feat: Add onepasswordRead template function

twpayne · Jul 28, 2022 · 4dfd206 · 4dfd206
1 parent ebeb8df
commit 4dfd206
Show file tree

Hide file tree

Showing 6 changed files with 83 additions and 6 deletions.
diff --git a/assets/chezmoi.io/docs/reference/templates/1password-functions/onepasswordRead.md b/assets/chezmoi.io/docs/reference/templates/1password-functions/onepasswordRead.md
@@ -0,0 +1,24 @@
+# `onepasswordRead` *url* [*account*]
+
+`onepasswordRead` returns data from [1Password](https://1password.com/) using
+the [1Password
+CLI](https://support.1password.com/command-line-getting-started/) (`op`). *url*
+is passed to `op read $URL`. If *account* is specified, the extra arguments
+`--account $ACCOUNT` are passed to `op`.
+
+If there is no valid session in the environment, by default you will be
+interactively prompted to sign in.
+
+!!! example
+
+    The result of
+
+    ```
+    {{ onepasswordRead "op://vault/item/field" }}
+    ```
+
+    is equivalent to calling
+
+    ```console
+    $ op read op://vault/item/field
+    ```
diff --git a/assets/chezmoi.io/docs/user-guide/password-managers/1password.md b/assets/chezmoi.io/docs/user-guide/password-managers/1password.md
@@ -27,6 +27,25 @@ This is not necessary if you are using biometric authentication.
     $ eval $(op signin $SUBDOMAIN.1password.com $EMAIL)
     ```
 
