mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-25 21:44:00 -07:00 
			
		
		
		
	bitwarden - add support for filtering by organization_id (#8188)
* bitwarden - add support for filtering by organization_id * Update changelogs/fragments/8188-bitwarden-add-organization_id.yml Co-authored-by: Felix Fontein <felix@fontein.de> * implement PR discussion result on wording * rewrite search_field filtering To correctly handle organization_id and collection_id by passing both to bw. Tests needed to be extended to filter organizations / collections and the testdata needed changes to reflect that a collection always belongs to a single organizaion --------- Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
		
					parent
					
						
							
								7fd37ea247
							
						
					
				
			
			
				commit
				
					
						865de5baa0
					
				
			
		
					 3 changed files with 100 additions and 28 deletions
				
			
		|  | @ -0,0 +1,2 @@ | |||
| minor_changes: | ||||
| - bitwarden lookup plugin - add support to filter by organization ID (https://github.com/ansible-collections/community.general/pull/8188). | ||||
|  | @ -29,7 +29,7 @@ DOCUMENTATION = """ | |||
|           - Field to retrieve, for example V(name) or V(id). | ||||
|           - If set to V(id), only zero or one element can be returned. | ||||
|             Use the Jinja C(first) filter to get the only list element. | ||||
|           - When O(collection_id) is set, this field can be undefined to retrieve the whole collection records. | ||||
|           - If set to V(None) or V(''), or if O(_terms) is empty, records are not filtered by fields. | ||||
|         type: str | ||||
|         default: name | ||||
|         version_added: 5.7.0 | ||||
|  | @ -40,6 +40,10 @@ DOCUMENTATION = """ | |||
|         description: Collection ID to filter results by collection. Leave unset to skip filtering. | ||||
|         type: str | ||||
|         version_added: 6.3.0 | ||||
|       organization_id: | ||||
|         description: Organization ID to filter results by organization. Leave unset to skip filtering. | ||||
|         type: str | ||||
|         version_added: 8.5.0 | ||||
|       bw_session: | ||||
|         description: Pass session key instead of reading from env. | ||||
|         type: str | ||||
|  | @ -142,45 +146,44 @@ class Bitwarden(object): | |||
|             raise BitwardenException(err) | ||||
|         return to_text(out, errors='surrogate_or_strict'), to_text(err, errors='surrogate_or_strict') | ||||
| 
 | ||||
|     def _get_matches(self, search_value, search_field, collection_id=None): | ||||
|     def _get_matches(self, search_value, search_field, collection_id=None, organization_id=None): | ||||
|         """Return matching records whose search_field is equal to key. | ||||
|         """ | ||||
| 
 | ||||
|         # Prepare set of params for Bitwarden CLI | ||||
|         if search_value: | ||||
|             if search_field == 'id': | ||||
|                 params = ['get', 'item', search_value] | ||||
|             else: | ||||
|                 params = ['list', 'items', '--search', search_value] | ||||
|             if collection_id: | ||||
|                 params.extend(['--collectionid', collection_id]) | ||||
|         if search_field == 'id': | ||||
|             params = ['get', 'item', search_value] | ||||
|         else: | ||||
|             if not collection_id: | ||||
|                 raise AnsibleError("search_value is required if collection_id is not set.") | ||||
|             params = ['list', 'items'] | ||||
|             if search_value: | ||||
|                 params.extend(['--search', search_value]) | ||||
| 
 | ||||
|             params = ['list', 'items', '--collectionid', collection_id] | ||||
|         if collection_id: | ||||
|             params.extend(['--collectionid', collection_id]) | ||||
|         if organization_id: | ||||
|             params.extend(['--organizationid', organization_id]) | ||||
| 
 | ||||
|         out, err = self._run(params) | ||||
| 
 | ||||
|         # This includes things that matched in different fields. | ||||
|         initial_matches = AnsibleJSONDecoder().raw_decode(out)[0] | ||||
| 
 | ||||
|         if search_field == 'id' or not search_value: | ||||
|         if search_field == 'id': | ||||
|             if initial_matches is None: | ||||
|                 initial_matches = [] | ||||
|             else: | ||||
|                 initial_matches = [initial_matches] | ||||
