1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/plugins/lookup/onepassword.py

700 lines
25 KiB
Python
Raw Normal View History

2020-03-09 10:11:07 +01:00
# -*- coding: utf-8 -*-
# Copyright (c) 2018, Scott Buchanan <scott@buchanan.works>
# Copyright (c) 2016, Andrew Zenk <azenk@umn.edu> (lastpass.py used as starting point)
# Copyright (c) 2018, Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
2020-03-09 10:11:07 +01:00
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
2021-01-12 07:12:03 +01:00
name: onepassword
2020-03-09 10:11:07 +01:00
author:
- Scott Buchanan (@scottsb)
- Andrew Zenk (@azenk)
- Sam Doran (@samdoran)
requirements:
- C(op) 1Password command line utility. See U(https://support.1password.com/command-line/)
short_description: fetch field values from 1Password
description:
- P(community.general.onepassword#lookup) wraps the C(op) command line utility to fetch specific field values from 1Password.
2020-03-09 10:11:07 +01:00
options:
_terms:
description: identifier(s) (UUID, name, or subdomain; case-insensitive) of item(s) to retrieve.
2022-09-06 20:42:17 +02:00
required: true
2020-03-09 10:11:07 +01:00
field:
description: field to return from each matching item (case-insensitive).
default: 'password'
master_password:
description: The password used to unlock the specified vault.
aliases: ['vault_password']
section:
description: Item section containing the field to retrieve (case-insensitive). If absent will return first match from any section.
domain:
description: Domain of 1Password.
version_added: 3.2.0
default: '1password.com'
type: str
2020-03-09 10:11:07 +01:00
subdomain:
description: The 1Password subdomain to authenticate against.
account_id:
description: The account ID to target.
type: str
version_added: 7.5.0
2020-03-09 10:11:07 +01:00
username:
description: The username used to sign in.
secret_key:
description: The secret key used when performing an initial sign in.
[PR #6660/473e557c backport][stable-7] Onepassword lookup add service accounts (#6710) Onepassword lookup add service accounts (#6660) * add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557c2f31425495fa5deed514835bdc508315) Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
2023-06-15 20:38:19 +02:00
service_account_token:
description:
- The access key for a service account.
- Only works with 1Password CLI version 2 or later.
type: str
version_added: 7.1.0
2020-03-09 10:11:07 +01:00
vault:
description: Vault containing the item to retrieve (case-insensitive). If absent will search all vaults.
notes:
- This lookup will use an existing 1Password session if one exists. If not, and you have already
performed an initial sign in (meaning C(~/.op/config), C(~/.config/op/config) or C(~/.config/.op/config) exists), then only the
C(master_password) is required. You may optionally specify O(subdomain) in this scenario, otherwise the last used subdomain will be used by C(op).
- This lookup can perform an initial login by providing O(subdomain), O(username), O(secret_key), and O(master_password).
- Can target a specific account by providing the O(account_id).
2020-03-09 10:11:07 +01:00
- Due to the B(very) sensitive nature of these credentials, it is B(highly) recommended that you only pass in the minimal credentials
needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or greater in strength
to the 1Password master password.
- This lookup stores potentially sensitive data from 1Password as Ansible facts.
Facts are subject to caching if enabled, which means this data could be stored in clear text
on disk or in a database.