+The output of `op read $URL` is available as the `onepasswordRead` template
+function, for example:
+
+```
+{{ onepasswordRead "op://app-prod/db/password" }}
+```
+
+returns the output of
+
+```console
+$ op read op://app-prod/db/password
+```
+
+Documents can be retrieved with:
+
+```
+{{- onepasswordDocument "$UUID" -}}
+```
+
 The output of `op item get $UUID--format json` (`op get item $UUID`) is
 available as the `onepassword` template function. chezmoi parses the JSON output
 and returns it as structured data. For example, if the output is:
@@ -144,12 +163,6 @@ in 1Password have item fields. This can be tested with:
 $ chezmoi execute-template "{{ onepasswordItemFields \"$UUID\" | toJson }}" | jq .
 ```
 
-Documents can be retrieved with:
-
-```
-{{- onepasswordDocument "$UUID" -}}
-```
-
 !!! note
 
     The extra `-` after the opening `{{` and before the closing `}}` instructs

diff --git a/assets/chezmoi.io/mkdocs.yml b/assets/chezmoi.io/mkdocs.yml
@@ -205,6 +205,7 @@ nav:
       - onepasswordDocument: reference/templates/1password-functions/onepasswordDocument.md
       - onepasswordDetailsFields: reference/templates/1password-functions/onepasswordDetailsFields.md
       - onepasswordItemFields: reference/templates/1password-functions/onepasswordItemFields.md
+      - onepasswordRead: reference/templates/1password-functions/onepasswordRead.md
     - AWS Secrets Manager functions:
       - reference/templates/aws-secrets-manager-functions/index.md
       - awsSecretsManager: reference/templates/aws-secrets-manager-functions/awsSecretsManager.md

diff --git a/pkg/cmd/config.go b/pkg/cmd/config.go
@@ -463,6 +463,7 @@ func newConfig(options ...configOption) (*Config, error) {
 		"onepasswordDetailsFields": c.onepasswordDetailsFieldsTemplateFunc,
 		"onepasswordDocument":      c.onepasswordDocumentTemplateFunc,
 		"onepasswordItemFields":    c.onepasswordItemFieldsTemplateFunc,
+		"onepasswordRead":          c.onepasswordReadTemplateFunc,
 		"output":                   c.outputTemplateFunc,
 		"pass":                     c.passTemplateFunc,
 		"passFields":               c.passFieldsTemplateFunc,

diff --git a/pkg/cmd/onepasswordtemplatefuncs.go b/pkg/cmd/onepasswordtemplatefuncs.go
@@ -358,6 +358,26 @@ func (c *Config) onepasswordOutput(args *onepasswordArgs, withSessionToken withS
 	return output, nil
 }
 
+func (c *Config) onepasswordReadTemplateFunc(url string, args ...string) string {
+	onepasswordArgs := &onepasswordArgs{
+		args: []string{"read", url},
+	}
+	switch len(args) {
+	case 0:
+		// Do nothing.
+	case 1:
+		onepasswordArgs.args = append(onepasswordArgs.args, "--account", args[0])
+	default:
+		panic(fmt.Errorf("expected 1 or 2 arguments, got %d", len(args)))
+	}
+
+	output, err := c.onepasswordOutput(onepasswordArgs, withSessionToken)
+	if err != nil {
+		panic(err)
+	}
+	return string(output)
+}
+
 func (c *Config) onepasswordVersion() (*semver.Version, error) {
 	if c.Onepassword.version != nil || c.Onepassword.versionErr != nil {
 		return c.Onepassword.version, c.Onepassword.versionErr

diff --git a/pkg/cmd/testdata/scripts/onepassword.txt b/pkg/cmd/testdata/scripts/onepassword.txt
@@ -21,6 +21,14 @@ stdout '^L8rm1JXJIE1b8YUDWq7h$'
 chezmoi execute-template '{{ (onepasswordItemFields "ExampleLogin").exampleLabel.v }}'
 stdout exampleValue
 
+# test onepasswordRead template function
+chezmoi execute-template '{{ onepasswordRead "op://vault/item/field" }}'
+stdout exampleField
+
+# test onepasswordRead template function with account
+chezmoi execute-template '{{ onepasswordRead "op://vault/item/field" "account" }}'
+stdout exampleAccountField
+
 -- bin/op --
 #!/bin/sh
 
@@ -31,6 +39,12 @@ case "$*" in
 "get item ExampleLogin" | "get item ExampleLogin --vault vault --account account" | "--session thisIsAFakeSessionToken get item ExampleLogin" | "--session thisIsAFakeSessionToken get item ExampleLogin --vault vault --account account" | "--session thisIsAFakeSessionToken get item ExampleLogin --account account")
     echo '{"uuid":"wxcplh5udshnonkzg2n4qx262y","templateUuid":"001","trashed":"N","createdAt":"2020-07-28T13:44:57Z","updatedAt":"2020-07-28T14:27:46Z","changerUuid":"VBDXOA4MPVHONK5IIJVKUQGLXM","itemVersion":2,"vaultUuid":"tscpxgi6s7c662jtqn3vmw4n5a","details":{"fields":[{"designation":"username","name":"username","type":"T","value":"exampleuser"},{"designation":"password","name":"password","type":"P","value":"L8rm1JXJIE1b8YUDWq7h"}],"notesPlain":"","passwordHistory":[],"sections":[{"name":"linked items","title":"Related Items"},{"fields":[{"k":"string","n":"D4328E0846D2461E8E455D7A07B93397","t":"exampleLabel","v":"exampleValue"}],"name":"Section_20E0BD380789477D8904F830BFE8A121","title":""}]},"overview":{"URLs":[{"l":"website","u":"https://www.example.com/"}],"ainfo":"exampleuser","pbe":119.083926,"pgrng":true,"ps":100,"tags":[],"title":"ExampleLogin","url":"https://www.example.com/"}}'
     ;;
+"--session thisIsAFakeSessionToken read op://vault/item/field")
+    echo 'exampleField'
+    ;;
+"--session thisIsAFakeSessionToken read op://vault/item/field --account account")
+    echo 'exampleAccountField'
+    ;;
 "signin --raw" | "signin account --raw")
     echo 'thisIsAFakeSessionToken'
     ;;
@@ -54,6 +68,10 @@ IF "%*" == "--version" (
     echo.{"uuid":"wxcplh5udshnonkzg2n4qx262y","templateUuid":"001","trashed":"N","createdAt":"2020-07-28T13:44:57Z","updatedAt":"2020-07-28T14:27:46Z","changerUuid":"VBDXOA4MPVHONK5IIJVKUQGLXM","itemVersion":2,"vaultUuid":"tscpxgi6s7c662jtqn3vmw4n5a","details":{"fields":[{"designation":"username","name":"username","type":"T","value":"exampleuser"},{"designation":"password","name":"password","type":"P","value":"L8rm1JXJIE1b8YUDWq7h"}],"notesPlain":"","passwordHistory":[],"sections":[{"name":"linked items","title":"Related Items"},{"fields":[{"k":"string","n":"D4328E0846D2461E8E455D7A07B93397","t":"exampleLabel","v":"exampleValue"}],"name":"Section_20E0BD380789477D8904F830BFE8A121","title":""}]},"overview":{"URLs":[{"l":"website","u":"https://www.example.com/"}],"ainfo":"exampleuser","pbe":119.083926,"pgrng":true,"ps":100,"tags":[],"title":"ExampleLogin","url":"https://www.example.com/"}}
 ) ELSE IF "%*" == "--session thisIsAFakeSessionToken get item ExampleLogin --account account" (
     echo.{"uuid":"wxcplh5udshnonkzg2n4qx262y","templateUuid":"001","trashed":"N","createdAt":"2020-07-28T13:44:57Z","updatedAt":"2020-07-28T14:27:46Z","changerUuid":"VBDXOA4MPVHONK5IIJVKUQGLXM","itemVersion":2,"vaultUuid":"tscpxgi6s7c662jtqn3vmw4n5a","details":{"fields":[{"designation":"username","name":"username","type":"T","value":"exampleuser"},{"designation":"password","name":"password","type":"P","value":"L8rm1JXJIE1b8YUDWq7h"}],"notesPlain":"","passwordHistory":[],"sections":[{"name":"linked items","title":"Related Items"},{"fields":[{"k":"string","n":"D4328E0846D2461E8E455D7A07B93397","t":"exampleLabel","v":"exampleValue"}],"name":"Section_20E0BD380789477D8904F830BFE8A121","title":""}]},"overview":{"URLs":[{"l":"website","u":"https://www.example.com/"}],"ainfo":"exampleuser","pbe":119.083926,"pgrng":true,"ps":100,"tags":[],"title":"ExampleLogin","url":"https://www.example.com/"}}
+) ELSE IF "%*" == "--session thisIsAFakeSessionToken read op://vault/item/field" (
+    echo.exampleField
+) ELSE IF "%*" == "--session thisIsAFakeSessionToken read op://vault/item/field --account account" (
+    echo.exampleAccountField
 ) ELSE IF "%*" == "signin --raw" (
     echo thisIsAFakeSessionToken
 ) ELSE IF "%*" == "signin account --raw" (