Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usage examples for data onepassword_item_common to get fields from the item #23

Open
Merlz opened this issue Sep 21, 2019 · 5 comments
Open

Usage examples for data onepassword_item_common to get fields from the item #23

Merlz opened this issue Sep 21, 2019 · 5 comments

Comments

@Merlz
Copy link

Merlz commented Sep 21, 2019

I've been testing this out to retrieve the fields from data "onepassword_item_common" so that I could then take those fields and use in a k8s secret resource. From what I gather, it can only return the ID (UUID) of the item in the vault, not the entire record with all the fields within that item, is that correct?
@anasinnyk
Copy link
Owner

Hi @Merlz
no, it isn't correct. I will check it later.
Thanks for issue

@Merlz
Copy link
Author

Merlz commented Sep 24, 2019

Hi @anasinnyk
After going through the code, I found that I could use .result to return the data, however the Database template does not return the correct label information in the output. The reason looks like the TypeSex (for Identity) is using the menu field, but database template also uses that field with several options for accepted values (I tried writing some up but my GO skills are not great).

"db2",
"filemaker",
"msaccess",
"mssql",
"mysql",
"oracle",
"postgresql",
"sqlite",
"other",

Database category might be worth having its own Data and Resource items with attribute outputs? The .result returned data that I couldn't parse to get the fields in a nice output that I could pipe into k8s secret.

@chrisbalmer
Copy link

Any update on this for examples? I have a login item with some sections and fields. I'd like to be able to grab the string value from a field. This is the value of the login item:

{
  "id" = "my_id"
  "name" = "my_name"
  "notes" = ""
  "section" = [
    {
      "field" = []
      "name" = "Related Items"
    },
    {
      "field" = [
        {
          "address" = {}
          "card_type" = ""
          "concealed" = ""
          "date" = 0
          "email" = ""
          "month_year" = 0
          "name" = "my_string_name"
          "phone" = ""
          "reference" = ""
          "sex" = ""
          "string" = "my_string_value"
          "totp" = ""
          "url" = ""
        },
      ]
      "name" = "my_section_name"
    },
  ]
  "tags" = []
  "url" = ""
  "vault" = "some_id"
}

How do I get the string value of my_string_name in section my_section_name?

@chrisbalmer
Copy link

chrisbalmer commented Apr 22, 2020
edited
Loading

I was able to get the value I wanted with this but it seems way overly complicated for the task:

value = [for field in [for section in data.onepassword_item_login.workstation.section : section if section["name"] == "my_section_name"][0].field : field if field["name"] == "my_string_name"][0]["string"]

That outputs the value my_string_value which is my end goal. However I imagine it must be possibly to just say I want the value from mylogin's mysection's myfield. If I was using Ansible's 1Password lookup, I would just need to specify the 1Password item, section and field to get the value.

I must be missing something.

@zetaron
Copy link

zetaron commented Jun 4, 2020
edited
Loading

I am using the index list function to find relevant items from the section and field lists like below:

# assumign the following providers are setup:
# - onepassword
# - vault

data "onepassword_item_common" "github_app" {
  name = "GitHub App Secrets"
}

locals {
  relevant_section = data.onepassword_item_common.kodiak.section[index(data.onepassword_item_common.github_app.section.*.name, "")]
  github_app_id_field = local.relevant_section.field[index(local.relevant_section.field.*.name, "App ID")]
  secret_key_field = local.relevant_section.field[index(local.relevant_section.field.*.name, "Webhook Secret")]
  github_app_name_field = local.relevant_section.field[index(local.relevant_section.field.*.name, "GitHub App name")]
}

data "onepassword_item_document" "github_app_pem" {
  name = "GitHub App Secrets - XYZ.private-key.pem"
}

resource "vault_generic_secret" "github_app" {
  path = "${vault_mount.generic.path}/github_app"

  data_json = jsonencode({
    github_app_id: local.github_app_id_field.string,
    secret_key: local.github_app_id_field.concealed,
    github_app_name: local.github_app_id_field.string,
    github_private_key: data.onepassword_item_document.github_app_pem.content,
  })
}

In effect this is pretty much the same as the solution @chrisbalmer suggested, but for me the use of dedicated local vars in conjunciton with the index function is easier to read and explain than the mix of nested for loops and if statements (for someone used to python that story might be different ;))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zetaron @chrisbalmer @Merlz @anasinnyk