From 12618ddbd4f1b4050df0d483372b5f6f4c0d084c Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Wed, 20 Jan 2021 23:12:41 +0100 Subject: [PATCH] onepassword: find the password field out of the fields list (#1610) (#1651) * Find the password field out of the fields list With the command line utility `op` version 1.8, the password field exists, while the fields list is empty. This will look for the desired field without it being listed in the fields list. * Add changelog fragment * Update changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml Co-authored-by: Felix Fontein * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein Co-authored-by: Felix Fontein (cherry picked from commit 5b1bede4cb6afc82222a66fb8cc2ebdca6b6ab4e) Co-authored-by: Roberto Aguilar --- ...1610-bugfix-onepassword-lookup-plugin.yaml | 2 + plugins/lookup/onepassword.py | 55 +++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml diff --git a/changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml b/changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml new file mode 100644 index 0000000000..d3220a2c71 --- /dev/null +++ b/changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml @@ -0,0 +1,2 @@ +bugfixes: +- "onepassword lookup plugin - updated to support password items, which place the password field directly in the payload's ``details`` attribute (https://github.com/ansible-collections/community.general/pull/1610)." diff --git a/plugins/lookup/onepassword.py b/plugins/lookup/onepassword.py index 4fe1b36c4a..995037a1ff 100644 --- a/plugins/lookup/onepassword.py +++ b/plugins/lookup/onepassword.py @@ -187,8 +187,63 @@ class OnePass(object): return rc, out, err def _parse_field(self, data_json, field_name, section_title=None): + """ + Retrieves the desired field from the `op` response payload + + When the item is a `password` type, the password is a key within the `details` key: + + $ op get item 'test item' | jq + { + [...] + "templateUuid": "005", + "details": { + "notesPlain": "", + "password": "foobar", + "passwordHistory": [], + "sections": [ + { + "name": "linked items", + "title": "Related Items" + } + ] + }, + [...] + } + + However, when the item is a `login` type, the password is within a fields array: + + $ op get item 'test item' | jq + { + [...] + "details": { + "fields": [ + { + "designation": "username", + "name": "username", + "type": "T", + "value": "foo" + }, + { + "designation": "password", + "name": "password", + "type": "P", + "value": "bar" + } + ], + [...] + }, + [...] + """ data = json.loads(data_json) if section_title is None: + # https://github.com/ansible-collections/community.general/pull/1610: + # check the details dictionary for `field_name` and return it immediately if it exists + # when the entry is a "password" instead of a "login" item, the password field is a key + # in the `details` dictionary: + if field_name in data['details']: + return data['details'][field_name] + + # when the field is not found above, iterate through the fields list in the object details for field_data in data['details'].get('fields', []): if field_data.get('name', '').lower() == field_name.lower(): return field_data.get('value', '')