| 
 | ||||
|         # Filter to only include results from the right field. | ||||
|         return [item for item in initial_matches if item[search_field] == search_value] | ||||
|         return [item for item in initial_matches if not search_value or item[search_field] == search_value] | ||||
| 
 | ||||
|     def get_field(self, field, search_value=None, search_field="name", collection_id=None): | ||||
|     def get_field(self, field, search_value, search_field="name", collection_id=None, organization_id=None): | ||||
|         """Return a list of the specified field for records whose search_field match search_value | ||||
|         and filtered by collection if collection has been provided. | ||||
| 
 | ||||
|         If field is None, return the whole record for each match. | ||||
|         """ | ||||
|         matches = self._get_matches(search_value, search_field, collection_id) | ||||
|         matches = self._get_matches(search_value, search_field, collection_id, organization_id) | ||||
|         if not field: | ||||
|             return matches | ||||
|         field_matches = [] | ||||
|  | @ -215,15 +218,16 @@ class LookupModule(LookupBase): | |||
|         field = self.get_option('field') | ||||
|         search_field = self.get_option('search') | ||||
|         collection_id = self.get_option('collection_id') | ||||
|         organization_id = self.get_option('organization_id') | ||||
|         _bitwarden.session = self.get_option('bw_session') | ||||
| 
 | ||||
|         if not _bitwarden.unlocked: | ||||
|             raise AnsibleError("Bitwarden Vault locked. Run 'bw unlock'.") | ||||
| 
 | ||||
|         if not terms: | ||||
|             return [_bitwarden.get_field(field, None, search_field, collection_id)] | ||||
|             terms = [None] | ||||
| 
 | ||||
|         return [_bitwarden.get_field(field, term, search_field, collection_id) for term in terms] | ||||
|         return [_bitwarden.get_field(field, term, search_field, collection_id, organization_id) for term in terms] | ||||
| 
 | ||||
| 
 | ||||
| _bitwarden = Bitwarden() | ||||
|  |  | |||
|  | @ -6,6 +6,7 @@ | |||
| from __future__ import (absolute_import, division, print_function) | ||||
| __metaclass__ = type | ||||
| 
 | ||||
| import re | ||||
| from ansible_collections.community.general.tests.unit.compat import unittest | ||||
| from ansible_collections.community.general.tests.unit.compat.mock import patch | ||||
| 
 | ||||
|  | @ -13,8 +14,10 @@ from ansible.errors import AnsibleError | |||
| from ansible.module_utils import six | ||||
| from ansible.plugins.loader import lookup_loader | ||||
| from ansible_collections.community.general.plugins.lookup.bitwarden import Bitwarden | ||||
| from ansible.parsing.ajson import AnsibleJSONEncoder | ||||
| 
 | ||||
| MOCK_COLLECTION_ID = "3b12a9da-7c49-40b8-ad33-aede017a7ead" | ||||
| MOCK_ORGANIZATION_ID = "292ba0c6-f289-11ee-9301-ef7b639ccd2a" | ||||
| 
 | ||||
| MOCK_RECORDS = [ | ||||
|     { | ||||
|  | @ -48,7 +51,7 @@ MOCK_RECORDS = [ | |||
|         "name": "a_test", | ||||
|         "notes": None, | ||||
|         "object": "item", | ||||
|         "organizationId": None, | ||||
|         "organizationId": MOCK_ORGANIZATION_ID, | ||||
|         "passwordHistory": [ | ||||
|             { | ||||
|                 "lastUsedDate": "2022-07-26T23:03:23.405Z", | ||||
|  | @ -68,9 +71,7 @@ MOCK_RECORDS = [ | |||
|         "type": 1 | ||||
|     }, | ||||
|     { | ||||
|         "collectionIds": [ | ||||
|             MOCK_COLLECTION_ID | ||||
|         ], | ||||
|         "collectionIds": [], | ||||
|         "deletedDate": None, | ||||
|         "favorite": False, | ||||
|         "folderId": None, | ||||
|  | @ -106,10 +107,30 @@ MOCK_RECORDS = [ | |||
|         "name": "dupe_name", | ||||
|         "notes": None, | ||||
|         "object": "item", | ||||
|         "organizationId": None, | ||||
|         "organizationId": MOCK_ORGANIZATION_ID, | ||||
|         "reprompt": 0, | ||||
|         "revisionDate": "2022-07-27T03:42:46.673Z", | ||||
|         "type": 1 | ||||
|     }, | ||||
|     { | ||||
|         "collectionIds": [], | ||||
|         "deletedDate": None, | ||||
|         "favorite": False, | ||||
|         "folderId": None, | ||||
|         "id": "2bf517be-fb13-11ee-be89-a345aa369a94", | ||||
|         "login": { | ||||
|             "password": "e", | ||||
|             "passwordRevisionDate": None, | ||||
|             "totp": None, | ||||
