1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

feat(lookup/bitwarden): add support for "session" arg (#7994)

Allows pass session key instead of reading from env.

Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
This commit is contained in:
Emilien Escalle 2024-02-25 19:44:37 +01:00 committed by GitHub
parent e0dbe9c98d
commit 6cafd3bed7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 45 additions and 0 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- "bitwarden lookup plugin - add ``bw_session`` option, to pass session key instead of reading from env (https://github.com/ansible-collections/community.general/pull/7994)."

View file

@ -39,6 +39,10 @@ DOCUMENTATION = """
description: Collection ID to filter results by collection. Leave unset to skip filtering. description: Collection ID to filter results by collection. Leave unset to skip filtering.
type: str type: str
version_added: 6.3.0 version_added: 6.3.0
bw_session:
description: Pass session key instead of reading from env.
type: str
version_added: 8.4.0
""" """
EXAMPLES = """ EXAMPLES = """
@ -66,6 +70,11 @@ EXAMPLES = """
ansible.builtin.debug: ansible.builtin.debug:
msg: >- msg: >-
{{ lookup('community.general.bitwarden', 'a_test', field='api_key') }} {{ lookup('community.general.bitwarden', 'a_test', field='api_key') }}
- name: "Get 'password' from all Bitwarden records named 'a_test', using given session key"
ansible.builtin.debug:
msg: >-
{{ lookup('community.general.bitwarden', 'a_test', field='password', bw_session='bXZ9B5TXi6...') }}
""" """
RETURN = """ RETURN = """
@ -94,11 +103,20 @@ class Bitwarden(object):
def __init__(self, path='bw'): def __init__(self, path='bw'):
self._cli_path = path self._cli_path = path
self._session = None
@property @property
def cli_path(self): def cli_path(self):
return self._cli_path return self._cli_path
@property
def session(self):
return self._session
@session.setter
def session(self, value):
self._session = value
@property @property
def unlocked(self): def unlocked(self):
out, err = self._run(['status'], stdin="") out, err = self._run(['status'], stdin="")
@ -106,6 +124,9 @@ class Bitwarden(object):
return decoded['status'] == 'unlocked' return decoded['status'] == 'unlocked'
def _run(self, args, stdin=None, expected_rc=0): def _run(self, args, stdin=None, expected_rc=0):
if self.session:
args += ['--session', self.session]
p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE) p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE)
out, err = p.communicate(to_bytes(stdin)) out, err = p.communicate(to_bytes(stdin))
rc = p.wait() rc = p.wait()
@ -179,6 +200,8 @@ class LookupModule(LookupBase):
field = self.get_option('field') field = self.get_option('field')
search_field = self.get_option('search') search_field = self.get_option('search')
collection_id = self.get_option('collection_id') collection_id = self.get_option('collection_id')
_bitwarden.session = self.get_option('bw_session')
if not _bitwarden.unlocked: if not _bitwarden.unlocked:
raise AnsibleError("Bitwarden Vault locked. Run 'bw unlock'.") raise AnsibleError("Bitwarden Vault locked. Run 'bw unlock'.")

View file

@ -158,3 +158,23 @@ class TestLookupModule(unittest.TestCase):
record_name = record['name'] record_name = record['name']
with self.assertRaises(AnsibleError): with self.assertRaises(AnsibleError):
self.lookup.run([record_name], field='password') self.lookup.run([record_name], field='password')
def test_bitwarden_plugin_without_session_option(self):
mock_bitwarden = MockBitwarden()
with patch("ansible_collections.community.general.plugins.lookup.bitwarden._bitwarden", mock_bitwarden):
record = MOCK_RECORDS[0]
record_name = record['name']
session = 'session'
self.lookup.run([record_name], field=None)
self.assertIsNone(mock_bitwarden.session)
def test_bitwarden_plugin_session_option(self):
mock_bitwarden = MockBitwarden()
with patch("ansible_collections.community.general.plugins.lookup.bitwarden._bitwarden", mock_bitwarden):
record = MOCK_RECORDS[0]
record_name = record['name']
session = 'session'
self.lookup.run([record_name], field=None, bw_session=session)
self.assertEqual(mock_bitwarden.session, session)