Unify bitwarden plugin family + unit tests#265
Merged
Conversation
Bring the bitwarden lookup, module and module_util to the standard plugin style (header, f-strings, single quotes, modern ansible.module_utils.common.text.converters) without changing behavior. Safe fixes only: - fix the lookup DOCUMENTATION so ansible-doc renders it again - module: fail_json(msg=...) instead of positional, drop dead try/except - module_util: drop the (object) base, correct get_item_by_id docstring, nosec the /tmp cache fallback and the charset default (false positives) - remove the dead commented example block from the lookup Behaviour-changing bugs (check_mode mutation, None-password overwrite, get_item_by_id returns-or-raises contract) are intentionally left for separate, individually tested fixes. Add unit tests for the family plus tests/conftest.py, which makes this checkout importable as ansible_collections.linuxfabrik.lfops so module/lookup tests resolve their collection imports under pytest/tox. Exclude tests/ from bandit (fixture passwords are expected).
ebuerki-lf
pushed a commit
that referenced
this pull request
May 26, 2026
Bring the bitwarden lookup, module and module_util to the standard plugin style (header, f-strings, single quotes, modern ansible.module_utils.common.text.converters) without changing behavior. Safe fixes only: - fix the lookup DOCUMENTATION so ansible-doc renders it again - module: fail_json(msg=...) instead of positional, drop dead try/except - module_util: drop the (object) base, correct get_item_by_id docstring, nosec the /tmp cache fallback and the charset default (false positives) - remove the dead commented example block from the lookup Behaviour-changing bugs (check_mode mutation, None-password overwrite, get_item_by_id returns-or-raises contract) are intentionally left for separate, individually tested fixes. Add unit tests for the family plus tests/conftest.py, which makes this checkout importable as ansible_collections.linuxfabrik.lfops so module/lookup tests resolve their collection imports under pytest/tox. Exclude tests/ from bandit (fixture passwords are expected).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Phase 3 of the plugin unification effort: the bitwarden family (lookup, module, module_util). Vendored plugins remain untouched.
Style unification (no behavior change)
from __future__+__metaclass__, single quotes, f-strings throughout (replacing%and.format()).module_utils/bitwarden.py: modernansible.module_utils.common.text.convertersinstead of the deprecated_text, drop the(object)base class.Safe fixes
ansible-doc -t lookup linuxfabrik.lfops.bitwarden_itemrenders again (adescriptionbullet contained a colon that YAML parsed as a mapping; pre-existing onmain).fail_json(msg=...)instead of positional first arg; replace atry/except IndexErrorwith an explicit check.get_item_by_iddocstring;# nosecon the/tmpcache fallback (files are created viamkstempmode 0600 + atomic replace) and the password charset default (it is an alphabet, not a password).Deliberately deferred (separate, individually tested PRs)
--check.Nonepassword overwrites an existing password.get_item_by_idreturns-or-raises contract mismatch with the lookup.Tests
tests/unit/plugins/module_utils/test_bitwarden.py(generate, get_pretty_name, _api_call success/failure/HTTP-error/bad-JSON, get_items filtering).tests/unit/plugins/modules/test_bitwarden_item.py(diff_and_update).tests/unit/plugins/lookup/test_bitwarden_item.py(run paths, multiple-match error, lookup-by-id).tests/conftest.pymakes this checkout importable asansible_collections.linuxfabrik.lfops, so module/lookup tests resolve their collection imports under plain pytest/tox.--import-mode=importliballows same-named test files across plugin-type dirs. bandit no longer scanstests/(fixture passwords are expected).Validation
ansible-docrenders both the lookup and the module.CONTRIBUTING
Documents the canonical plugin header and the conftest collection-import mechanism for tests.
Next: uptimerobot family (Phase 4), then nextcloud/sqlite/gpg_key/ipa_diff (Phase 5). A small separate PR will fix the remaining
ansible-docrendering bugs (nextcloud_occ_app_config/system_config, uptimerobot_monitor/psp) and add a regression guard.