mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
feat(lookup/bitwarden): add support for "session" arg (#7994)
Allows pass session key instead of reading from env. Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
This commit is contained in:
parent
e0dbe9c98d
commit
6cafd3bed7
3 changed files with 45 additions and 0 deletions
2
changelogs/fragments/7994-bitwarden-session-arg.yaml
Normal file
2
changelogs/fragments/7994-bitwarden-session-arg.yaml
Normal file
|
@ -0,0 +1,2 @@
|
|||
minor_changes:
|
||||
- "bitwarden lookup plugin - add ``bw_session`` option, to pass session key instead of reading from env (https://github.com/ansible-collections/community.general/pull/7994)."
|
|
@ -39,6 +39,10 @@ DOCUMENTATION = """
|
|||
description: Collection ID to filter results by collection. Leave unset to skip filtering.
|
||||
type: str
|
||||
version_added: 6.3.0
|
||||
bw_session:
|
||||
description: Pass session key instead of reading from env.
|
||||
type: str
|
||||
version_added: 8.4.0
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
|
@ -66,6 +70,11 @@ EXAMPLES = """
|
|||
ansible.builtin.debug:
|
||||
msg: >-
|
||||
{{ lookup('community.general.bitwarden', 'a_test', field='api_key') }}
|
||||
|
||||
- name: "Get 'password' from all Bitwarden records named 'a_test', using given session key"
|
||||
ansible.builtin.debug:
|
||||
msg: >-
|
||||
{{ lookup('community.general.bitwarden', 'a_test', field='password', bw_session='bXZ9B5TXi6...') }}
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
|
@ -94,11 +103,20 @@ class Bitwarden(object):
|
|||
|
||||
def __init__(self, path='bw'):
|
||||
self._cli_path = path
|
||||
self._session = None
|
||||
|
||||
@property
|
||||
def cli_path(self):
|
||||
return self._cli_path
|
||||
|
||||
@property
|
||||
def session(self):
|
||||
return self._session
|
||||
|
||||
@session.setter
|
||||
def session(self, value):
|
||||
self._session = value
|
||||
|
||||
@property
|
||||
def unlocked(self):
|
||||
out, err = self._run(['status'], stdin="")
|
||||
|
@ -106,6 +124,9 @@ class Bitwarden(object):
|
|||
return decoded['status'] == 'unlocked'
|
||||
|
||||
def _run(self, args, stdin=None, expected_rc=0):
|
||||
if self.session:
|
||||
args += ['--session', self.session]
|
||||
|
||||
p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE)
|
||||
out, err = p.communicate(to_bytes(stdin))
|
||||
rc = p.wait()
|
||||
|
@ -179,6 +200,8 @@ class LookupModule(LookupBase):
|
|||
field = self.get_option('field')
|
||||
search_field = self.get_option('search')
|
||||
collection_id = self.get_option('collection_id')
|
||||
_bitwarden.session = self.get_option('bw_session')
|
||||
|
||||
if not _bitwarden.unlocked:
|
||||
raise AnsibleError("Bitwarden Vault locked. Run 'bw unlock'.")
|
||||
|
||||
|
|
|
@ -158,3 +158,23 @@ class TestLookupModule(unittest.TestCase):
|
|||
record_name = record['name']
|
||||
with self.assertRaises(AnsibleError):
|
||||
self.lookup.run([record_name], field='password')
|
||||
|
||||
def test_bitwarden_plugin_without_session_option(self):
|
||||
mock_bitwarden = MockBitwarden()
|
||||
with patch("ansible_collections.community.general.plugins.lookup.bitwarden._bitwarden", mock_bitwarden):
|
||||
record = MOCK_RECORDS[0]
|
||||
record_name = record['name']
|
||||
session = 'session'
|
||||
|
||||
self.lookup.run([record_name], field=None)
|
||||
self.assertIsNone(mock_bitwarden.session)
|
||||
|
||||
def test_bitwarden_plugin_session_option(self):
|
||||
mock_bitwarden = MockBitwarden()
|
||||
with patch("ansible_collections.community.general.plugins.lookup.bitwarden._bitwarden", mock_bitwarden):
|
||||
record = MOCK_RECORDS[0]
|
||||
record_name = record['name']
|
||||
session = 'session'
|
||||
|
||||
self.lookup.run([record_name], field=None, bw_session=session)
|
||||
self.assertEqual(mock_bitwarden.session, session)
|
||||
|
|
Loading…
Reference in a new issue