-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Onepassword lookup add service accounts #6660
Onepassword lookup add service accounts #6660
Conversation
…ount token is set
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your contribution! Can you please add a changelog fragment? Thanks.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
/rebuild |
This comment was marked as outdated.
This comment was marked as outdated.
@samdoran i hope i fixed all your comments please ping me if i missed one. |
Co-authored-by: Felix Fontein <felix@fontein.de>
@jansagurna There are a few minor ones. The main thing that should still be addressed is the changes to # Something like this
if not self.service_account_token:
self._check_required_params(['some', 'params']) |
@samdoran i removed the check directly from the _check_required_params and added a check before try to login. is this fine for you? |
are we good here? or do you need any assistance? |
plugins/lookup/onepassword.py
Outdated
if self.service_account_token: | ||
self._check_required_params(['service_account_token']) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The service_account_token
attribute can only be set if it was passed as a parameter, so it's not necessary to check for only that parameter in a separate call.
Reading through this more, this method shouldn't be called at all if service_account_token
was passed to the lookup. It will either appear to be logged in already or fail before it gets here (if the changes in my other suggestion are made).
All the changes to this method can be removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed the self._check_required_params(['service_account_token'])
Co-authored-by: Sam Doran <github@samdoran.com>
Co-authored-by: Sam Doran <github@samdoran.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hopefully these are the last few changes. Thank you for all your work.
plugins/lookup/onepassword.py
Outdated
if self.service_account_token: | ||
environment_update = {"OP_SERVICE_ACCOUNT_TOKEN": self.service_account_token} | ||
args = [ | ||
"whoami", | ||
] | ||
|
||
args = [ | ||
"account", "add", "--raw", | ||
"--address", "{0}.{1}".format(self.subdomain, self.domain), | ||
"--email", to_bytes(self.username), | ||
"--signin", | ||
] | ||
return self._run(args, environment_update=environment_update) | ||
else: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These changes aren't needed since full_signin
will be skipped if there is service token. If there is a problem with the service token, the lookup will exit before getting here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed these changes.
Co-authored-by: Sam Doran <github@samdoran.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Look great. Thank you for your contribution.
shipit |
Backport to stable-7: 💚 backport PR created✅ Backport PR branch: Backported as #6710 🤖 @patchback |
* add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557)
@Domi-cc @jansagurna thanks a lot for working on this! |
… accounts (#6710) Onepassword lookup add service accounts (#6660) * add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557) Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
SUMMARY
add new service_account_token for onepassword lookup
Fixes #6635
minor_changes:
service_account_token
parameters for supporting 1password service accountsISSUE TYPE
COMPONENT NAME
onepassword
ADDITIONAL INFORMATION