Add Support to Bitwarden Lookup for Custom Fields #5694
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds support to the Bitwarden lookup for retrieving values from custom fields, such as api keys.
ansibullbot
added
feature
Docs Build 📝Thank you for contribution!✨ The docsite for this PR is available for download as an artifact from this run: File changes:
Click to see the diff comparison.NOTE: only file modifications are shown here. New and deleted files are excluded. diff --git a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/ansible_galaxy_install_module.html b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/ansible_galaxy_install_module.html
index c5da720..7b59295 100644
--- a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/ansible_galaxy_install_module.html
+++ b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/ansible_galaxy_install_module.html
@@ -286,6 +286,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-a
<p class="admonition-title">Note</p>
<ul class="simple">
<li><p><strong>Ansible 2.9/2.10</strong>: The <code class="docutils literal notranslate"><span class="pre">ansible-galaxy</span></code> command changed significantly between Ansible 2.9 and ansible-base 2.10 (later ansible-core 2.11). See comments in the parameters.</p></li>
+<li><p>The module will try and run using the <code class="docutils literal notranslate"><span class="pre">C.UTF-8</span></code> locale. If that fails, it will try <code class="docutils literal notranslate"><span class="pre">en_US.UTF-8</span></code>. If that one also fails, the module will fail.</p></li>
</ul>
</div>
</section>
diff --git a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/bitwarden_lookup.html b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/bitwarden_lookup.html
index 7f61a3f..48dd7e7 100644
--- a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/bitwarden_lookup.html
+++ b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/bitwarden_lookup.html
@@ -233,6 +233,11 @@ see <a class="reference internal" href="#ansible-collections-community-general-b
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">>-</span><span class="w"></span>
<span class="w"> </span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">'community.general.bitwarden'</span><span class="o">,</span> <span class="s1">'a_test'</span><span class="o">)</span> <span class="cp">}}</span><span class="w"></span>
+
+<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="s">"Get</span><span class="nv"> </span><span class="s">custom</span><span class="nv"> </span><span class="s">field</span><span class="nv"> </span><span class="s">'api_key'</span><span class="nv"> </span><span class="s">from</span><span class="nv"> </span><span class="s">Bitwarden</span><span class="nv"> </span><span class="s">record</span><span class="nv"> </span><span class="s">named</span><span class="nv"> </span><span class="s">'a_test'"</span><span class="w"></span>
+<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span><span class="w"></span>
+<span class="w"> </span><span class="nt">msg</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">>-</span><span class="w"></span>
+<span class="w"> </span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">'community.general.bitwarden'</span><span class="o">,</span> <span class="s1">'a_test'</span><span class="o">,</span> <span class="nv">field</span><span class="o">=</span><span class="s1">'api_key'</span><span class="o">)</span> <span class="cp">}}</span><span class="w"></span>
</pre></div>
</div>
</section>
diff --git a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/github_release_module.html b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/github_release_module.html
index 869a423..b8eac4b 100644
--- a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/github_release_module.html
+++ b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/github_release_module.html
@@ -317,21 +317,10 @@ see <a class="reference internal" href="#ansible-collections-community-general-g
</thead>
<tbody>
<tr class="row-even"><td><div class="ansible-option-cell">
-<div class="ansibleOptionAnchor" id="return-create_release"></div><p class="ansible-option-title" id="ansible-collections-community-general-github-release-module-return-create-release"><strong>create_release</strong></p>
-<a class="ansibleOptionLink" href="#return-create_release" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<div class="ansibleOptionAnchor" id="return-tag"></div><p class="ansible-option-title" id="ansible-collections-community-general-github-release-module-return-tag"><strong>tag</strong></p>
+<a class="ansibleOptionLink" href="#return-tag" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
-<td><div class="ansible-option-cell"><p>Version of the created release</p>
-<p>For Ansible version 2.5 and later, if specified release version already exists, then State is unchanged</p>
-<p>For Ansible versions prior to 2.5, if specified release version already exists, then State is skipped</p>