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
- Tested with C(op) version 2.7.2
2020-03-09 10:11:07 +01:00
'''
EXAMPLES = """
# These examples only work when already signed in to 1Password
- name: Retrieve password for KITT when already signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword', 'KITT')
2020-03-09 10:11:07 +01:00
- name: Retrieve password for Wintermute when already signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword', 'Tessier-Ashpool', section='Wintermute')
2020-03-09 10:11:07 +01:00
- name: Retrieve username for HAL when already signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword', 'HAL 9000', field='username', vault='Discovery')
2020-03-09 10:11:07 +01:00
- name: Retrieve password for HAL when not signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword',
'HAL 9000',
subdomain='Discovery',
2020-03-09 10:11:07 +01:00
master_password=vault_master_password)
- name: Retrieve password for HAL when never signed in to 1Password
ansible.builtin.debug:
var: lookup('community.general.onepassword',
'HAL 9000',
subdomain='Discovery',
master_password=vault_master_password,
username='tweety@acme.com',
2020-03-09 10:11:07 +01:00
secret_key=vault_secret_key)
- name: Retrieve password from specific account
ansible.builtin.debug:
var: lookup('community.general.onepassword',
'HAL 9000',
account_id='abc123')
2020-03-09 10:11:07 +01:00
"""
RETURN = """
_raw:
description: field data requested
type: list
elements: str
2020-03-09 10:11:07 +01:00
"""
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
import abc
2020-03-09 10:11:07 +01:00
import os
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
import json
import subprocess
2020-03-09 10:11:07 +01:00
from ansible.plugins.lookup import LookupBase
from ansible.errors import AnsibleLookupError
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
from ansible.module_utils.common.process import get_bin_path
from ansible.module_utils.common.text.converters import to_bytes, to_text
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
from ansible.module_utils.six import with_metaclass
2020-03-09 10:11:07 +01:00
from ansible_collections.community.general.plugins.module_utils.onepassword import OnePasswordConfig
2020-03-09 10:11:07 +01:00
def _lower_if_possible(value):
"""Return the lower case version value, otherwise return the value"""
try:
return value.lower()
except AttributeError:
return value
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
class OnePassCLIBase(with_metaclass(abc.ABCMeta, object)):
bin = "op"
def __init__(
self,
subdomain=None,
domain="1password.com",
username=None,
secret_key=None,
master_password=None,
service_account_token=None,
account_id=None,
):
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
self.subdomain = subdomain
self.domain = domain
self.username = username
self.master_password = master_password
self.secret_key = secret_key
[PR #6660/473e557c backport][stable-7] Onepassword lookup add service accounts (#6710) Onepassword lookup add service accounts (#6660) * add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557c2f31425495fa5deed514835bdc508315) Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
2023-06-15 20:38:19 +02:00
self.service_account_token = service_account_token
self.account_id = account_id
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
self._path = None
self._version = None
def _check_required_params(self, required_params):
non_empty_attrs = dict((param, getattr(self, param, None)) for param in required_params if getattr(self, param, None))
missing = set(required_params).difference(non_empty_attrs)
if missing:
prefix = "Unable to sign in to 1Password. Missing required parameter"
plural = ""
suffix = ": {params}.".format(params=", ".join(missing))
if len(missing) > 1:
plural = "s"
msg = "{prefix}{plural}{suffix}".format(prefix=prefix, plural=plural, suffix=suffix)
raise AnsibleLookupError(msg)
@abc.abstractmethod
def _parse_field(self, data_json, field_name, section_title):
"""Main method for parsing data returned from the op command line tool"""
def _run(self, args, expected_rc=0, command_input=None, ignore_errors=False, environment_update=None):
command = [self.path] + args
call_kwargs = {
"stdout": subprocess.PIPE,
"stderr": subprocess.PIPE,
"stdin": subprocess.PIPE,
}
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
if environment_update:
env = os.environ.copy()
env.update(environment_update)
call_kwargs["env"] = env
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
p = subprocess.Popen(command, **call_kwargs)
out, err = p.communicate(input=command_input)
rc = p.wait()
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
if not ignore_errors and rc != expected_rc:
raise AnsibleLookupError(to_text(err))
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
return rc, out, err
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
@abc.abstractmethod
def assert_logged_in(self):
"""Check whether a login session exists"""
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
@abc.abstractmethod
def full_signin(self):
"""Performa full login"""
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
@abc.abstractmethod
def get_raw(self, item_id, vault=None, token=None):
"""Gets the specified item from the vault"""
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
@abc.abstractmethod
def signin(self):
"""Sign in using the master password"""
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
@property
def path(self):
if self._path is None:
self._path = get_bin_path(self.bin)
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
return self._path
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
@property
def version(self):
if self._version is None:
self._version = self.get_current_version()
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
return self._version
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
@classmethod
def get_current_version(cls):
"""Standalone method to get the op CLI version. Useful when determining which class to load
based on the current version."""
