From 749e963d11ce2955aecc6a6b319f25e6b85f67d2 Mon Sep 17 00:00:00 2001
From: Ryan Conway <ryan@rjc.cc>
Date: Fri, 22 Feb 2019 11:52:33 +0000
Subject: [PATCH] onepassword_facts bug fixes (#51953)

* Always add the session token to the command, if it is set. This ensures we can retrieve documents as well as regular items.

* Fix issue retrieving documents with latest 1Password CLI v0.5.5.

* Module tested with latest 1Password CLI v0.5.5.
---
 lib/ansible/modules/identity/onepassword_facts.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/ansible/modules/identity/onepassword_facts.py b/lib/ansible/modules/identity/onepassword_facts.py
index 59364b1b6a6..3ed91d4bd35 100644
--- a/lib/ansible/modules/identity/onepassword_facts.py
+++ b/lib/ansible/modules/identity/onepassword_facts.py
@@ -28,7 +28,7 @@ notes:
     - This module stores potentially sensitive data from 1Password as Ansible facts.
       Facts are subject to caching if enabled, which means this data could be stored in clear text
       on disk or in a database.
-      - Tested with C(op) version 0.5.3
+      - Tested with C(op) version 0.5.5
 short_description: Gather items from 1Password and set them as facts
 description:
     - M(onepassword_facts) wraps the C(op) command line utility to fetch data about one or more 1Password items and return as Ansible facts.
@@ -174,6 +174,10 @@ class OnePasswordFacts(object):
         self.terms = self.parse_search_terms(terms)
 
     def _run(self, args, expected_rc=0, command_input=None, ignore_errors=False):
+        if self.token:
+            # Adds the session token to all commands if we're logged in.
+            args += [to_bytes('--session=') + self.token]
+
         command = [self.cli_path] + args
         p = Popen(command, stdout=PIPE, stderr=PIPE, stdin=PIPE)
         out, err = p.communicate(input=command_input)
@@ -188,7 +192,7 @@ class OnePasswordFacts(object):
         if ('documentAttributes' in data['details']):
             # This is actually a document, let's fetch the document data instead!
             document = self._run(["get", "document", data['overview']['title']])
-            return {'document': document[0].strip()}
+            return {'document': document[1].strip()}
 
         else:
             # This is not a document, let's try to find the requested field
@@ -242,8 +246,6 @@ class OnePasswordFacts(object):
             args = ["get", "item", item_id]
             if vault is not None:
                 args += ['--vault={0}'.format(vault)]
-            if not self.logged_in:
-                args += [to_bytes('--session=') + self.token]
             rc, output, dummy = self._run(args)
             return output