ansible-onepasswordconnect-collection icon indicating copy to clipboard operation
ansible-onepasswordconnect-collection copied to clipboard

Published 20 hours ago verified publisher icon 1Password

Lookup plugin

Open mnaser opened this issue 3 years ago • 8 comments

Summary

Collection does not have a lookup module, making it very hard to use it inside things like group_vars.

Use cases

It's much more useful to be able to put things inside group vars using a lookup module than having a whole module call to make these, also, it allows you to retrieve the secret from the running host.

Proposed solution

An Ansible lookup module :)

Is there a workaround to accomplish this today?

Not really, working with a large number of secrets makes this very hard.

References & Prior Work

mnaser avatar Jul 25 '22 21:07 mnaser

There's community.general.onepassword_lookup

azrdev avatar Nov 03 '22 09:11 azrdev

this doesnt work with the 1password connect I believe.

mnaser avatar Nov 03 '22 14:11 mnaser

according to https://developer.1password.com/docs/connect/connect-cli the oc CLI can also talk to 1pw connect, and since the onepassword_lookup plugin is only a wrapper around oc it should work then too. Or am I mistaken?

azrdev avatar Nov 17 '22 10:11 azrdev

according to https://developer.1password.com/docs/connect/connect-cli the oc CLI can also talk to 1pw connect, and since the onepassword_lookup plugin is only a wrapper around oc it should work then too. Or am I mistaken?

Nevertheless, a native way without the need for any external dependency is very handy, especially when it comes to AWX or CI/CD-driven playbook execution

thewilli avatar May 16 '23 15:05 thewilli

While community.general.onepassword works fine with the op binary, I think an official solution that would not require the op binary but simply work by using the REST API of the connect server is more desirable. Especially since the collection is also published as a certified collection at Red Hat; I am sure customers will appreciate it 🙂.

I gave it a try to implement a lookup plugin for this collection today, but unfortunately, the code is very tailored around module usage. I think the majority of the current API class implementation would need to be refactored with lookup plugin usage in mind as lookup plugins work differently.

To the maintainers: Is this something you'd like to entertain? I am talking about a refactoring that adds the possibility to also work for a lookup plugin. If so, I might give it a shot. I am asking just because I don't want to make the effort and then ultimately the PR gets never touched or declined.

sscheib avatar Jun 08 '24 21:06 sscheib