try:
bin_path = get_bin_path(cls.bin)
except ValueError:
raise AnsibleLookupError("Unable to locate '%s' command line tool" % cls.bin)
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
try:
b_out = subprocess.check_output([bin_path, "--version"], stderr=subprocess.PIPE)
except subprocess.CalledProcessError as cpe:
raise AnsibleLookupError("Unable to get the op version: %s" % cpe)
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
return to_text(b_out).strip()
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
class OnePassCLIv1(OnePassCLIBase):
supports_version = "1"
def _parse_field(self, data_json, field_name, section_title):
"""
Retrieves the desired field from the `op` response payload
When the item is a `password` type, the password is a key within the `details` key:
$ op get item 'test item' | jq
{
[...]
"templateUuid": "005",
"details": {
"notesPlain": "",
"password": "foobar",
"passwordHistory": [],
"sections": [
{
"name": "linked items",
"title": "Related Items"
}
]
},
[...]
}
However, when the item is a `login` type, the password is within a fields array:
$ op get item 'test item' | jq
{
[...]
"details": {
"fields": [
{
"designation": "username",
"name": "username",
"type": "T",
"value": "foo"
},
{
"designation": "password",
"name": "password",
"type": "P",
"value": "bar"
}
],
[...]
},
[...]
"""
2020-03-09 10:11:07 +01:00
data = json.loads(data_json)
if section_title is None:
# https://github.com/ansible-collections/community.general/pull/1610:
# check the details dictionary for `field_name` and return it immediately if it exists
# when the entry is a "password" instead of a "login" item, the password field is a key
# in the `details` dictionary:
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
if field_name in data["details"]:
return data["details"][field_name]
# when the field is not found above, iterate through the fields list in the object details
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
for field_data in data["details"].get("fields", []):
if field_data.get("name", "").lower() == field_name.lower():
return field_data.get("value", "")
for section_data in data["details"].get("sections", []):
if section_title is not None and section_title.lower() != section_data["title"].lower():
2020-03-09 10:11:07 +01:00
continue
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
for field_data in section_data.get("fields", []):
if field_data.get("t", "").lower() == field_name.lower():
return field_data.get("v", "")
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
return ""
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
def assert_logged_in(self):
args = ["get", "account"]
if self.account_id:
args.extend(["--account", self.account_id])
elif self.subdomain:
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
account = "{subdomain}.{domain}".format(subdomain=self.subdomain, domain=self.domain)
args.extend(["--account", account])
rc, out, err = self._run(args, ignore_errors=True)
return not bool(rc)
def full_signin(self):
[PR #6660/473e557c backport][stable-7] Onepassword lookup add service accounts (#6710) Onepassword lookup add service accounts (#6660) * add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557c2f31425495fa5deed514835bdc508315) Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
2023-06-15 20:38:19 +02:00
if self.service_account_token:
raise AnsibleLookupError(
"1Password CLI version 1 does not support Service Accounts. Please use version 2 or later.")
