Create onepassword_ssh_key plugin (#9580)

* add 1password_ssh_key lookup

* refactor

* Delete onepassword_ssh_key.py

* Revert "Delete onepassword_ssh_key.py"

This reverts commit e17ff7e232.

* Delete onepassword_ssh_key.py

* add tests

* add test license

* cleanup

* refactor

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* fix indentation

* fix RETURN indentation

* use get_option to get ssh_format

* linting

* update project year in copyright

* add plugin to BOTMETA.yml

* use OnePassCLIv2's get_raw and use OnePass's token

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Mohammed Babelly 2025-01-26 18:24:17 +04:00 committed by GitHub
commit 25a262bdcf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 252 additions and 0 deletions

View file

@ -293,3 +293,39 @@ MOCK_ENTRIES = {
},
],
}
SSH_KEY_MOCK_ENTRIES = [
# loads private key in PKCS#8 format by default
{
"vault_name": "Personal",
"queries": ["ssh key"],
"expected": [
"-----BEGIN PRIVATE KEY-----\n..........=\n-----END PRIVATE KEY-----\n"
],
"output": load_file("ssh_key_output.json"),
},
# loads private key in PKCS#8 format becasue ssh_format=false
{
"vault_name": "Personal",
"queries": ["ssh key"],
"kwargs": {
"ssh_format": False,
},
"expected": [
"-----BEGIN PRIVATE KEY-----\n..........=\n-----END PRIVATE KEY-----\n"
],
"output": load_file("ssh_key_output.json"),
},
# loads private key in ssh format
{
"vault_name": "Personal",
"queries": ["ssh key"],
"kwargs": {
"ssh_format": True,
},
"expected": [
"-----BEGIN OPENSSH PRIVATE KEY-----\r\n.....\r\n-----END OPENSSH PRIVATE KEY-----\r\n"
],
"output": load_file("ssh_key_output.json"),
},
]

View file

@ -0,0 +1,57 @@
{
"id": "wdtryfeh3jlx2dlanqgg4dqxmy",
"title": "ssh key",
"version": 1,
"vault": {
"id": "5auhrjy66hc7ndhe2wvym6gadv",
"name": "Personal"
},
"category": "SSH_KEY",
"last_edited_by": "LSGPJERUYBH7BFPHMZ2KKGL6AU",
"created_at": "2025-01-10T16:57:16Z",
"updated_at": "2025-01-10T16:57:16Z",
"additional_information": "SHA256:frHmQAgblahD5HHgNj2O714",
"fields": [
{
"id": "public_key",
"type": "STRING",
"label": "public key",
"value": "ssh-ed255.....",
"reference": "op://Personal/ssh key/public key"
},
{
"id": "fingerprint",
"type": "STRING",
"label": "fingerprint",
"value": "SHA256:frHmQAgy7zBKeFDxHMW0QltZ/5O4N8gD5HHgNj2O614",
"reference": "op://Personal/ssh key/fingerprint"
},
{
"id": "private_key",
"type": "SSHKEY",
"label": "private key",
"value": "-----BEGIN PRIVATE KEY-----\n..........=\n-----END PRIVATE KEY-----\n",
"reference": "op://Personal/ssh key/private key",
"ssh_formats": {
"openssh": {
"reference": "op://Personal/ssh key/private key?ssh-format=openssh",
"value": "-----BEGIN OPENSSH PRIVATE KEY-----\r\n.....\r\n-----END OPENSSH PRIVATE KEY-----\r\n"
}
}
},
{
"id": "key_type",
"type": "STRING",
"label": "key type",
"value": "ed25519",
"reference": "op://Personal/ssh key/key type"
},
{
"id": "notesPlain",
"type": "STRING",
"purpose": "NOTES",
"label": "notesPlain",
"reference": "op://Personal/ssh key/notesPlain"
}
]
}

View file

@ -0,0 +1,3 @@
GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
SPDX-License-Identifier: GPL-3.0-or-later
SPDX-FileCopyrightText: 2025, Ansible Project

View file

@ -0,0 +1,30 @@
# Copyright (c) 2025 Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
import json
import pytest
from .onepassword_common import SSH_KEY_MOCK_ENTRIES
from ansible.plugins.loader import lookup_loader
@pytest.mark.parametrize(
("vault", "queries", "kwargs", "output", "expected"),
(
(item["vault_name"], item["queries"], item.get("kwargs", {}), item["output"], item["expected"])
for item in SSH_KEY_MOCK_ENTRIES
)
)
def test_ssh_key(mocker, vault, queries, kwargs, output, expected):
mocker.patch("ansible_collections.community.general.plugins.lookup.onepassword.OnePass.assert_logged_in", return_value=True)
mocker.patch("ansible_collections.community.general.plugins.lookup.onepassword.OnePassCLIBase._run", return_value=(0, json.dumps(output), ""))
op_lookup = lookup_loader.get("community.general.onepassword_ssh_key")
result = op_lookup.run(queries, vault=vault, **kwargs)
assert result == expected