vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: enhance 1Password lookup functionality with vault ID support and concealment option
Some checks failed
Nix Format Check / check-format (push) Failing after 37s
Details

Browse Source
This commit is contained in:
Menno van Leeuwen
2025-03-11 15:58:27 +01:00
parent 47fb912c15
commit d787b25917
3 changed files with 41 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
config/ansible/plugins/lookup/onepassword.py
View File

@@ -17,14 +17,22 @@ DOCUMENTATION = """
required: false
default: password
vault:
description: the vault to fetch from
description: the vault to fetch from (name or ID)
required: false
reveal:
description: whether to reveal concealed fields
required: false
default: true
"""
EXAMPLES = """
- name: fetch password for an item
debug:
msg: "{{ lookup('onepassword', 'storage-box', field='password') }}"
msg: "{{ lookup('onepassword', 'xxxx', field='password') }}"
- name: fetch password from specific vault
debug:
msg: "{{ lookup('onepassword', 'xxxx', field='password', vault='xxxx') }}"
"""
RETURN = """
@@ -47,12 +55,17 @@ class LookupModule(LookupBase):
item = terms[0]
field = kwargs.get('field', 'password')
vault = kwargs.get('vault', '')
reveal = kwargs.get('reveal', True)
vault_arg = []
cmd = ['op', 'item', 'get', item, '--field', field]
# Add vault parameter if specified
if vault:
vault_arg = ['--vault', vault]
cmd = ['op', 'item', 'get', item, '--field', field] + vault_arg
cmd.extend(['--vault', vault])
# Add reveal flag for concealed fields
if reveal and field.lower() in ['password', 'secret', 'token', 'key']:
cmd.append('--reveal')
display.vvv(f"Executing command: {' '.join(cmd)}")
@@ -65,4 +78,11 @@ class LookupModule(LookupBase):
)
return [result.stdout.strip()]
except subprocess.CalledProcessError as e:
raise AnsibleError(f"Error fetching from 1Password: {e.stderr}")
error_msg = e.stderr.strip()
display.warning(f"Error executing 1Password CLI: {error_msg}")
display.warning(f"Command used: {' '.join(cmd)}")
if "not found" in error_msg:
return [f"Secret '{item}' not found in 1Password"]
raise AnsibleError(f"Error fetching from 1Password: {error_msg}")