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
required_params = [
"subdomain",
"username",
"secret_key",
"master_password",
]
self._check_required_params(required_params)
args = [
"signin",
"{0}.{1}".format(self.subdomain, self.domain),
to_bytes(self.username),
to_bytes(self.secret_key),
"--raw",
]
return self._run(args, command_input=to_bytes(self.master_password))
def get_raw(self, item_id, vault=None, token=None):
args = ["get", "item", item_id]
if self.account_id:
args.extend(["--account", self.account_id])
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
if vault is not None:
args += ["--vault={0}".format(vault)]
if token is not None:
args += [to_bytes("--session=") + token]
return self._run(args)
def signin(self):
self._check_required_params(['master_password'])
args = ["signin", "--raw"]
if self.subdomain:
args.append(self.subdomain)
return self._run(args, command_input=to_bytes(self.master_password))
class OnePassCLIv2(OnePassCLIBase):
"""
CLIv2 Syntax Reference: https://developer.1password.com/docs/cli/upgrade#step-2-update-your-scripts
"""
supports_version = "2"
def _parse_field(self, data_json, field_name, section_title=None):
"""
Schema reference: https://developer.1password.com/docs/cli/item-template-json
Example Data:
# Password item
{
"id": "ywvdbojsguzgrgnokmcxtydgdv",
"title": "Authy Backup",
"version": 1,
"vault": {
"id": "bcqxysvcnejjrwzoqrwzcqjqxc",
"name": "Personal"
},
"category": "PASSWORD",
"last_edited_by": "7FUPZ8ZNE02KSHMAIMKHIVUE17",
"created_at": "2015-01-18T13:13:38Z",
"updated_at": "2016-02-20T16:23:54Z",
"additional_information": "Jan 18, 2015, 08:13:38",
"fields": [
{
"id": "password",
"type": "CONCEALED",
"purpose": "PASSWORD",
"label": "password",
"value": "OctoberPoppyNuttyDraperySabbath",
"reference": "op://Personal/Authy Backup/password",
"password_details": {
"strength": "FANTASTIC"
}
},
{
"id": "notesPlain",
"type": "STRING",
"purpose": "NOTES",
"label": "notesPlain",
"value": "Backup password to restore Authy",
"reference": "op://Personal/Authy Backup/notesPlain"
}
]
}
# Login item
{
"id": "awk4s2u44fhnrgppszcsvc663i",
"title": "Dummy Login",
"version": 2,
"vault": {
"id": "stpebbaccrq72xulgouxsk4p7y",
"name": "Personal"
},
"category": "LOGIN",
"last_edited_by": "LSGPJERUYBH7BFPHMZ2KKGL6AU",
"created_at": "2018-04-25T21:55:19Z",
"updated_at": "2018-04-25T21:56:06Z",
"additional_information": "agent.smith",
"urls": [
{
"primary": true,
"href": "https://acme.com"
}
],
"sections": [
{
"id": "linked items",
"label": "Related Items"
}
],
"fields": [
{
"id": "username",
"type": "STRING",
"purpose": "USERNAME",
"label": "username",
"value": "agent.smith",
"reference": "op://Personal/Dummy Login/username"
},
{
"id": "password",
"type": "CONCEALED",
"purpose": "PASSWORD",
"label": "password",
"value": "Q7vFwTJcqwxKmTU]Dzx7NW*wrNPXmj",
"entropy": 159.6083697084228,
"reference": "op://Personal/Dummy Login/password",
"password_details": {
"entropy": 159,
"generated": true,
"strength": "FANTASTIC"
}
},
{
"id": "notesPlain",
"type": "STRING",
"purpose": "NOTES",
"label": "notesPlain",
"reference": "op://Personal/Dummy Login/notesPlain"
}
]
}
"""
data = json.loads(data_json)
field_name = _lower_if_possible(field_name)
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
for field in data.get("fields", []):
if section_title is None:
# If the field name exists in the section, return that value
if field.get(field_name):
return field.get(field_name)
# If the field name doesn't exist in the section, match on the value of "label"
# then "id" and return "value"
if field.get("label", "").lower() == field_name:
return field.get("value", "")
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
if field.get("id", "").lower() == field_name:
return field.get("value", "")
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
# Look at the section data and get an identifier. The value of 'id' is either a unique ID
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
# or a human-readable string. If a 'label' field exists, prefer that since
# it is the value visible in the 1Password UI when both 'id' and 'label' exist.
section = field.get("section", {})
section_title = _lower_if_possible(section_title)
current_section_title = section.get("label", section.get("id", "")).lower()
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
if section_title == current_section_title:
# In the correct section. Check "label" then "id" for the desired field_name
if field.get("label", "").lower() == field_name:
return field.get("value", "")
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
if field.get("id", "").lower() == field_name:
return field.get("value", "")
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
return ""
def assert_logged_in(self):
[PR #6660/473e557c backport][stable-7] Onepassword lookup add service accounts (#6710) Onepassword lookup add service accounts (#6660) * add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557c2f31425495fa5deed514835bdc508315) Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
2023-06-15 20:38:19 +02:00
if self.service_account_token:
args = ["whoami"]
environment_update = {"OP_SERVICE_ACCOUNT_TOKEN": self.service_account_token}
rc, out, err = self._run(args, environment_update=environment_update)
return not bool(rc)
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
args = ["account", "list"]
if self.subdomain:
account = "{subdomain}.{domain}".format(subdomain=self.subdomain, domain=self.domain)
args.extend(["--account", account])
rc, out, err = self._run(args)
if out:
