Add support to Bitwarden Lookup for filtering results by collection id (

ansible-collections#5849)
psalkowski · Jan 18, 2023 · deea885 · deea885
1 parent a35b2ed
commit deea885
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/plugins/lookup/bitwarden.py b/plugins/lookup/bitwarden.py
@@ -30,6 +30,9 @@
       field:
         description: Field to fetch; leave unset to fetch whole response.
         type: str
+      collectionId:
+        description: Collection ID to filter results by collection; leave unset to skip filtering.
+        type: str
 """
 
 EXAMPLES = """
@@ -43,6 +46,11 @@
     msg: >-
       {{ lookup('community.general.bitwarden', 'bafba515-af11-47e6-abe3-af1200cd18b2', search='id', field='password') }}
 
+- name: "Get 'password' from Bitwarden record named 'a_test' from collection"
+  ansible.builtin.debug:
+    msg: >-
+      {{ lookup('community.general.bitwarden', 'a_test', field='password', collectionId='bafba515-af11-47e6-abe3-af1200cd18b2') }}
+      
 - name: "Get full Bitwarden record named 'a_test'"
   ansible.builtin.debug:
     msg: >-
@@ -96,23 +104,23 @@ def _run(self, args, stdin=None, expected_rc=0):
             raise BitwardenException(err)
         return to_text(out, errors='surrogate_or_strict'), to_text(err, errors='surrogate_or_strict')
 
-    def _get_matches(self, search_value, search_field):
+    def _get_matches(self, search_value, search_field, collection_id):
         """Return matching records whose search_field is equal to key.
         """
-        out, err = self._run(['list', 'items', '--search', search_value])
+        out, err = self._run(['list', 'items', '--search', search_value, '--collectionid', collection_id])
 
         # This includes things that matched in different fields.
         initial_matches = AnsibleJSONDecoder().raw_decode(out)[0]
 
         # Filter to only include results from the right field.
         return [item for item in initial_matches if item[search_field] == search_value]
 
-    def get_field(self, field, search_value, search_field="name"):
-        """Return a list of the specified field for records whose search_field match search_value.
+    def get_field(self, field, search_value, search_field="name", collection_id=""):
+        """Return a list of the specified field for records whose search_field match search_value and filtered by collection.
 
         If field is None, return the whole record for each match.
         """
-        matches = self._get_matches(search_value, search_field)
+        matches = self._get_matches(search_value, search_field, collection_id)
 
         if field in ['autofillOnPageLoad', 'password', 'passwordRevisionDate', 'totp', 'uris', 'username']:
             return [match['login'][field] for match in matches]
@@ -135,10 +143,11 @@ def run(self, terms, variables=None, **kwargs):
         self.set_options(var_options=variables, direct=kwargs)
         field = self.get_option('field')
         search_field = self.get_option('search')
+        collection_id = self.get_option('collectionId')
         if not _bitwarden.logged_in:
             raise AnsibleError("Not logged into Bitwarden. Run 'bw login'.")
 
-        return [_bitwarden.get_field(field, term, search_field) for term in terms]
+        return [_bitwarden.get_field(field, term, search_field, collection_id) for term in terms]
 
 
 _bitwarden = Bitwarden()