1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

[PR #7994/6cafd3be backport][stable-8] feat(lookup/bitwarden): add support for "session" arg (#8030)

feat(lookup/bitwarden): add support for "session" arg (#7994)

Allows pass session key instead of reading from env.

Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>
(cherry picked from commit 6cafd3bed7)

Co-authored-by: Emilien Escalle <neilime@users.noreply.github.com>
This commit is contained in:
patchback[bot] 2024-02-25 21:26:23 +01:00 committed by GitHub
parent 755ee2b4d0
commit 9a7a0ca526
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 45 additions and 0 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- "bitwarden lookup plugin - add ``bw_session`` option, to pass session key instead of reading from env (https://github.com/ansible-collections/community.general/pull/7994)."

View file

@ -39,6 +39,10 @@ DOCUMENTATION = """
description: Collection ID to filter results by collection. Leave unset to skip filtering.
type: str
version_added: 6.3.0
bw_session:
description: Pass session key instead of reading from env.
type: str
version_added: 8.4.0
"""
EXAMPLES = """
@ -66,6 +70,11 @@ EXAMPLES = """
ansible.builtin.debug:
msg: >-
{{ lookup('community.general.bitwarden', 'a_test', field='api_key') }}
- name: "Get 'password' from all Bitwarden records named 'a_test', using given session key"
ansible.builtin.debug:
msg: >-
{{ lookup('community.general.bitwarden', 'a_test', field='password', bw_session='bXZ9B5TXi6...') }}
"""
RETURN = """
@ -94,11 +103,20 @@ class Bitwarden(object):
def __init__(self, path='bw'):
self._cli_path = path
self._session = None
@property
def cli_path(self):
return self._cli_path
@property
def session(self):
return self._session
@session.setter
def session(self, value):
self._session = value
@property
def unlocked(self):
out, err = self._run(['status'], stdin="")
@ -106,6 +124,9 @@ class Bitwarden(object):
return decoded['status'] == 'unlocked'
def _run(self, args, stdin=None, expected_rc=0):
if self.session:
args += ['--session', self.session]
p = Popen([self.cli_path] + args, stdout=PIPE, stderr=PIPE, stdin=PIPE)
out, err = p.communicate(to_bytes(stdin))
rc = p.wait()
@ -179,6 +200,8 @@ class LookupModule(LookupBase):
field = self.get_option('field')
search_field = self.get_option('search')
collection_id = self.get_option('collection_id')
_bitwarden.session = self.get_option('bw_session')
if not _bitwarden.unlocked:
raise AnsibleError("Bitwarden Vault locked. Run 'bw unlock'.")

View file

@ -158,3 +158,23 @@ class TestLookupModule(unittest.TestCase):
record_name = record['name']
with self.assertRaises(AnsibleError):
self.lookup.run([record_name], field='password')
def test_bitwarden_plugin_without_session_option(self):
mock_bitwarden = MockBitwarden()
with patch("ansible_collections.community.general.plugins.lookup.bitwarden._bitwarden", mock_bitwarden):
record = MOCK_RECORDS[0]
record_name = record['name']
session = 'session'
self.lookup.run([record_name], field=None)
self.assertIsNone(mock_bitwarden.session)
def test_bitwarden_plugin_session_option(self):
mock_bitwarden = MockBitwarden()
with patch("ansible_collections.community.general.plugins.lookup.bitwarden._bitwarden", mock_bitwarden):
record = MOCK_RECORDS[0]
record_name = record['name']
session = 'session'
self.lookup.run([record_name], field=None, bw_session=session)
self.assertEqual(mock_bitwarden.session, session)