terraform-provider-onepassword
terraform-provider-onepassword copied to clipboard
anasinnyk
Usage examples for data onepassword_item_common to get fields from the item
I've been testing this out to retrieve the fields from data "onepassword_item_common" so that I could then take those fields and use in a k8s secret resource. From what I gather, it can only return the ID (UUID) of the item in the vault, not the entire record with all the fields within that item, is that correct?
Hi @anasinnyk
After going through the code, I found that I could use .result to return the data, however the Database template does not return the correct label information in the output. The reason looks like the TypeSex (for Identity) is using the menu field, but database template also uses that field with several options for accepted values (I tried writing some up but my GO skills are not great).
"db2",
"filemaker",
"msaccess",
"mssql",
"mysql",
"oracle",
"postgresql",
"sqlite",
"other",
Database category might be worth having its own Data and Resource items with attribute outputs? The .result returned data that I couldn't parse to get the fields in a nice output that I could pipe into k8s secret.
Any update on this for examples? I have a login item with some sections and fields. I'd like to be able to grab the string value from a field. This is the value of the login item:
{
"id" = "my_id"
"name" = "my_name"
"notes" = ""
"section" = [
{
"field" = []
"name" = "Related Items"
},
{
"field" = [
{
"address" = {}
"card_type" = ""
"concealed" = ""
"date" = 0
"email" = ""
"month_year" = 0
"name" = "my_string_name"
"phone" = ""
"reference" = ""
"sex" = ""
"string" = "my_string_value"
"totp" = ""
"url" = ""
},
]
"name" = "my_section_name"
},
]
"tags" = []
"url" = ""
"vault" = "some_id"
}
How do I get the string value of my_string_name in section my_section_name?
I was able to get the value I wanted with this but it seems way overly complicated for the task:
value = [for field in [for section in data.onepassword_item_login.workstation.section : section if section["name"] == "my_section_name"][0].field : field if field["name"] == "my_string_name"][0]["string"]
That outputs the value my_string_value which is my end goal. However I imagine it must be possibly to just say I want the value from mylogin's mysection's myfield. If I was using Ansible's 1Password lookup, I would just need to specify the 1Password item, section and field to get the value.
I must be missing something.
I am using the index list function to find relevant items from the section and field lists like below:
# assumign the following providers are setup:
# - onepassword
# - vault
data "onepassword_item_common" "github_app" {
name = "GitHub App Secrets"
}
locals {
relevant_section = data.onepassword_item_common.kodiak.section[index(data.onepassword_item_common.github_app.section.*.name, "")]
github_app_id_field = local.relevant_section.field[index(local.relevant_section.field.*.name, "App ID")]
secret_key_field = local.relevant_section.field[index(local.relevant_section.field.*.name, "Webhook Secret")]
github_app_name_field = local.relevant_section.field[index(local.relevant_section.field.*.name, "GitHub App name")]
}
data "onepassword_item_document" "github_app_pem" {
name = "GitHub App Secrets - XYZ.private-key.pem"
}
resource "vault_generic_secret" "github_app" {
path = "${vault_mount.generic.path}/github_app"
data_json = jsonencode({
github_app_id: local.github_app_id_field.string,
secret_key: local.github_app_id_field.concealed,
github_app_name: local.github_app_id_field.string,
github_private_key: data.onepassword_item_document.github_app_pem.content,
})
}
In effect this is pretty much the same as the solution @chrisbalmer suggested, but for me the use of dedicated local vars in conjunciton with the index function is easier to read and explain than the mix of nested for loops and if statements (for someone used to python that story might be different ;))
