Onepassword lookup add service accounts #6660
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ount token is set
ansibullbot
added
feature
felixfontein
added
check-before-release
There was a problem hiding this comment.
Thanks for your contribution! Can you please add a changelog fragment? Thanks.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
ansibullbot
added
needs_revision
|
/rebuild |
This comment was marked as outdated.
This comment was marked as outdated.
ansibullbot
added
the
needs_revision
ansibullbot
removed
the
needs_revision
ansibullbot
added
needs_ci
|
@samdoran i hope i fixed all your comments please ping me if i missed one. |
Co-authored-by: Felix Fontein <felix@fontein.de>
|
@jansagurna There are a few minor ones. The main thing that should still be addressed is the changes to # Something like this
if not self.service_account_token:
self._check_required_params(['some', 'params']) |
|
@samdoran i removed the check directly from the _check_required_params and added a check before try to login. is this fine for you? |
|
are we good here? or do you need any assistance? |
samdoran
suggested changes
Jun 14, 2023
plugins/lookup/onepassword.py
Outdated
Comment on lines
517
to
518
| if self.service_account_token: | ||
| self._check_required_params(['service_account_token']) |
There was a problem hiding this comment.
The service_account_token attribute can only be set if it was passed as a parameter, so it's not necessary to check for only that parameter in a separate call.
Reading through this more, this method shouldn't be called at all if service_account_token was passed to the lookup. It will either appear to be logged in already or fail before it gets here (if the changes in my other suggestion are made).
All the changes to this method can be removed.
There was a problem hiding this comment.
removed the self._check_required_params(['service_account_token'])
ansibullbot
added
the
needs_revision
Co-authored-by: Sam Doran <github@samdoran.com>
Co-authored-by: Sam Doran <github@samdoran.com>
ansibullbot
removed
the
needs_revision
samdoran
suggested changes
Jun 14, 2023
plugins/lookup/onepassword.py
Outdated
Comment on lines
516
to
523
| if self.service_account_token: | ||
| environment_update = {"OP_SERVICE_ACCOUNT_TOKEN": self.service_account_token} | ||
| args = [ | ||
| "whoami", | ||
| ] | ||
|
|
||
| args = [ | ||
| "account", "add", "--raw", | ||
| "--address", "{0}.{1}".format(self.subdomain, self.domain), | ||
| "--email", to_bytes(self.username), | ||
| "--signin", | ||
| ] | ||
| return self._run(args, environment_update=environment_update) | ||
| else: |
There was a problem hiding this comment.
These changes aren't needed since full_signin will be skipped if there is service token. If there is a problem with the service token, the lookup will exit before getting here.
Co-authored-by: Sam Doran <github@samdoran.com>
samdoran
approved these changes
Jun 15, 2023
|
shipit |
Backport to stable-7: 💚 backport PR created✅ Backport PR branch: Backported as #6710 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Jun 15, 2023
* add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557)
|
@Domi-cc @jansagurna thanks a lot for working on this! |
felixfontein
removed
the
check-before-release
felixfontein
pushed a commit
that referenced
this pull request
Jun 15, 2023
… accounts (#6710) Onepassword lookup add service accounts (#6660) * add service account token and bypass required fields when service account token is set * add token to base class * add Info * add service_account_token * add service_account_token * add documentation * add service_account_token * fix E111: indentation is not a multiple of 4 * fix lint problems * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/onepassword_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog fragment * change type service_account_token to align to domain option * add fragment value * Update changelogs/fragments/6660-onepassword-lookup-service-account.yaml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/onepassword.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove service_account_token from onepassword_info.py * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust V1 to raise error if service_account_token is set * adjust if assert_logged_in * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove double return * remove new line * remove new line * remove new line * remove spaces * remove new line * remove spaces * Update plugins/lookup/onepassword_raw.py Co-authored-by: Felix Fontein <felix@fontein.de> * add _check_required_params * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove _check_required_params * remove spaces * Update plugins/lookup/onepassword.py Co-authored-by: Sam Doran <github@samdoran.com> * remove code --------- Co-authored-by: Jan Sagurna <jan.sagurna@sag-solutions.com> Co-authored-by: Jan Sagurna <58932831+jansagurna@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Sam Doran <github@samdoran.com> (cherry picked from commit 473e557) Co-authored-by: Dominik Haßelkuss <Domi-cc@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
add new service_account_token for onepassword lookup
Fixes #6635
minor_changes:
service_account_tokenparameters for supporting 1password service accountsISSUE TYPE
COMPONENT NAME
onepassword
ADDITIONAL INFORMATION