-<p class="ansible-option-line"><span class="ansible-option-returned-bold">Returned:</span> success</p>
-<p class="ansible-option-line ansible-option-sample"><span class="ansible-option-sample-bold">Sample:</span> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"1.1.0"</span></code></p>
-</div></td>
-</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
-<div class="ansibleOptionAnchor" id="return-latest_release"></div><p class="ansible-option-title" id="ansible-collections-community-general-github-release-module-return-latest-release"><strong>latest_release</strong></p>
-<a class="ansibleOptionLink" href="#return-latest_release" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
-</div></td>
-<td><div class="ansible-option-cell"><p>Version of the latest release</p>
+<td><div class="ansible-option-cell"><p>Version of the created/latest release.</p>
<p class="ansible-option-line"><span class="ansible-option-returned-bold">Returned:</span> success</p>
<p class="ansible-option-line ansible-option-sample"><span class="ansible-option-sample-bold">Sample:</span> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"1.1.0"</span></code></p>
</div></td>
diff --git a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/manageiq_policies_module.html b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/manageiq_policies_module.html
index e44f0cf..185ca40 100644
--- a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/manageiq_policies_module.html
+++ b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/manageiq_policies_module.html
@@ -289,7 +289,7 @@ see <a class="reference internal" href="#ansible-collections-community-general-m
</div></td>
<td><div class="ansible-option-cell"><p><code class="docutils literal notranslate"><span class="pre">absent</span></code> - policy_profiles should not exist,</p>
<p><code class="docutils literal notranslate"><span class="pre">present</span></code> - policy_profiles should exist,</p>
-<p><code class="docutils literal notranslate"><span class="pre">list</span></code> - list current policy_profiles and policies.</p>
+<p><code class="docutils literal notranslate"><span class="pre">list</span></code> - list current policy_profiles and policies. This state is deprecated and will be removed 8.0.0. Please use the module <a class="reference internal" href="manageiq_policies_info_module.html#ansible-collections-community-general-manageiq-policies-info-module"><span class="std std-ref">community.general.manageiq_policies_info</span></a> instead.</p>
<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
<ul class="simple">
<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"absent"</span></code></p></li>
diff --git a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/sudoers_module.html b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/sudoers_module.html
index a932b51..19f4030 100644
--- a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/sudoers_module.html
+++ b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/sudoers_module.html
@@ -184,6 +184,15 @@
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-host"></div><p class="ansible-option-title" id="ansible-collections-community-general-sudoers-module-parameter-host"><strong>host</strong></p>
+<a class="ansibleOptionLink" href="#parameter-host" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><span class="ansible-option-versionadded">added in community.general 6.2.0</span></p>
+</div></td>
+<td><div class="ansible-option-cell"><p>Specify the host the rule is for.</p>
+<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">"ALL"</span></code></p>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-name"></div><p class="ansible-option-title" id="ansible-collections-community-general-sudoers-module-parameter-name"><strong>name</strong></p>
<a class="ansibleOptionLink" href="#parameter-name" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span> / <span class="ansible-option-required">required</span></p>
</div></td>
@@ -191,7 +200,7 @@
<p>This will be used for the filename for the sudoers file managed by this rule.</p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-nopassword"></div><p class="ansible-option-title" id="ansible-collections-community-general-sudoers-module-parameter-nopassword"><strong>nopassword</strong></p>
<a class="ansibleOptionLink" href="#parameter-nopassword" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
@@ -203,7 +212,7 @@
</ul>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-runas"></div><p class="ansible-option-title" id="ansible-collections-community-general-sudoers-module-parameter-runas"><strong>runas</strong></p>
<a class="ansibleOptionLink" href="#parameter-runas" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><span class="ansible-option-versionadded">added in community.general 4.7.0</span></p>
@@ -211,7 +220,7 @@
