Files
dotfiles/config/ansible/plugins/lookup/onepassword.py
2025-03-11 15:54:31 +01:00

69 lines
1.9 KiB
Python

from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = """
name: onepassword
author: Menno
version_added: "1.0"
short_description: fetch secrets from 1Password
description:
- Uses the 1Password CLI to fetch secrets from 1Password
options:
item:
description: the item to fetch
required: true
field:
description: the field to fetch from the item
required: false
default: password
vault:
description: the vault to fetch from
required: false
"""
EXAMPLES = """
- name: fetch password for an item
debug:
msg: "{{ lookup('onepassword', 'storage-box', field='password') }}"
"""
RETURN = """
_raw:
description: field data requested
"""
from ansible.errors import AnsibleError
from ansible.plugins.lookup import LookupBase
from ansible.utils.display import Display
import subprocess
display = Display()
class LookupModule(LookupBase):
def run(self, terms, variables=None, **kwargs):
if len(terms) != 1:
raise AnsibleError("onepassword lookup expects exactly one argument")
item = terms[0]
field = kwargs.get('field', 'password')
vault = kwargs.get('vault', '')
vault_arg = []
if vault:
vault_arg = ['--vault', vault]
cmd = ['op', 'item', 'get', item, '--field', field] + vault_arg
display.vvv(f"Executing command: {' '.join(cmd)}")
try:
result = subprocess.run(
cmd,
capture_output=True,
text=True,
check=True
)
return [result.stdout.strip()]
except subprocess.CalledProcessError as e:
raise AnsibleError(f"Error fetching from 1Password: {e.stderr}")