# Running 'op account get' if there are no accounts configured on the system drops into
# an interactive prompt. Only run 'op account get' after first listing accounts to see
# if there are any previously configured accounts.
args = ["account", "get"]
if self.account_id:
args.extend(["--account", self.account_id])
elif self.subdomain:
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
account = "{subdomain}.{domain}".format(subdomain=self.subdomain, domain=self.domain)
args.extend(["--account", account])
rc, out, err = self._run(args, ignore_errors=True)
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
return not bool(rc)
return False
def full_signin(self):
required_params = [
"subdomain",
"username",
"secret_key",
"master_password",
]
self._check_required_params(required_params)
args = [
"account", "add", "--raw",
"--address", "{0}.{1}".format(self.subdomain, self.domain),
"--email", to_bytes(self.username),
"--signin",
]
environment_update = {"OP_SECRET_KEY": self.secret_key}
return self._run(args, command_input=to_bytes(self.master_password), environment_update=environment_update)
def get_raw(self, item_id, vault=None, token=None):
args = ["item", "get", item_id, "--format", "json"]
if self.account_id:
args.extend(["--account", self.account_id])
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
if vault is not None:
args += ["--vault={0}".format(vault)]
[PR #6660/473e557c backport][stable-7] Onepassword lookup add service accounts (#6710) Onepassword lookup add service accounts (#6660) * add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557c2f31425495fa5deed514835bdc508315) Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
2023-06-15 20:38:19 +02:00
if self.service_account_token:
if vault is None:
raise AnsibleLookupError("'vault' is required with 'service_account_token'")
environment_update = {"OP_SERVICE_ACCOUNT_TOKEN": self.service_account_token}
return self._run(args, environment_update=environment_update)
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
if token is not None:
args += [to_bytes("--session=") + token]
return self._run(args)
def signin(self):
self._check_required_params(['master_password'])
args = ["signin", "--raw"]
if self.subdomain:
args.extend(["--account", self.subdomain])
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
return self._run(args, command_input=to_bytes(self.master_password))
2020-03-09 10:11:07 +01:00
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
class OnePass(object):
[PR #6660/473e557c backport][stable-7] Onepassword lookup add service accounts (#6710) Onepassword lookup add service accounts (#6660) * add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557c2f31425495fa5deed514835bdc508315) Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
2023-06-15 20:38:19 +02:00
def __init__(self, subdomain=None, domain="1password.com", username=None, secret_key=None, master_password=None,
service_account_token=None, account_id=None):
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
self.subdomain = subdomain
self.domain = domain
self.username = username
self.secret_key = secret_key
self.master_password = master_password
[PR #6660/473e557c backport][stable-7] Onepassword lookup add service accounts (#6710) Onepassword lookup add service accounts (#6660) * add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557c2f31425495fa5deed514835bdc508315) Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
2023-06-15 20:38:19 +02:00
self.service_account_token = service_account_token
self.account_id = account_id
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
self.logged_in = False
self.token = None
self._config = OnePasswordConfig()
self._cli = self._get_cli_class()
def _get_cli_class(self):
version = OnePassCLIBase.get_current_version()
for cls in OnePassCLIBase.__subclasses__():
if cls.supports_version == version.split(".")[0]:
try:
return cls(self.subdomain, self.domain, self.username, self.secret_key, self.master_password, self.service_account_token, self.account_id)
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
except TypeError as e:
raise AnsibleLookupError(e)
raise AnsibleLookupError("op version %s is unsupported" % version)
def set_token(self):
if self._config.config_file_path and os.path.isfile(self._config.config_file_path):
# If the config file exists, assume an initial sign in has taken place and try basic sign in
try:
rc, out, err = self._cli.signin()
except AnsibleLookupError as exc:
test_strings = (
"missing required parameters",
"unauthorized",
)
if any(string in exc.message.lower() for string in test_strings):
# A required parameter is missing, or a bad master password was supplied
# so don't bother attempting a full signin
raise
rc, out, err = self._cli.full_signin()
self.token = out.strip()
else:
