Identifier: GPL-3.0-or-later`

			`from __future__ import (absolute_import, division, print_function)`
			`__metaclass__ = type`

			`DOCUMENTATION = """`
			`name: gpg_fingerprint`
			`short_description: Retrieve a GPG fingerprint from a GPG public or private key file`
			`author: Felix Fontein (@felixfontein)`
			`version_added: 2.15.0`
			`description:`
			`- "Takes a list of filenames pointing to GPG public or private key files. Returns the fingerprints for each of these keys."`
			`options:`
			`_terms:`
			`description:`
			`- A path to a GPG public or private key.`
			`type: list`
			`elements: path`
			`required: true`
			`requirements:`
			`- GnuPG (C(gpg) executable)`
			`seealso:`
			`- plugin: community.crypto.gpg_fingerprint`
			`plugin_type: filter`
			`"""`

			`EXAMPLES = """`
			`- name: Show fingerprint of GPG public key`
			`ansible.builtin.debug:`
			`msg: "{{ lookup('community.crypto.gpg_fingerprint', '/path/to/public_key.gpg') }}"`
			`"""`

			`RETURN = """`
			`_value:`
			`description:`
			`- The fingerprints of the provided public or private GPG keys.`
			`- The list has one entry for every path provided.`
			`type: list`
			`elements: string`
			`"""`

			`from ansible.plugins.lookup import LookupBase`
			`from ansible.errors import AnsibleLookupError`
			`from ansible.module_utils.common.text.converters import to_native`

			`from ansible_collections.community.crypto.plugins.module_utils.gnupg.cli import GPGError, get_fingerprint_from_file`
			`from ansible_collections.community.crypto.plugins.plugin_utils.gnupg import PluginGPGRunner`


			`class LookupModule(LookupBase):`
			`def run(self, terms, variables=None, **kwargs):`
			`self.set_options(direct=kwargs)`

			`try:`
			`gpg = PluginGPGRunner(cwd=self._loader.get_basedir())`
			`result = []`
			`for path in terms:`
			`result.append(get_fingerprint_from_file(gpg, path))`
			`return result`
			`except GPGError as exc:`
			`raise AnsibleLookupError(to_native(exc))`