onepassword: find the password field out of the fields list (#1610)

* Find the password field out of the fields list With the command line utility `op` version 1.8, the password field exists, while the fields list is empty. This will look for the desired field without it being listed in the fields list. * Add changelog fragment * Update changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
2024-09-14 20:13:21 +02:00 · 2021-01-20 16:37:28 -05:00 · 2021-01-20 16:37:28 -05:00 · 5b1bede4cb
commit 5b1bede4cb
parent 25e246bdc2
2 changed files with 57 additions and 0 deletions
--- a/changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml
+++ b/changelogs/fragments/1610-bugfix-onepassword-lookup-plugin.yaml
@ -0,0 +1,2 @@
+bugfixes:
+- "onepassword lookup plugin - updated to support password items, which place the password field directly in the payload's ``details`` attribute (https://github.com/ansible-collections/community.general/pull/1610)."
--- a/plugins/lookup/onepassword.py
+++ b/plugins/lookup/onepassword.py
@ -187,8 +187,63 @@ class OnePass(object):
        return rc, out, err

    def _parse_field(self, data_json, field_name, section_title=None):
+        """
+        Retrieves the desired field from the `op` response payload
+
+        When the item is a `password` type, the password is a key within the `details` key:
+
+        $ op get item 'test item' | jq
+        {
+          [...]
+          "templateUuid": "005",
+          "details": {
+            "notesPlain": "",
+            "password": "foobar",
+            "passwordHistory": [],
+            "sections": [
+              {
+                "name": "linked items",
+                "title": "Related Items"
+              }
+            ]
+          },
+          [...]
+        }
+
+        However, when the item is a `login` type, the password is within a fields array:
+
+        $ op get item 'test item' | jq
+        {
+          [...]
+          "details": {
+            "fields": [
+              {
+                "designation": "username",
+                "name": "username",
+                "type": "T",
+                "value": "foo"
+              },
+              {
+                "designation": "password",
+                "name": "password",
+                "type": "P",
+                "value": "bar"
+              }
+            ],
+            [...]
+          },
+          [...]
+        """
        data = json.loads(data_json)
        if section_title is None:
+            # https://github.com/ansible-collections/community.general/pull/1610:
+            # check the details dictionary for `field_name` and return it immediately if it exists
+            # when the entry is a "password" instead of a "login" item, the password field is a key
+            # in the `details` dictionary:
+            if field_name in data['details']:
+                return data['details'][field_name]
+
+            # when the field is not found above, iterate through the fields list in the object details
            for field_data in data['details'].get('fields', []):
                if field_data.get('name', '').lower() == field_name.lower():
                    return field_data.get('value', '')