Vha.ddlmZmZmZeZdZdZdZddl Z ddl Z ddl Z ddl Z ddl mZddlmZmZddlmZdd lmZmZdd lmZdd lmZd ZGd dee j8eZGddeZGddeZ GddeZ!GddeZ"y))absolute_importdivisionprint_functionai name: onepassword author: - Scott Buchanan (@scottsb) - Andrew Zenk (@azenk) - Sam Doran (@samdoran) short_description: Fetch field values from 1Password description: - P(community.general.onepassword#lookup) wraps the C(op) command line utility to fetch specific field values from 1Password. requirements: - C(op) 1Password command line utility options: _terms: description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve. required: true type: list elements: string account_id: version_added: 7.5.0 domain: version_added: 3.2.0 field: description: Field to return from each matching item (case-insensitive). default: 'password' type: str service_account_token: version_added: 7.1.0 extends_documentation_fragment: - community.general.onepassword - community.general.onepassword.lookup a --- # These examples only work when already signed in to 1Password - name: Retrieve password for KITT when already signed in to 1Password ansible.builtin.debug: var: lookup('community.general.onepassword', 'KITT') - name: Retrieve password for Wintermute when already signed in to 1Password ansible.builtin.debug: var: lookup('community.general.onepassword', 'Tessier-Ashpool', section='Wintermute') - name: Retrieve username for HAL when already signed in to 1Password ansible.builtin.debug: var: lookup('community.general.onepassword', 'HAL 9000', field='username', vault='Discovery') - name: Retrieve password for HAL when not signed in to 1Password ansible.builtin.debug: var: lookup('community.general.onepassword', 'HAL 9000', subdomain='Discovery', master_password=vault_master_password) - name: Retrieve password for HAL when never signed in to 1Password ansible.builtin.debug: var: >- lookup('community.general.onepassword', 'HAL 9000', subdomain='Discovery', master_password=vault_master_password, username='tweety@acme.com', secret_key=vault_secret_key) - name: Retrieve password from specific account ansible.builtin.debug: var: lookup('community.general.onepassword', 'HAL 9000', account_id='abc123') zI _raw: description: Field data requested. type: list elements: str N) LookupBase)AnsibleLookupErrorAnsibleOptionsError) get_bin_path)to_bytesto_text)with_metaclass)OnePasswordConfigcF |jS#t$r|cYSwxYw)z?Return the lower case version value, otherwise return the value)lowerAttributeError)values p/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/lookup/onepassword.py_lower_if_possibler^s'{{}  s   ceZdZdZ ddZdZejdZddZ ejdZ ejdZ ejdd Z ejd Z ed Zed Zed Zy)OnePassCLIBaseopNc ||_||_||_||_||_||_||_||_| |_d|_ d|_ yN) subdomaindomainusernamemaster_password secret_keyservice_account_token account_id connect_host connect_token_path_version) selfrrrrrrrr r!s r__init__zOnePassCLIBase.__init__isU#   .