mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-10-23 20:44:00 -07:00
[PR #9580/25a262bd backport][stable-10] Create onepassword_ssh_key
plugin (#9632)
Create `onepassword_ssh_key` plugin (#9580) * add 1password_ssh_key lookup * refactor * Delete onepassword_ssh_key.py * Revert "Delete onepassword_ssh_key.py" This reverts commite17ff7e232
. * Delete onepassword_ssh_key.py * add tests * add test license * cleanup * refactor * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> * fix indentation * fix RETURN indentation * use get_option to get ssh_format * linting * update project year in copyright * add plugin to BOTMETA.yml * use OnePassCLIv2's get_raw and use OnePass's token --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit25a262bdcf
) Co-authored-by: Mohammed Babelly <mohammed@nevercode.io>
This commit is contained in:
parent
8e2fa624e0
commit
04b68c296b
6 changed files with 252 additions and 0 deletions
124
plugins/lookup/onepassword_ssh_key.py
Normal file
124
plugins/lookup/onepassword_ssh_key.py
Normal file
|
@ -0,0 +1,124 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Copyright (c) 2025, Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
DOCUMENTATION = """
|
||||
name: onepassword_ssh_key
|
||||
author:
|
||||
- Mohammed Babelly (@mohammedbabelly20)
|
||||
requirements:
|
||||
- C(op) 1Password command line utility version 2 or later.
|
||||
short_description: Fetch SSH keys stored in 1Password
|
||||
version_added: "10.3.0"
|
||||
description:
|
||||
- P(community.general.onepassword_ssh_key#lookup) wraps C(op) command line utility to fetch SSH keys from 1Password.
|
||||
notes:
|
||||
- By default, it returns the private key value in PKCS#8 format, unless O(ssh_format=true) is passed.
|
||||
- The pluging works only for C(SSHKEY) type items.
|
||||
- This plugin requires C(op) version 2 or later.
|
||||
|
||||
options:
|
||||
_terms:
|
||||
description: Identifier(s) (case-insensitive UUID or name) of item(s) to retrieve.
|
||||
required: true
|
||||
type: list
|
||||
elements: string
|
||||
ssh_format:
|
||||
description: Output key in SSH format if V(true). Otherwise, outputs in the default format (PKCS#8).
|
||||
default: false
|
||||
type: bool
|
||||
|
||||
extends_documentation_fragment:
|
||||
- community.general.onepassword
|
||||
- community.general.onepassword.lookup
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
- name: Retrieve the private SSH key from 1Password
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ lookup('community.general.onepassword_ssh_key', 'SSH Key', ssh_format=true) }}"
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
_raw:
|
||||
description: Private key of SSH keypair.
|
||||
type: list
|
||||
elements: string
|
||||
"""
|
||||
import json
|
||||
|
||||
from ansible_collections.community.general.plugins.lookup.onepassword import (
|
||||
OnePass,
|
||||
OnePassCLIv2,
|
||||
)
|
||||
from ansible.errors import AnsibleLookupError
|
||||
from ansible.plugins.lookup import LookupBase
|
||||
|
||||
|
||||
class OnePassCLIv2SSHKey(OnePassCLIv2):
|
||||
|
||||
def get_ssh_key(self, item_id, vault=None, token=None, ssh_format=False):
|
||||
rc, out, err = self.get_raw(item_id, vault=vault, token=token)
|
||||
|
||||
data = json.loads(out)
|
||||
|
||||
if data.get("category") != "SSH_KEY":
|
||||
raise AnsibleLookupError(f"Item {item_id} is not an SSH key")
|
||||
|
||||
private_key_field = next(
|
||||
(
|
||||
field
|
||||
for field in data.get("fields", {})
|
||||
if field.get("id") == "private_key" and field.get("type") == "SSHKEY"
|
||||
),
|
||||
None,
|
||||
)
|
||||
if not private_key_field:
|
||||
raise AnsibleLookupError(f"No private key found for item {item_id}.")
|
||||
|
||||
if ssh_format:
|
||||
return (
|
||||
private_key_field.get("ssh_formats", {})
|
||||
.get("openssh", {})
|
||||
.get("value", "")
|
||||
)
|
||||
return private_key_field.get("value", "")
|
||||
|
||||
|
||||
class LookupModule(LookupBase):
|
||||
def run(self, terms, variables=None, **kwargs):
|
||||
self.set_options(var_options=variables, direct=kwargs)
|
||||
|
||||
ssh_format = self.get_option("ssh_format")
|
||||
vault = self.get_option("vault")
|
||||
subdomain = self.get_option("subdomain")
|
||||
domain = self.get_option("domain", "1password.com")
|
||||
username = self.get_option("username")
|
||||
secret_key = self.get_option("secret_key")
|
||||
master_password = self.get_option("master_password")
|
||||
service_account_token = self.get_option("service_account_token")
|
||||
account_id = self.get_option("account_id")
|
||||
connect_host = self.get_option("connect_host")
|
||||
connect_token = self.get_option("connect_token")
|
||||
|
||||
op = OnePass(
|
||||
subdomain=subdomain,
|
||||
domain=domain,
|
||||
username=username,
|
||||
secret_key=secret_key,
|
||||
master_password=master_password,
|
||||
service_account_token=service_account_token,
|
||||
account_id=account_id,
|
||||
connect_host=connect_host,
|
||||
connect_token=connect_token,
|
||||
cli_class=OnePassCLIv2SSHKey,
|
||||
)
|
||||
op.assert_logged_in()
|
||||
|
||||
return [
|
||||
op._cli.get_ssh_key(term, vault, token=op.token, ssh_format=ssh_format)
|
||||
for term in terms
|
||||
]
|
Loading…
Add table
Add a link
Reference in a new issue