Some checks failed
Nix Format Check / check-format (push) Failing after 37s
69 lines
1.9 KiB
Python
69 lines
1.9 KiB
Python
from __future__ import (absolute_import, division, print_function)
|
|
__metaclass__ = type
|
|
|
|
DOCUMENTATION = """
|
|
name: onepassword
|
|
author: Menno
|
|
version_added: "1.0"
|
|
short_description: fetch secrets from 1Password
|
|
description:
|
|
- Uses the 1Password CLI to fetch secrets from 1Password
|
|
options:
|
|
item:
|
|
description: the item to fetch
|
|
required: true
|
|
field:
|
|
description: the field to fetch from the item
|
|
required: false
|
|
default: password
|
|
vault:
|
|
description: the vault to fetch from
|
|
required: false
|
|
"""
|
|
|
|
EXAMPLES = """
|
|
- name: fetch password for an item
|
|
debug:
|
|
msg: "{{ lookup('onepassword', 'storage-box', field='password') }}"
|
|
"""
|
|
|
|
RETURN = """
|
|
_raw:
|
|
description: field data requested
|
|
"""
|
|
|
|
from ansible.errors import AnsibleError
|
|
from ansible.plugins.lookup import LookupBase
|
|
from ansible.utils.display import Display
|
|
import subprocess
|
|
|
|
display = Display()
|
|
|
|
class LookupModule(LookupBase):
|
|
def run(self, terms, variables=None, **kwargs):
|
|
if len(terms) != 1:
|
|
raise AnsibleError("onepassword lookup expects exactly one argument")
|
|
|
|
item = terms[0]
|
|
field = kwargs.get('field', 'password')
|
|
vault = kwargs.get('vault', '')
|
|
|
|
vault_arg = []
|
|
if vault:
|
|
vault_arg = ['--vault', vault]
|
|
|
|
cmd = ['op', 'item', 'get', item, '--field', field] + vault_arg
|
|
|
|
display.vvv(f"Executing command: {' '.join(cmd)}")
|
|
|
|
try:
|
|
result = subprocess.run(
|
|
cmd,
|
|
capture_output=True,
|
|
text=True,
|
|
check=True
|
|
)
|
|
return [result.stdout.strip()]
|
|
except subprocess.CalledProcessError as e:
|
|
raise AnsibleError(f"Error fetching from 1Password: {e.stderr}")
|