$%:"$(*  c|Dcic]}t||ds|t||}}t|j|}|r#A;>B$BB$) N 1password.comNNNNNNN)rNFNNN)__name__ __module__ __qualname__rkr%r9abcabstractmethodr?r]r`rbrgripropertyrGrn classmethodrmr;r&rrrfs C"2 * RR, 33 "" 55 00   & &r&rc0eZdZdZdZdZdZddZdZy) OnePassCLIv11cLtj|}|n||dvr|d|S|djdgD]G}|jddj|jk(s5|jddcS|djdgD]}|%|j|djk7r*|jdgD]I}|jddj|jk(s5|jd dccSy) a Retrieves the desired field from the `op` response payload When the item is a `password` type, the password is a key within the `details` key: $ op get item 'test item' | jq { [...] "templateUuid": "005", "details": { "notesPlain": "", "password": "foobar", "passwordHistory": [], "sections": [ { "name": "linked items", "title": "Related Items" } ] }, [...] } However, when the item is a `login` type, the password is within a fields array: $ op get item 'test item' | jq { [...] "details": { "fields": [ { "designation": "username", "name": "username", "type": "T", "value": "foo" }, { "designation": "password", "name": "password", "type": "P", "value": "bar" } ], [...] }, [...] detailsfieldsnamer(rsectionstitletv)jsonloadsgetr)r$r<r=r>data field_data section_datas rr?zOnePassCLIv1._parse_fields/`zz)$  T)_,Iz22#9o11(B? 7 >>&"-3359I9I9KK%>>'266 7!O// B? 3L(]-@-@-BlSZF[FaFaFc-c*..x< 3 >>#r*002j6F6F6HH%>>#r22 3  3r&cddg}|jr|jd|jgn:|jr.|jd|j}|jd|g|j |d\}}}t | S)Nraccount --accountr)TrU)rextendrrr]bool)r$rRrr\rZr[s rr`zOnePassCLIv1.assert_logged_in#s}y! ?? KKdoo6 7 ^^($++7G KKg. /yyTy: C8|r&cx|js |jr td|jr tdgd}|j |d|j d|j t|jt|jdg}|j|t|jS)Nz_1Password Connect is not available with 1Password CLI version 1. Please use version 2 or later.zY1Password CLI version 1 does not support Service Accounts. Please use version 2 or later.rrrrrir)--rawrT) r r!rrr9rrr rrr]r)r$r1rRs rrbzOnePassCLIv1.full_signin/s    2 2$qs s  % %$km m  ##O4 ~~a } - T]] # T__ %   yyXd6J6J-KyLLr&Ncdd|g}|jr|jd|jg| |d|gz }||td|zgz }|j|S)Nritemr--vault= --session=)rrr r]r$rdrerfrRs rrgzOnePassCLIv1.get_rawJsovw' ?? KKdoo6 7   xw'( (D   Xl+e34 4Dyyr&c|jdgddg}|jr|j|j|j|t |j S)Nrrirr)r9rappendr]r rr$rRs rrizOnePassCLIv1.signinXsS ##%6$78'" >> KK 'yyXd6J6J-KyLLr&ry) rzr{r|supports_versionr?r`rbrgrir;r&rrrs%FP M6 Mr&rc>eZdZdZdZd dZdZdZd dZd dZ d Z y) OnePassCLIv2zm CLIv2 Syntax Reference: https://developer.1password.com/docs/cli/upgrade#step-2-update-your-scripts 2Nc tj|}t|}|jdgD]X}||j|r|j|cS|jddj |k(r|jddcS|jddj |k(r|jddcS|jdi}t|}|jd|jddj }||k(s|jddj |k(r|jddcS|jddj |k(sG|jddcSy)a Schema reference: https://developer.1password.com/docs/cli/item-template-json Example Data: # Password item { "id": "ywvdbojsguzgrgnokmcxtydgdv", "title": "Authy Backup", "version": 1, "vault": { "id": "bcqxysvcnejjrwzoqrwzcqjqxc", "name": "Personal" }, "category": "PASSWORD", "last_edited_by": "7FUPZ8ZNE02KSHMAIMKHIVUE17", "created_at": "2015-01-18T13:13:38Z", "updated_at": "2016-02-20T16:23:54Z", "additional_information": "Jan 18, 2015, 08:13:38", "fields": [ { "id": "password", "type": "CONCEALED", "purpose": "PASSWORD", "label": "password", "value": "OctoberPoppyNuttyDraperySabbath", "reference": "op://Personal/Authy Backup/password", "password_details": { "strength": "FANTASTIC" } }, { "id": "notesPlain", "type": "STRING", "purpose": "NOTES", "label": "notesPlain", "value": "Backup password to restore Authy", "reference": "op://Personal/Authy Backup/notesPlain" } ] } # Login item { "id": "awk4s2u44fhnrgppszcsvc663i", "title": "Dummy Login", "version": 2, "vault": { "id": "stpebbaccrq72xulgouxsk4p7y", "name": "Personal" }, "category": "LOGIN", "last_edited_by": "LSGPJERUYBH7BFPHMZ2KKGL6AU", "created_at": "2018-04-25T21:55:19Z", "updated_at": "2018-04-25T21:56:06Z", "additional_information": "agent.smith", "urls": [ { "primary": true, "href": "https://acme.com" } ], "sections": [ { "id": "linked items", "label": "Related Items" } ], "fields": [ { "id": "username", "type": "STRING", "purpose": "USERNAME", "label": "username", "value": "agent.smith", "reference": "op://Personal/Dummy Login/username" }, { "id": "password", "type": "CONCEALED", "purpose": "PASSWORD", "label": "password", "value": "Q7vFwTJcqwxKmTU]Dzx7NW*wrNPXmj", "entropy": 159.6083697084228, "reference": "op://Personal/Dummy Login/password", "password_details": { "entropy": 159, "generated": true, "strength": "FANTASTIC" } }, { "id": "notesPlain", "type": "STRING", "purpose": "NOTES", "label": "notesPlain", "reference": "op://Personal/Dummy Login/notesPlain" } ] } rlabelr(ridsection)rrrrr)r$r<r=r>rfieldrcurrent_section_titles rr?zOnePassCLIv2._parse_fieldhs]Lzz)$' 3 XXh+ 2E$99Z( 99Z0099Wb)//1Z? 99Wb1199T2&,,.*< 99Wb11 ii 2.G.}=M$+KKT29N$O$U$U$W ! 5599Wb)//1Z? 99Wb1199T2&,,.*< 99Wb117 2:r&cv|jr |jry|jr4dg}d|ji}|j||\}}}t | Sddg}|j r.|j d|j }|jd|g|j|\}}}|rdd g}|jr|jd|jgn:|j r.|j d|j }|jd|g|j|d \}}}t | Sy ) NTwhoamiOP_SERVICE_ACCOUNT_TOKENrVrlistr)rrrF) r r!rr]rrrrr)r$rRrVr\rZr[rs rr`zOnePassCLIv2.assert_logged_ins-   !3!3  % %:D"X>X!Y 99T>P9QLBSBx< 6" >>($++7G KKg. /yy C u%D [$//:;!^^,Adkk]; ['2399T9>LBSBx< r&c gd}|j|dddd|jd|jdt|jdg}d |j i}|j |t|j| S) Nrraddrz --addressr)z--emailz--signin OP_SECRET_KEY)rTrV)r9rrr rrr]r)r$r1rRrVs rrbzOnePassCLIv2.full_signins  ##O4 ug DNN+1T[[M: x .   .t?yyXd6J6J-K`ryssr&c|jr|jd|jg| |d|gz }|jrE|jr9| t d|j|jd}|j ||S|j r.| t dd|j i}|j ||S||td|zgz }|j |S) Nrrz*'vault' is required with 1Password Connect)OP_CONNECT_HOSTOP_CONNECT_TOKENrz0'vault' is required with 'service_account_token'rr)rrr r!rr]rr )r$rRrerfrVs r_add_parameters_and_runz$OnePassCLIv2._add_parameters_and_run%s ?? KKdoo6 7   xw'( (D   !3!3}()UVV#'#4#4$($6$6" 99T6H9I I  % %}()[\\"X>X!Y 99T6H9I I   Xl+e34 4Dyyr&c8dd|ddg}|j|||S)Nrrz--formatr)rerf)rrs rrgzOnePassCLIv2.get_raw@s*w F;++DU+KKr&c|jdgddg}|jr|jd|jg|j|t |j S)Nrrirrr)r9rrr]r rrs rrizOnePassCLIv2.signinDsX ##%6$78'" >> KKdnn5 6yyXd6J6J-KyLLr&rry) rzr{r|__doc__rr?r`rbrrgrir;r&rrrbs3EN!Ft&6LMr&rc<eZdZ ddZd dZdZdZd dZd dZy) OnePassNc d||_||_||_||_||_||_||_||_| |_d|_ d|_ t|_ |j| |_|js |jr&d|j|jfvr tdyy)NFz4connect_host and connect_token are required together)rrrrrrrr r! logged_inrfr _config_get_cli_class_clir) r$rrrrrrrr r! cli_classs rr%zOnePass.__init__Os"   $.%:"$(* (* '' 2   !3!3$BSBSUYUgUgAh9h%&\] ]:i!3r&c d|I||j|j|j|j|j|j St j}t jD]}|j|jddk(s% ||j|j|j|j|j|j |j|j|j cStd|d#t$r}t|d}~wwxYw)Nr)rz op version z is unsupported)rrrrrrrrm__subclasses__rsplitrr r! TypeErrorr)r$rrnrtes rrzOnePass._get_cli_classds  T^^T[[$--Z^ZnZnptqKqKL L 446!002 0C##w}}S'9!'<<0t~~t{{DMM4??\`\p\prvsMsM#0A0A4CUCUWW 0!;wi!GHH!0,Q//0sA)D D/ D**D/c|jjrhtjj |jjr5 |j j \}}}|j|_ y|j j\}}}|j|_ y#t$r?d}tfd|Dr|j j\}}}YddwwxYw)N)zmissing required parameters unauthorizedc3VK|] }|jjv"ywr)messager).0stringexcs r z$OnePass.set_token..}s#Pv!2!2!44Ps&)) rconfig_file_pathrJrGisfilerriranyrbrsrf)r$r\rZr[ test_stringsrs @r set_tokenzOnePass.set_tokenss << ( (RWW^^DLL(//),(OOK0 *??:.__\2 //*;< $0G H__\2 ~6 8 !+"7!%'    ED MM",,tUGUC D E r&r)rzr{r|rr;r&rrrs!r&r)# __future__rrrtype __metaclass__ DOCUMENTATIONEXAMPLESRETURNr}rJrrHansible.plugins.lookupransible.errorsrr#ansible.module_utils.common.processr +ansible.module_utils.common.text.convertersr r ansible.module_utils.sixr Fansible_collections.community.general.plugins.module_utils.onepasswordr rABCMetaobjectrrrrrr;r&rrsCB  @ <  -B<I3do&^CKK8o&dGM>GMTiM>iMXNfNb#:#r&