feat: update Ansible configuration and add 1Password lookup plugin for secret management
Some checks failed
Nix Format Check / check-format (push) Failing after 37s
Some checks failed
Nix Format Check / check-format (push) Failing after 37s
This commit is contained in:
68
config/ansible/plugins/lookup/onepassword.py
Normal file
68
config/ansible/plugins/lookup/onepassword.py
Normal file
@ -0,0 +1,68 @@
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
DOCUMENTATION = """
|
||||
name: onepassword
|
||||
author: Menno
|
||||
version_added: "1.0"
|
||||
short_description: fetch secrets from 1Password
|
||||
description:
|
||||
- Uses the 1Password CLI to fetch secrets from 1Password
|
||||
options:
|
||||
item:
|
||||
description: the item to fetch
|
||||
required: true
|
||||
field:
|
||||
description: the field to fetch from the item
|
||||
required: false
|
||||
default: password
|
||||
vault:
|
||||
description: the vault to fetch from
|
||||
required: false
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: fetch password for an item
|
||||
debug:
|
||||
msg: "{{ lookup('onepassword', 'storage-box', field='password') }}"
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
_raw:
|
||||
description: field data requested
|
||||
"""
|
||||
|
||||
from ansible.errors import AnsibleError
|
||||
from ansible.plugins.lookup import LookupBase
|
||||
from ansible.utils.display import Display
|
||||
import subprocess
|
||||
|
||||
display = Display()
|
||||
|
||||
class LookupModule(LookupBase):
|
||||
def run(self, terms, variables=None, **kwargs):
|
||||
if len(terms) != 1:
|
||||
raise AnsibleError("onepassword lookup expects exactly one argument")
|
||||
|
||||
item = terms[0]
|
||||
field = kwargs.get('field', 'password')
|
||||
vault = kwargs.get('vault', '')
|
||||
|
||||
vault_arg = []
|
||||
if vault:
|
||||
vault_arg = ['--vault', vault]
|
||||
|
||||
cmd = ['op', 'item', 'get', item, '--field', field] + vault_arg
|
||||
|
||||
display.vvv(f"Executing command: {' '.join(cmd)}")
|
||||
|
||||
try:
|
||||
result = subprocess.run(
|
||||
cmd,
|
||||
capture_output=True,
|
||||
text=True,
|
||||
check=True
|
||||
)
|
||||
return [result.stdout.strip()]
|
||||
except subprocess.CalledProcessError as e:
|
||||
raise AnsibleError(f"Error fetching from 1Password: {e.stderr}")
|
||||
Reference in New Issue
Block a user