Vautlwarden ansible lookup plugin

bitwarden.py

# python 3 headers, required if submitting to Ansible
from __future__ import absolute_import, division, print_function

__metaclass__ = type

DOCUMENTATION = """
lookup: bitwarden
author: Maksim Fominov <maxfominov@gmail.com>
version_added: "1.0"
short_description: fast lookup of secrets stored in bitwarden
description:
  - This plugin uses the bitwardentools python module
requirements:
  - pip module bitwardentools
  - for MacOS export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES due to https://github.com/ansible/ansible/issues/31869
options:
  _secret:
    description: name of the cipher to retrieve
    required: True
  organization:
    description: name of organization
    required: True
  collection:
    description: name of collection
    required: True
  username:
    description: user email fot login
    required: True
  password:
    description: user password
    required: True
  api_url:
    description: url of Vaultwarden instance
    required: True
  field:
    description: the name of the field to be retrieven
      (name, username, password, notes, uri or any custom field)
    default: password
    required: False
"""

EXAMPLES = """
- name: get 'password'
  debug:
    msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION',
      username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
- name: get 'password'
  debug:
    msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION', field='password',
      username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
- name: get 'username'
  debug:
    msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION', field='username',
      username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
- name: get 'custom_field'
  debug:
    msg: "{{ lookup('bitwarden', 'CIPHER', organization='BITWARDEN_ORGANIZATION', collection='BITWARDEN_COLLECTION', field='custom_field',
      username='EMAIL', password='PASSWORD', api_url='BITWARDEN_URL' }}"
"""

from ansible.errors import AnsibleError, AnsibleParserError
from ansible.plugins.lookup import LookupBase
from ansible.utils.display import Display
from bitwardentools import crypto as bwcrypto
from bitwardentools import client as bwclient

display = Display()


class LookupModule(LookupBase):
    def run(self, secrets, **kwargs):
        ret = []
        try:
            client = bwclient.Client(
                email=kwargs.get("username"),
                password=kwargs.get("password"),
                server=kwargs.get("api_url"),
            )
            client.sync()
            orga = client.get_organization(kwargs.get("organization"))
            col = client.get_collection(kwargs.get("collection"), orga=orga)
            field = kwargs.get("field", "password")
            for secret in secrets:
                cipher_list = client.get_cipher(
                    secret, collection=col, orga=orga, as_list=True, sync=True
                )
                cipher = list(cipher_list)[0].data

                custom_fields = {}
                if cipher["fields"] != None:
                    for i in cipher["fields"]:
                        custom_fields.update({i["name"]: i["value"]})
                if field not in cipher:
                    result = custom_fields[field]
                else:
                    result = cipher.get(field)

                if result:
                    ret.append(result)
                else:
                    raise AnsibleError("could not find field: %s" % field)
        except SystemExit as e:
            raise AnsibleError(e.code)
        except AnsibleParserError:
            raise AnsibleError("could not locate secret: %s" % secrets)

        return ret

@kaotika thx)