# Attempt a full signin since there appears to be no existing signin
rc, out, err = self._cli.full_signin()
self.token = out.strip()
def assert_logged_in(self):
logged_in = self._cli.assert_logged_in()
if logged_in:
self.logged_in = logged_in
pass
else:
self.set_token()
def get_raw(self, item_id, vault=None):
rc, out, err = self._cli.get_raw(item_id, vault, self.token)
return out
def get_field(self, item_id, field, section=None, vault=None):
output = self.get_raw(item_id, vault)
if output:
return self._cli._parse_field(output, field, section)
return ""
class LookupModule(LookupBase):
def run(self, terms, variables=None, **kwargs):
self.set_options(var_options=variables, direct=kwargs)
field = self.get_option("field")
section = self.get_option("section")
vault = self.get_option("vault")
subdomain = self.get_option("subdomain")
domain = self.get_option("domain")
username = self.get_option("username")
secret_key = self.get_option("secret_key")
master_password = self.get_option("master_password")
[PR #6660/473e557c backport][stable-7] Onepassword lookup add service accounts (#6710) Onepassword lookup add service accounts (#6660) * add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557c2f31425495fa5deed514835bdc508315) Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
2023-06-15 20:38:19 +02:00
service_account_token = self.get_option("service_account_token")
account_id = self.get_option("account_id")
onepassword - Support v2 (#4728) * Begin building out separate classes to support different op cli versions Create separet base classes for each major version. Define the main interface in the base class. Create methods for getting the current version and instantiating the appropriate class based on the found version. * First pass at mostly working CLI version classes * Correct mismathched parameters * Update _run() method to allow updating enviroment This allows passing in the app secret as an env var, which is more secure than using a command line arg. * Continuing to improve the interface * Tear existing tests down to the studs These tests were based off of the LastPass unit tests. I’m going to just start from scratch given the new plugin code is vastly diffenent. * Fix sanity test * CLI config file path can be None * Improve required param checking - only report missing params - use proper grammer based on number of missing params * Change assert_logged_in() method return value Return a boolean value indicating whether or not account is signed in * Improve full login for v2 Have to do a bit of a dance to avoid hitting the interactive prompt if there are no accounts configured. * Remove unused methods * Add some tests * Fix linting errors * Move fixtures to separate file * Restructure mock test data and add more tests * Add boilerplate * Add test scenario for op v2 and increase coverage * Fix up copyright statements * Test v1 and v2 in all cases * Use a more descriptive variable name * Use docstrings rather than pass in abstract class This adds coverage to abstract methods with the least amount of hackery. * Increase test coverage for CLI classes * Sort test parameters to avoid collection errors * Update version tested in docs * Revere test parameter sorting for now The parameters need to be sorted to avoid the issue in older Python versions in CI, but I’m having trouble working out how to do that currently. * Allow passing kwargs to the lookup module under test * Favor label over id for v2 when looking for values Add tests * Display a warning for section on op v2 or greater There is no “value” in section fields. If we wanted to support sections in v2, we would also have to allow specifying the field name in order to override “value”. * Move test cases to their own file Getting a bit unwieldy having it in the test file * Move output into JSON files fore easier reuse * Switch to using get_options() * Add licenses for fixture files * Use get_option() since get_options() was added in Ansible Core 2.12 * Rearrange fixtures * Add changelog * Move common classes to module_utils * Move common classes back to lookup The plugin relies on AnsibleLookupError() quite a bit which is not available in module code. Remove use of display for errors since section isn’t actually deprecated. * Properly handle sections Still room for improvement, but this is at least a start. * Remove some comments that won’t be addressed * Make test gathering more deterministic to avoid failures * Update changelog fragment * Simple fix for making tests reliable
2022-11-06 11:32:35 +01:00
op = OnePass(subdomain, domain, username, secret_key, master_password, service_account_token, account_id)
2020-03-09 10:11:07 +01:00
op.assert_logged_in()
values = []
for term in terms:
values.append(op.get_field(term, field, section, vault))
2020-03-09 10:11:07 +01:00
return values