From 241cc02fa8e2581faad8aec946883be4c28954f2 Mon Sep 17 00:00:00 2001
From: Sam Doran <sdoran@redhat.com>
Date: Fri, 1 Dec 2023 11:47:49 -0500
Subject: [PATCH] onepassword lookup - Make section and field case insensitive
 (#7564)

* onepassword lookup: Make section and field case insensitive

This was a regression in behavior when adding support for op v2.

* Return a string by default to avoid an exception if a field is missing

* Use a helper function to lower a value if possible

* Update changelog
---
 ...564-onepassword-lookup-case-insensitive.yaml |  4 ++++
 plugins/lookup/onepassword.py                   | 17 ++++++++++++++---
 tests/unit/plugins/lookup/onepassword_common.py |  2 +-
 .../lookup/onepassword_fixtures/v2_out_01.json  |  4 ++--
 4 files changed, 21 insertions(+), 6 deletions(-)
 create mode 100644 changelogs/fragments/7564-onepassword-lookup-case-insensitive.yaml

diff --git a/changelogs/fragments/7564-onepassword-lookup-case-insensitive.yaml b/changelogs/fragments/7564-onepassword-lookup-case-insensitive.yaml
new file mode 100644
index 0000000000..d2eaf2ff11
--- /dev/null
+++ b/changelogs/fragments/7564-onepassword-lookup-case-insensitive.yaml
@@ -0,0 +1,4 @@
+bugfixes:
+  - >-
+    onepassword lookup plugin - field and section titles are now case insensitive when using
+    op CLI version two or later. This matches the behavior of version one (https://github.com/ansible-collections/community.general/pull/7564).
diff --git a/plugins/lookup/onepassword.py b/plugins/lookup/onepassword.py
index 1b9a037113..70d0b94eb7 100644
--- a/plugins/lookup/onepassword.py
+++ b/plugins/lookup/onepassword.py
@@ -96,6 +96,14 @@ from ansible.module_utils.six import with_metaclass
 from ansible_collections.community.general.plugins.module_utils.onepassword import OnePasswordConfig
 
 
+def _lower_if_possible(value):
+    """Return the lower case version value, otherwise return the value"""
+    try:
+        return value.lower()
+    except AttributeError:
+        return value
+
+
 class OnePassCLIBase(with_metaclass(abc.ABCMeta, object)):
     bin = "op"
 
@@ -457,6 +465,7 @@ class OnePassCLIv2(OnePassCLIBase):
             }
         """
         data = json.loads(data_json)
+        field_name = _lower_if_possible(field_name)
         for field in data.get("fields", []):
             if section_title is None:
                 # If the field name exists in the section, return that value
@@ -465,17 +474,19 @@ class OnePassCLIv2(OnePassCLIBase):
 
                 # If the field name doesn't exist in the section, match on the value of "label"
                 # then "id" and return "value"
-                if field.get("label") == field_name:
+                if field.get("label", "").lower() == field_name:
                     return field.get("value", "")
 
-                if field.get("id") == field_name:
+                if field.get("id", "").lower() == field_name:
                     return field.get("value", "")
 
             # Look at the section data and get an identifier. The value of 'id' is either a unique ID
             # or a human-readable string. If a 'label' field exists, prefer that since
             # it is the value visible in the 1Password UI when both 'id' and 'label' exist.
             section = field.get("section", {})
-            current_section_title = section.get("label", section.get("id"))
+            section_title = _lower_if_possible(section_title)
+
+            current_section_title = section.get("label", section.get("id", "")).lower()
             if section_title == current_section_title:
                 # In the correct section. Check "label" then "id" for the desired field_name
                 if field.get("label") == field_name:
diff --git a/tests/unit/plugins/lookup/onepassword_common.py b/tests/unit/plugins/lookup/onepassword_common.py
index b99b46691f..ca450613ed 100644
--- a/tests/unit/plugins/lookup/onepassword_common.py
+++ b/tests/unit/plugins/lookup/onepassword_common.py
@@ -107,7 +107,7 @@ MOCK_ENTRIES = {
             "queries": ["Omitted values"],
             "kwargs": {
                 "field": "section-label-without-value",
-                "section": "section-without-values"
+                "section": "Section-Without-Values"
             },
             "expected": [""],
             "output": load_file("v2_out_04.json")
diff --git a/tests/unit/plugins/lookup/onepassword_fixtures/v2_out_01.json b/tests/unit/plugins/lookup/onepassword_fixtures/v2_out_01.json
index 7ef0bb0c23..0ace5c825a 100644
--- a/tests/unit/plugins/lookup/onepassword_fixtures/v2_out_01.json
+++ b/tests/unit/plugins/lookup/onepassword_fixtures/v2_out_01.json
@@ -13,10 +13,10 @@
     "additional_information": "Jan 18, 2015, 08:13:38",
     "fields": [
         {
-            "id": "password",
+            "id": "Password",
             "type": "CONCEALED",
             "purpose": "PASSWORD",
-            "label": "password",
+            "label": "Password",
             "value": "OctoberPoppyNuttyDraperySabbath",
             "reference": "op://Test Vault/Authy Backup/password",
             "password_details": {