Merge pull request #1567 from capripot/add_all_fields_one_password_retrieval

feat: Add allowing retrieving all fields for an item
This commit is contained in:
Donal McBreen
2025-06-17 11:22:10 +01:00
committed by GitHub
2 changed files with 97 additions and 11 deletions

View File

@@ -16,10 +16,12 @@ class Kamal::Secrets::Adapters::OnePassword < Kamal::Secrets::Adapters::Base
end
def fetch_secrets(secrets, from:, account:, session:)
return fetch_all_secrets(from: from, account: account, session: session) if secrets.blank?
{}.tap do |results|
vaults_items_fields(prefixed_secrets(secrets, from: from)).map do |vault, items|
items.each do |item, fields|
fields_json = JSON.parse(op_item_get(vault, item, fields, account: account, session: session))
fields_json = JSON.parse(op_item_get(vault, item, fields: fields, account: account, session: session))
fields_json = [ fields_json ] if fields.one?
fields_json.each do |field_json|
@@ -32,6 +34,23 @@ class Kamal::Secrets::Adapters::OnePassword < Kamal::Secrets::Adapters::Base
end
end
def fetch_all_secrets(from:, account:, session:)
{}.tap do |results|
vault_items(from).map do |vault, items|
items.each do |item|
fields_json = JSON.parse(op_item_get(vault, item, account: account, session: session)).fetch("fields")
fields_json.each do |field_json|
# The reference is in the form `op://vault/item/field[/field]`
field = field_json["reference"].delete_prefix("op://").delete_suffix("/password")
results[field] = field_json["value"]
end
end
end
end
end
def to_options(**options)
optionize(options.compact).join(" ")
end
@@ -50,12 +69,22 @@ class Kamal::Secrets::Adapters::OnePassword < Kamal::Secrets::Adapters::Base
end
end
def op_item_get(vault, item, fields, account:, session:)
labels = fields.map { |field| "label=#{field}" }.join(",")
options = to_options(vault: vault, fields: labels, format: "json", account: account, session: session.presence)
def vault_items(from)
from = from.delete_prefix("op://")
vault, item = from.split("/")
{ vault => [ item ]}
end
`op item get #{item.shellescape} #{options}`.tap do
raise RuntimeError, "Could not read #{fields.join(", ")} from #{item} in the #{vault} 1Password vault" unless $?.success?
def op_item_get(vault, item, fields: nil, account:, session:)
options = { vault: vault, format: "json", account: account, session: session.presence }
if fields.present?
labels = fields.map { |field| "label=#{field}" }.join(",")
options.merge!(fields: labels)
end
`op item get #{item.shellescape} #{to_options(**options)}`.tap do
raise RuntimeError, "Could not read from #{item} in the #{vault} 1Password vault" unless $?.success?
end
end