|
|
@ -1,22 +1,24 @@
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# (c) 2018, Scott Buchanan <sbuchanan@ri.pn>
|
|
|
|
# Copyright: (c) 2018, Scott Buchanan <sbuchanan@ri.pn>
|
|
|
|
# (c) 2016, Andrew Zenk <azenk@umn.edu> (lastpass.py used as starting point)
|
|
|
|
# Copyright: (c) 2016, Andrew Zenk <azenk@umn.edu> (lastpass.py used as starting point)
|
|
|
|
# (c) 2018, Ansible Project
|
|
|
|
# Copyright: (c) 2018, Ansible Project
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
|
|
|
|
|
|
|
|
from __future__ import (absolute_import, division, print_function)
|
|
|
|
from __future__ import (absolute_import, division, print_function)
|
|
|
|
__metaclass__ = type
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
|
|
|
|
|
|
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
|
|
|
ANSIBLE_METADATA = {
|
|
|
|
|
|
|
|
'metadata_version': '1.1',
|
|
|
|
'status': ['preview'],
|
|
|
|
'status': ['preview'],
|
|
|
|
'supported_by': 'community'}
|
|
|
|
'supported_by': 'community'
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
DOCUMENTATION = """
|
|
|
|
DOCUMENTATION = """
|
|
|
|
lookup: onepassword
|
|
|
|
lookup: onepassword
|
|
|
|
author:
|
|
|
|
author:
|
|
|
|
- Scott Buchanan <sbuchanan@ri.pn>
|
|
|
|
- Scott Buchanan (@scottsb)
|
|
|
|
- Andrew Zenk <azenk@umn.edu>
|
|
|
|
- Andrew Zenk (@azenk)
|
|
|
|
- Sam Doran<sdoran@redhat.com>
|
|
|
|
- Sam Doran (@samdoran)
|
|
|
|
version_added: "2.6"
|
|
|
|
version_added: "2.6"
|
|
|
|
requirements:
|
|
|
|
requirements:
|
|
|
|
- C(op) 1Password command line utility. See U(https://support.1password.com/command-line/)
|
|
|
|
- C(op) 1Password command line utility. See U(https://support.1password.com/command-line/)
|
|
|
@ -25,10 +27,10 @@ DOCUMENTATION = """
|
|
|
|
- C(onepassword) wraps the C(op) command line utility to fetch specific field values from 1Password.
|
|
|
|
- C(onepassword) wraps the C(op) command line utility to fetch specific field values from 1Password.
|
|
|
|
options:
|
|
|
|
options:
|
|
|
|
_terms:
|
|
|
|
_terms:
|
|
|
|
description: identifier(s) (UUID, name, or subdomain; case-insensitive) of item(s) to retrieve
|
|
|
|
description: identifier(s) (UUID, name, or subdomain; case-insensitive) of item(s) to retrieve.
|
|
|
|
required: True
|
|
|
|
required: True
|
|
|
|
field:
|
|
|
|
field:
|
|
|
|
description: field to return from each matching item (case-insensitive)
|
|
|
|
description: field to return from each matching item (case-insensitive).
|
|
|
|
default: 'password'
|
|
|
|
default: 'password'
|
|
|
|
master_password:
|
|
|
|
master_password:
|
|
|
|
description: The password used to unlock the specified vault.
|
|
|
|
description: The password used to unlock the specified vault.
|
|
|
@ -49,14 +51,14 @@ DOCUMENTATION = """
|
|
|
|
description: The secret key used when performing an initial sign in.
|
|
|
|
description: The secret key used when performing an initial sign in.
|
|
|
|
version_added: '2.7'
|
|
|
|
version_added: '2.7'
|
|
|
|
vault:
|
|
|
|
vault:
|
|
|
|
description: Vault containing the item to retrieve (case-insensitive). If absent will search all vaults
|
|
|
|
description: Vault containing the item to retrieve (case-insensitive). If absent will search all vaults.
|
|
|
|
default: None
|
|
|
|
default: None
|
|
|
|
notes:
|
|
|
|
notes:
|
|
|
|
- This lookup will use an existing 1Password session if one exists. If not, and you have already
|
|
|
|
- This lookup will use an existing 1Password session if one exists. If not, and you have already
|
|
|
|
performed an initial sign in (meaning C(~/.op/config exists)), then only the C(master_password) is required.
|
|
|
|
performed an initial sign in (meaning C(~/.op/config exists)), then only the C(master_password) is required.
|
|
|
|
You may optionally specify C(subdomain) in this scenario, otherwise the last used subdomain will be used by C(op).
|
|
|
|
You may optionally specify C(subdomain) in this scenario, otherwise the last used subdomain will be used by C(op).
|
|
|
|
- This lookup can perform an initial login by providing C(subdomain), C(username), C(secret_key), and C(master_password).
|
|
|
|
- This lookup can perform an initial login by providing C(subdomain), C(username), C(secret_key), and C(master_password).
|
|
|
|
- Due to the B(very) sensitive nature of these credentials, it is B(highly) recommeneded that you only pass in the minial credentials
|
|
|
|
- Due to the B(very) sensitive nature of these credentials, it is B(highly) recommended that you only pass in the minimal credentials
|
|
|
|
needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or greater in strength
|
|
|
|
needed at any given time. Also, store these credentials in an Ansible Vault using a key that is equal to or greater in strength
|
|
|
|
to the 1Password master password.
|
|
|
|
to the 1Password master password.
|
|
|
|
- This lookup stores potentially sensitive data from 1Password as Ansible facts.
|
|
|
|
- This lookup stores potentially sensitive data from 1Password as Ansible facts.
|
|
|
|