cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

onepassword_facts bug fixes (#51953)

Browse source 
* Always add the session token to the command, if it is set. This ensures we can retrieve documents as well as regular items.

* Fix issue retrieving documents with latest 1Password CLI v0.5.5.

* Module tested with latest 1Password CLI v0.5.5.
This commit is contained in:
Ryan Conway 2019-02-22 11:52:33 +00:00 committed by John R Barker
parent 0469134f16
commit 749e963d11
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/ansible/modules/identity/onepassword_facts.py
View file

@ -28,7 +28,7 @@ notes:
- This module stores potentially sensitive data from 1Password as Ansible facts. - This module stores potentially sensitive data from 1Password as Ansible facts.
Facts are subject to caching if enabled, which means this data could be stored in clear text Facts are subject to caching if enabled, which means this data could be stored in clear text
on disk or in a database. on disk or in a database.
- Tested with C(op) version 0.5.3 - Tested with C(op) version 0.5.5
short_description: Gather items from 1Password and set them as facts short_description: Gather items from 1Password and set them as facts
description: description:
- M(onepassword_facts) wraps the C(op) command line utility to fetch data about one or more 1Password items and return as Ansible facts. - M(onepassword_facts) wraps the C(op) command line utility to fetch data about one or more 1Password items and return as Ansible facts.
@ -174,6 +174,10 @@ class OnePasswordFacts(object):
self.terms = self.parse_search_terms(terms) self.terms = self.parse_search_terms(terms)
def _run(self, args, expected_rc=0, command_input=None, ignore_errors=False): def _run(self, args, expected_rc=0, command_input=None, ignore_errors=False):
if self.token:
# Adds the session token to all commands if we're logged in.
args += [to_bytes('--session=') + self.token]
command = [self.cli_path] + args command = [self.cli_path] + args
p = Popen(command, stdout=PIPE, stderr=PIPE, stdin=PIPE) p = Popen(command, stdout=PIPE, stderr=PIPE, stdin=PIPE)
out, err = p.communicate(input=command_input) out, err = p.communicate(input=command_input)
@ -188,7 +192,7 @@ class OnePasswordFacts(object):
if ('documentAttributes' in data['details']): if ('documentAttributes' in data['details']):
# This is actually a document, let's fetch the document data instead! # This is actually a document, let's fetch the document data instead!
document = self._run(["get", "document", data['overview']['title']]) document = self._run(["get", "document", data['overview']['title']])
return {'document': document[0].strip()} return {'document': document[1].strip()}
else: else:
# This is not a document, let's try to find the requested field # This is not a document, let's try to find the requested field
@ -242,8 +246,6 @@ class OnePasswordFacts(object):
args = ["get", "item", item_id] args = ["get", "item", item_id]
if vault is not None: if vault is not None:
args += ['--vault={0}'.format(vault)] args += ['--vault={0}'.format(vault)]
if not self.logged_in:
args += [to_bytes('--session=') + self.token]
rc, output, dummy = self._run(args) rc, output, dummy = self._run(args)
return output return output