<td><div class="ansible-option-cell"><p>Specify the target user the command(s) will run as.</p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-state"></div><p class="ansible-option-title" id="ansible-collections-community-general-sudoers-module-parameter-state"><strong>state</strong></p>
<a class="ansibleOptionLink" href="#parameter-state" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -223,7 +232,7 @@
</ul>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-sudoers_path"></div><p class="ansible-option-title" id="ansible-collections-community-general-sudoers-module-parameter-sudoers-path"><strong>sudoers_path</strong></p>
<a class="ansibleOptionLink" href="#parameter-sudoers_path" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -231,7 +240,7 @@
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">"/etc/sudoers.d"</span></code></p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-user"></div><p class="ansible-option-title" id="ansible-collections-community-general-sudoers-module-parameter-user"><strong>user</strong></p>
<a class="ansibleOptionLink" href="#parameter-user" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -239,7 +248,7 @@
<p>This option cannot be used in conjunction with <em>group</em>.</p>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-validation"></div><p class="ansible-option-title" id="ansible-collections-community-general-sudoers-module-parameter-validation"><strong>validation</strong></p>
<a class="ansibleOptionLink" href="#parameter-validation" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><span class="ansible-option-versionadded">added in community.general 5.2.0</span></p>
@@ -277,10 +286,11 @@
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">>-</span><span class="w"></span>
<span class="w"> </span><span class="no">Allow the monitoring group to run sudo /usr/local/bin/gather-app-metrics</span><span class="w"></span>
-<span class="w"> </span><span class="no">without requiring a password</span><span class="w"></span>
+<span class="w"> </span><span class="no">without requiring a password on the host called webserver</span><span class="w"></span>
<span class="w"> </span><span class="nt">community.general.sudoers</span><span class="p">:</span><span class="w"></span>
<span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">monitor-app</span><span class="w"></span>
<span class="w"> </span><span class="nt">group</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">monitoring</span><span class="w"></span>
+<span class="w"> </span><span class="nt">host</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">webserver</span><span class="w"></span>
<span class="w"> </span><span class="nt">commands</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/usr/local/bin/gather-app-metrics</span><span class="w"></span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="p p-Indicator">>-</span><span class="w"></span>
|
|
This is highly appreciated. |
felixfontein
added
check-before-release
There was a problem hiding this comment.
Thanks for your contribution! Could you please add a changelog fragment?
plugins/lookup/bitwarden.py
Outdated
| @@ -109,10 +114,19 @@ def get_field(self, field, search_value, search_field="name"): | |||
| """ | |||
| matches = self._get_matches(search_value, search_field) | |||
|
|
|||
| if field: | |||
| if field in ['password', 'passwordRevisionDate', 'totp', 'uris', 'username']: | |||
There was a problem hiding this comment.
Will login never contain anything else than these five fields? (If it does, this PR breaks backwards compatibility.)
There was a problem hiding this comment.
You're very welcome. Changelog fragment has been added.
I can't answer that definitively, as I can't find the object definition in the source. However, there are no fields in the client that are not represented in my example record above, so I would imagine there are no other "login" fields at this time.
There was a problem hiding this comment.
Hmm, the problem is that if there are more fields, this would be a breaking change since if anyone was querying these fields successfully in the past, it won't work for them anymore.
There was a problem hiding this comment.
I dug through the source a bit. I still couldn't find where it's defined on the server side, but I did find this on the official client, which seems to suggest there is one more field, autofillOnPageLoad. I have updated the PR with this additional field.
There was a problem hiding this comment.
This is probably a better place to check in the client: https://github.com/bitwarden/clients/blob/master/libs/common/src/models/data/login.data.ts#L6-L11
And on the server side: https://github.com/bitwarden/server/blob/master/src/Api/Models/CipherLoginModel.cs and https://github.com/bitwarden/server/blob/master/src/Api/Models/Response/CipherResponseModel.cs
There was a problem hiding this comment.
Thank you for that. I'm not a developer, just a sysadmin, so it's difficult for me to understand and navigate larger code bases. Looks like we definitively got all the login fields now.