|             "username": "f" | ||||
|         }, | ||||
|         "name": "non_collection_org_record", | ||||
|         "notes": None, | ||||
|         "object": "item", | ||||
|         "organizationId": MOCK_ORGANIZATION_ID, | ||||
|         "reprompt": 0, | ||||
|         "revisionDate": "2024-14-15T11:30:00.000Z", | ||||
|         "type": 1 | ||||
|     } | ||||
| ] | ||||
| 
 | ||||
|  | @ -118,11 +139,41 @@ class MockBitwarden(Bitwarden): | |||
| 
 | ||||
|     unlocked = True | ||||
| 
 | ||||
|     def _get_matches(self, search_value=None, search_field="name", collection_id=None): | ||||
|         if not search_value and collection_id: | ||||
|             return list(filter(lambda record: collection_id in record['collectionIds'], MOCK_RECORDS)) | ||||
|     def _run(self, args, stdin=None, expected_rc=0): | ||||
|         if args[0] == 'get': | ||||
|             if args[1] == 'item': | ||||
|                 for item in MOCK_RECORDS: | ||||
|                     if item.get('id') == args[2]: | ||||
|                         return AnsibleJSONEncoder().encode(item), '' | ||||
|         if args[0] == 'list': | ||||
|             if args[1] == 'items': | ||||
|                 try: | ||||
|                     search_value = args[args.index('--search') + 1] | ||||
|                 except ValueError: | ||||
|                     search_value = None | ||||
| 
 | ||||
|         return list(filter(lambda record: record[search_field] == search_value, MOCK_RECORDS)) | ||||
|                 try: | ||||
|                     collection_to_filter = args[args.index('--collectionid') + 1] | ||||
|                 except ValueError: | ||||
|                     collection_to_filter = None | ||||
| 
 | ||||
|                 try: | ||||
|                     organization_to_filter = args[args.index('--organizationid') + 1] | ||||
|                 except ValueError: | ||||
|                     organization_to_filter = None | ||||
| 
 | ||||
|                 items = [] | ||||
|                 for item in MOCK_RECORDS: | ||||
|                     if search_value and not re.search(search_value, item.get('name')): | ||||
|                         continue | ||||
|                     if collection_to_filter and collection_to_filter not in item.get('collectionIds', []): | ||||
|                         continue | ||||
|                     if organization_to_filter and item.get('organizationId') != organization_to_filter: | ||||
|                         continue | ||||
|                     items.append(item) | ||||
|                 return AnsibleJSONEncoder().encode(items), '' | ||||
| 
 | ||||
|         return '[]', '' | ||||
| 
 | ||||
| 
 | ||||
| class LoggedOutMockBitwarden(MockBitwarden): | ||||
|  | @ -194,4 +245,19 @@ class TestLookupModule(unittest.TestCase): | |||
|     @patch('ansible_collections.community.general.plugins.lookup.bitwarden._bitwarden', new=MockBitwarden()) | ||||
|     def test_bitwarden_plugin_full_collection(self): | ||||
|         # Try to retrieve the full records of the given collection. | ||||
|         self.assertEqual(MOCK_RECORDS, self.lookup.run(None, collection_id=MOCK_COLLECTION_ID)[0]) | ||||
|         self.assertEqual([MOCK_RECORDS[0], MOCK_RECORDS[2]], self.lookup.run(None, collection_id=MOCK_COLLECTION_ID)[0]) | ||||
| 
 | ||||
|     @patch('ansible_collections.community.general.plugins.lookup.bitwarden._bitwarden', new=MockBitwarden()) | ||||
|     def test_bitwarden_plugin_full_organization(self): | ||||
|         self.assertEqual([MOCK_RECORDS[0], MOCK_RECORDS[2], MOCK_RECORDS[3]], | ||||
|                          self.lookup.run(None, organization_id=MOCK_ORGANIZATION_ID)[0]) | ||||
| 
 | ||||
|     @patch('ansible_collections.community.general.plugins.lookup.bitwarden._bitwarden', new=MockBitwarden()) | ||||
|     def test_bitwarden_plugin_filter_organization(self): | ||||
|         self.assertEqual([MOCK_RECORDS[2]], | ||||
|                          self.lookup.run(['dupe_name'], organization_id=MOCK_ORGANIZATION_ID)[0]) | ||||
| 
 | ||||
|     @patch('ansible_collections.community.general.plugins.lookup.bitwarden._bitwarden', new=MockBitwarden()) | ||||
|     def test_bitwarden_plugin_full_collection_organization(self): | ||||
|         self.assertEqual([MOCK_RECORDS[0], MOCK_RECORDS[2]], self.lookup.run(None, | ||||
|                          collection_id=MOCK_COLLECTION_ID, organization_id=MOCK_ORGANIZATION_ID)[0]) | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue