onepassword: ignore errors from "op account get"

[gmarcy]

SUMMARY

When using the onepassword lookup plugin, part of the flow is to determine if you are signed in. This is performed in an api version specific function called assert_logged_in() documented as "Check whether a login session exists" which uses the command op account get. When you are not in fact signed in, this cli can return an error which is currently not ignored and can cause the lookup plugin to fail at that point rather than correctly returning the status to indicate that you are not signed in and proceed to signin using the parameters passed for that purpose.

This change passes the ignore_errors=True parameter to the _run function so that the return code can be used to indicate you are not signed in when an error occurs.

changelog fragment

bugfixes:

• onepassword - Changed to ignore errors from "op account get" calls. Previously, errors would prevent auto-signin code from executing.

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

plugins/lookup/onepassword.py

ADDITIONAL INFORMATION

ansible task

• line breaks and indentation added for clarity
• all signin values changed from valid ones
• mysecret is not defined to show the proper result saying it does not exist

- name: Load value from 1Password
  set_fact:
    op_fact: "{{ lookup('community.general.onepassword', 'mysecret',
                                     master_password='my_master_password',
                                     secret_key='my_secret_key',
                                     subdomain='my_subdomain',
                                     username='my_username') }}"

before fix applied

fatal: [playbook-secrets]: FAILED! => {
    "msg": "[ERROR] 2023/02/05 11:46:22 You are not currently signed in. Please run `op signin --help` for instructions\n"
}

after fix applied

fatal: [playbook-secrets]: FAILED! => {
    "msg": "[ERROR] 2023/02/05 11:42:50 \"mysecret\" isn't an item. Specify the item with its UUID, name, or domain.\n"
}

cli behavior when not signed in

$ op account get 
[ERROR] 2023/02/05 11:47:04 You are not currently signed in. Please run `op signin --help` for instructions
$ echo $?
1

[ansibullbot]

cc @azenk @samdoran @scottsb
click here for bot help

[felixfontein]

Thanks for your contribution! Can you please add a changelog fragment? Thanks.

[gmarcy]

Thanks for your contribution! Can you please add a changelog fragment? Thanks.

I've updated the previous changelog fragment.

[samdoran]

This change looks correct. Thank you very much for fixing this.

[samdoran]

@gmarcy It doesn't look like there is a changeling fragment in this PR. You'll need to make a new file in changelog/fragments as described in the docs.

[gmarcy]

oh, separate file. I put it inline in the PR summary. sorry, first PR here, missed that nuance.

[patchback]

Backport to stable-5: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply 5648e0e on top of patchback/backports/stable-5/5648e0e2aff5ac1c677dc9047c332498d595dc45/pr-5942

Backporting merged PR #5942 into main

1. Ensure you have a local repo clone of your fork. Unless you cloned it
   from the upstream, this would be your origin remote.
2. Make sure you have an upstream repo added as a remote too. In these
   instructions you'll refer to it by the name upstream. If you don't
   have it, here's how you can add it:

   $ git remote add upstream https://github.com/ansible-collections/community.general.git

3. Ensure you have the latest copy of upstream and prepare a branch
   that will hold the backported code:

   $ git fetch upstream
   $ git checkout -b patchback/backports/stable-5/5648e0e2aff5ac1c677dc9047c332498d595dc45/pr-5942 upstream/stable-5

4. Now, cherry-pick PR onepassword: ignore errors from "op account get" #5942 contents into that branch:

   $ git cherry-pick -x 5648e0e2aff5ac1c677dc9047c332498d595dc45

   If it'll yell at you with something like fatal: Commit 5648e0e2aff5ac1c677dc9047c332498d595dc45 is a merge but no -m option was given., add -m 1 as follows instead:

   $ git cherry-pick -m1 -x 5648e0e2aff5ac1c677dc9047c332498d595dc45

5. At this point, you'll probably encounter some merge conflicts. You must
   resolve them in to preserve the patch from PR onepassword: ignore errors from "op account get" #5942 as close to the
   original as possible.
6. Push this branch to your fork on GitHub:

   $ git push origin patchback/backports/stable-5/5648e0e2aff5ac1c677dc9047c332498d595dc45/pr-5942

7. Create a PR, ensure that the CI is green. If it's not — update it so that
   the tests and any other checks pass. This is it!
   Now relax and wait for the maintainers to process your pull request
   when they have some cycles to do reviews. Don't worry — they'll tell you if
   any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[patchback]

Backport to stable-6: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-6/5648e0e2aff5ac1c677dc9047c332498d595dc45/pr-5942

Backported as #6037

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[felixfontein]

@gmarcy thanks for fixing this!
@samdoran thanks for reviewing!

[github-actions]

Docs Build 📝

Thank you for contribution!✨

This PR has been merged and your docs changes will be incorporated when they are next published.

[felixfontein]

Hmm, for some reasons the unit tests were not running in this PR. Merging this PR thus broke CI (since the tests now fail). I've created a PR to fix this (#6041), but we definitely have to figure out why change detection does not let these tests run...

[felixfontein]

Looking at the ansible-test sources, it seems that the directory scheme used was never supported for plugins such as lookup plugins. All unit tests for lookup plugin foo have to be in tests/unit/plugins/lookup/test_foo.py.

I'll create a PR to re-arrange them.

[felixfontein]

#6075 fixes this.