I'm glad it will be useful to someone else! |
We need to make sure that all login fields are accounted for, since there will be no other way to retrieve them with this change, and we don't want to break backwards compatibility. Looking at this code from the official client, https://github.com/bitwarden/clients/blob/master/libs/common/spec/models/domain/login.spec.ts, autofillOnPageLoad might be another login field.
Clarify changelog fragment Co-authored-by: Felix Fontein <felix@fontein.de>
Fix logic. Should only error if matches were found, but are missing the custom field. Co-authored-by: Felix Fontein <felix@fontein.de>
felixfontein
approved these changes
Jan 7, 2023
felixfontein
removed
the
check-before-release
Backport to stable-6: cherry-pick succeededBackport PR branch: PR branch created, proceeding with making a PR. 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Jan 7, 2023
* Add Support to Bitwarden Lookup for Custom Fields This adds support to the Bitwarden lookup for retrieving values from custom fields, such as api keys. * Need to Return Whole Record if Field is Not Defined * whitespace * Add Changelog Fragment * Need to Make Sure All Login Fields are Represented We need to make sure that all login fields are accounted for, since there will be no other way to retrieve them with this change, and we don't want to break backwards compatibility. Looking at this code from the official client, https://github.com/bitwarden/clients/blob/master/libs/common/spec/models/domain/login.spec.ts, autofillOnPageLoad might be another login field. * Update changelogs/fragments/5694-add-custom-fields-to-bitwarden.yml Clarify changelog fragment Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/bitwarden.py Fix logic. Should only error if matches were found, but are missing the custom field. Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit e3f02cb)
|
@reverendj1 thanks for your contribution! |
Backport to stable-6: 💚 backport PR created✅ Backport PR branch: Backported as #5781 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Jan 7, 2023
* Add Support to Bitwarden Lookup for Custom Fields This adds support to the Bitwarden lookup for retrieving values from custom fields, such as api keys. * Need to Return Whole Record if Field is Not Defined * whitespace * Add Changelog Fragment * Need to Make Sure All Login Fields are Represented We need to make sure that all login fields are accounted for, since there will be no other way to retrieve them with this change, and we don't want to break backwards compatibility. Looking at this code from the official client, https://github.com/bitwarden/clients/blob/master/libs/common/spec/models/domain/login.spec.ts, autofillOnPageLoad might be another login field. * Update changelogs/fragments/5694-add-custom-fields-to-bitwarden.yml Clarify changelog fragment Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/bitwarden.py Fix logic. Should only error if matches were found, but are missing the custom field. Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit e3f02cb)
felixfontein
pushed a commit
that referenced
this pull request
Jan 7, 2023
…p for Custom Fields (#5781) Add Support to Bitwarden Lookup for Custom Fields (#5694) * Add Support to Bitwarden Lookup for Custom Fields This adds support to the Bitwarden lookup for retrieving values from custom fields, such as api keys. * Need to Return Whole Record if Field is Not Defined * whitespace * Add Changelog Fragment * Need to Make Sure All Login Fields are Represented We need to make sure that all login fields are accounted for, since there will be no other way to retrieve them with this change, and we don't want to break backwards compatibility. Looking at this code from the official client, https://github.com/bitwarden/clients/blob/master/libs/common/spec/models/domain/login.spec.ts, autofillOnPageLoad might be another login field. * Update changelogs/fragments/5694-add-custom-fields-to-bitwarden.yml Clarify changelog fragment Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/lookup/bitwarden.py Fix logic. Should only error if matches were found, but are missing the custom field. Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit e3f02cb) Co-authored-by: reverendj1 <reverendj1@users.noreply.github.com>
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Currently the Bitwarden lookup plugin only searches for fields in the login key (password, passwordRevisionDate, totp, urs, username). It is not uncommon to create custom fields in Bitwarden, for things such as api keys, which we should also be able to look up. I tried to make the lookup work seamlessly across custom or standard fields, so it does not add complexity for the user.
ISSUE TYPE
COMPONENT NAME
bitwarden
ADDITIONAL INFORMATION
Example code :
Example output: