Add pykeepass==4.0.1

- Replace socket data format from json to plain text
- Fix fetching entities contains slashes in path
- Move code into one file (socket opening by the plugin)

Author: viczem

README.md

@@ -1,69 +1,51 @@
 # Ansible KeePass Lookup Plugin
 
-Perhaps, from a security view point, this solution is the same as `ansible-vault`.
-Just if you are storing secrets data in KeePass, then why not use it, 
-instead of duplicating to `ansible-vault`. 
+The plugin allows to read data from KeePass file (modifying is not supported)
+
+## How it works
+
+The plugin opens a UNIX socket with decrypted KeePass file. 
+For performance reasons, decryption occurs only once at socket startup, 
+and the KeePass file remains decrypted as long as the socket is open.
+The UNIX socket file is stored in a temporary folder according to OS.
 
 
 ## Installation
 
-Dependency: `pykeepass==3.2.1`
+Requirements: `python 3`, `pykeepass==4.0.1`
 
-    pip install 'pykeepass==3.2.1' --user
+    pip install 'pykeepass==4.0.1' --user
     mkdir -p ~/.ansible/plugins/lookup && cd "$_"
-    curl https://raw.githubusercontent.com/viczem/ansible-keepass/master/keepass.py -o ./keepass.py
-
-[More about ansible plugins installation](https://docs.ansible.com/ansible/latest/dev_guide/developing_locally.html)
+    curl https://raw.githubusercontent.com/viczem/ansible-keepass/main/keepass.py -o ./keepass.py
 
 
 ## Variables
 
 - `keepass_dbx` - path to KeePass file
-- `keepass_psw` - password. [*optional*] if the socket is used
-- `keepass_key` - [*optional*] path to keyfile
-
-
-## Usage with UNIX socket
-
-> _This usage is more preferred for performance reason, 
-because of KeePass file stay decrypted and not need to reopen after done each playbook task 
-[(see the issue for more info)](https://github.com/viczem/ansible-keepass/issues/1)_
-
-In this case, there is no need to enter a password for KeePass each time Ansible is called.
-Run socket by the command and after that enter a password to make to open KeePass file.
+- `keepass_psw` - password
+- `keepass_key` - *Optional*. Path to keyfile
+- `keepass_ttl` - *Optional*. Socket TTL (will be closed automatically when not used). 
+Default 60 seconds.
 
-**Supported only Python 3**
 
-    python3 kpsock.py ~/.keepass/database.kdbx
+## Usage
 
+`ansible-doc -t lookup keepass` to get description of the plugin
 
-The command will creates UNIX socket in a system temp directory. Only one socket 
-> **WARNING**: The KeePass file and password are stay decrypted in memory while the socket is open.
+> **WARNING**: For security reasons, do not store KeePass passwords in plain text. 
+Use `ansible-vault encrypt_string` to encrypt it and use it like below
 
-The socket timeout is 1 minute since past access (will be closed automatically when not used).
-To change timeout use `--ttl` argument. 
-For logging requests in a file use `--log` (default `--log-level` is `INFO`).
+    # file: group_vars/all
 
-For help `python kpsock.py --help`
-
-To send the running command in background press <kbd>CTRL</kbd>+<kbd>Z</kbd> and execute `bg` 
-(`fg` to get the job into the foreground again).
-
-
-## Example
-
-Define variables you need e.g. in any file in group_vars
+    keepass_dbx: "~/.keepass/database.kdbx"
+    keepass_psw: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          ...encrypted password...
 
+### Example
 
     ansible_user             : "{{ lookup('keepass', 'path/to/entry', 'username') }}"
     ansible_become_pass      : "{{ lookup('keepass', 'path/to/entry', 'password') }}"
-    ansible_custom_field     : "{{ lookup('keepass', 'path/to/entry', 'custom_field_property', true) }}"
-    ansible_all_custom_fields: "{{ lookup('keepass', 'path/to/entry', '*', true) }}"
-
-
-You can get another [properties of an KeePass entry](https://github.com/pschmitt/pykeepass/blob/master/pykeepass/entry.py)
-(not only `username` or `password`)
+    ansible_custom_field     : "{{ lookup('keepass', 'path/to/entry', 'custom_properties', 'a_custom_property_name') }}"
 
-Specify a boolean value of true to use custom field properties
- 
-`ansible-doc -t lookup keepass` - to get description of the plugin
+More examples see in [/examples](/examples).

example/README.md

@@ -0,0 +1,5 @@
+# Example
+
+`ansible-playbook example-playbook.yml --ask-vault-pass -vvv`
+ 
+Password: `spamham`

example/example-playbook.yml

@@ -0,0 +1,32 @@
+---
+- name: Example
+  hosts: 127.0.0.1
+  connection: local
+  vars:
+    spam_login: "{{ lookup('keepass', 'spam', 'username') }}"
+    spam_password: "{{ lookup('keepass', 'spam', 'password') }}"
+    ham_login: "{{ lookup('keepass', 'example/ham', 'username') }}"
+    ham_password: "{{ lookup('keepass', 'example/ham', 'password') }}"
+    slash_login: "{{ lookup('keepass', 'slash\\/group/slash\\/title', 'username') }}"
+    slash_url: "{{ lookup('keepass', 'slash\\/group/slash\\/title', 'url') }}"
+    pork_custom_property: "{{ lookup('keepass', 'example/pork', 'custom_properties', 'pork_custom_property')}}"
+
+
+  tasks:
+    - debug:
+        msg: "fetch entry: '/spam'; username: '{{ spam_login }}'; password: '{{ spam_password }}'"
+
+    - debug:
+        msg: "fetch entry: '/examples/ham'; username: '{{ ham_login }}'; password: '{{ ham_password }}'"
+
+    - name: pause to emulate long time operation (greater than keepass_ttl)
+      pause:
+        seconds: 5
+
+    - debug:
+        msg: "fetch entry: '/examples/pork'; custom_properties: 'pork_custom_property' - '{{ pork_custom_property }}'"
+
+    - debug:
+        msg: "fetch entry: '/slash\\/group/slash\\/title'; username: '{{ slash_login }}'; url: '{{ slash_url }}'"
+
+    - debug: "{{ lookup('keepass', 'close') }}"

example/example.kdbx

@@ -1,6 +1,5 @@
-role_keepass_db: "./example.kdbx"
-
-keepass_dbx: "{{ role_keepass_db }}"
+keepass_ttl: 3
+keepass_dbx: "./example.kdbx"
 keepass_psw: !vault |
           $ANSIBLE_VAULT;1.1;AES256
           30656633313531336265353862356135373963636339376266373137376136636634393932623961