mfominov/bitwarden.py

## bitwarden.py
# python 3 headers, required if submitting to Ansible
from __future__ import absolute_import, division, print_function

__metaclass__ = type

DOCUMENTATION = """
lookup: bitwarden
author: Maksim Fominov <maxfominov@gmail.com>
version_added: "1.0"
short_description: fast lookup of secrets stored in bitwarden
description:
  - This plugin uses the bitwardentools python module
requirements:
  - pip module bitwardentools
  - for MacOS export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES due to https://github.com/ansible/ansible/issues/31869
options:
  _secret:
    description: name of the cipher to retrieve
    required: True
  organization:
    description: name of organization
    required: True
  collection:
    description: name of collection
    required: True
  username:
    description: user email fot login
    required: True
  password:
    description: user password
    required: True
  api_url:
    description: url of Vaultwarden instance
    required: True
  field:
    description: the name of the field to be retrieven
      (name, username, password, notes, uri or any custom field)
    default: password
    required: False
"""

EXAMPLES = """
- name: get 'password'
  debug:
    msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION',
      username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
- name: get 'password'
  debug:
    msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION', field='password',
      username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
- name: get 'username'
  debug:
    msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION', field='username',
      username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
- name: get 'custom_field'
  debug:
    msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION', field='custom_field',
      username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
"""

from ansible.errors import AnsibleError, AnsibleParserError
from ansible.plugins.lookup import LookupBase
from ansible.utils.display import Display
from bitwardentools import crypto as bwcrypto
from bitwardentools import client as bwclient

display = Display()


class LookupModule(LookupBase):
    def run(self, secrets, **kwargs):
        ret = []
        try:
            client = bwclient.Client(
                email=kwargs.get("username"),
                password=kwargs.get("password"),
                server=kwargs.get("api_url"),
            )
            client.sync()
            orga = client.get_organization(kwargs.get("organization"))
            col = client.get_collection(kwargs.get("collection"), orga=orga)
            field = kwargs.get("field", "password")
            for secret in secrets:
                cipher_list = client.get_cipher(
                    secret, collection=col, orga=orga, as_list=True, sync=True
                )
                cipher = list(cipher_list)[0].data

                custom_fields = {}
                if cipher["fields"] != None:
                    for i in cipher["fields"]:
                        custom_fields.update({i["name"]: i["value"]})
                if field not in cipher:
                    result = custom_fields[field]
                else:
                    result = cipher.get(field)

                if result:
                    ret.append(result)
                else:
                    raise AnsibleError("could not find field: %s" % field)
        except SystemExit as e:
            raise AnsibleError(e.code)
        except AnsibleParserError:
            raise AnsibleError("could not locate secret: %s" % secrets)

        return ret
	# python 3 headers, required if submitting to Ansible
	from __future__ import absolute_import, division, print_function

	__metaclass__ = type

	DOCUMENTATION = """
	lookup: bitwarden
	author: Maksim Fominov <maxfominov@gmail.com>
	version_added: "1.0"
	short_description: fast lookup of secrets stored in bitwarden
	description:
	- This plugin uses the bitwardentools python module
	requirements:
	- pip module bitwardentools
	- for MacOS export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES due to https://github.com/ansible/ansible/issues/31869
	options:
	_secret:
	description: name of the cipher to retrieve
	required: True
	organization:
	description: name of organization
	required: True
	collection:
	description: name of collection
	required: True
	username:
	description: user email fot login
	required: True
	password:
	description: user password
	required: True
	api_url:
	description: url of Vaultwarden instance
	required: True
	field:
	description: the name of the field to be retrieven
	(name, username, password, notes, uri or any custom field)
	default: password
	required: False
	"""

	EXAMPLES = """
	- name: get 'password'
	debug:
	msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION',
	username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
	- name: get 'password'
	debug:
	msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION', field='password',
	username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
	- name: get 'username'
	debug:
	msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION', field='username',
	username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
	- name: get 'custom_field'
	debug:
	msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION', field='custom_field',
	username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
	"""

	from ansible.errors import AnsibleError, AnsibleParserError
	from ansible.plugins.lookup import LookupBase
	from ansible.utils.display import Display
	from bitwardentools import crypto as bwcrypto
	from bitwardentools import client as bwclient

	display = Display()


	class LookupModule(LookupBase):
	def run(self, secrets, **kwargs):
	ret = []
	try:
	client = bwclient.Client(
	email=kwargs.get("username"),
	password=kwargs.get("password"),
	server=kwargs.get("api_url"),
	)
	client.sync()
	orga = client.get_organization(kwargs.get("organization"))
	col = client.get_collection(kwargs.get("collection"), orga=orga)
	field = kwargs.get("field", "password")
	for secret in secrets:
	cipher_list = client.get_cipher(
	secret, collection=col, orga=orga, as_list=True, sync=True
	)
	cipher = list(cipher_list)[0].data

	custom_fields = {}
	if cipher["fields"] != None:
	for i in cipher["fields"]:
	custom_fields.update({i["name"]: i["value"]})
	if field not in cipher:
	result = custom_fields[field]
	else:
	result = cipher.get(field)

	if result:
	ret.append(result)
	else:
	raise AnsibleError("could not find field: %s" % field)
	except SystemExit as e:
	raise AnsibleError(e.code)
	except AnsibleParserError:
	raise AnsibleError("could not locate secret: %s" % secrets)

	return ret