search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
818 stars 1.5k forks source link

onepassword lookup failure with latest op CLI when using a SA #7203

Closed sbocahu closed 10 months ago

sbocahu commented 1 year ago

Summary

When using a service account to access sensitive data stored in onepassword lookup plugin with latest onepassword cli tool (op, version 2.20), we get and error: service account token set, but not authenticated yet

it seems that we can't use 'op whoami' before having issued a op user get --me. by the way, I'm not sure it is relevant to do either of these commands in the lookup plugin as there will be an error elsewhere in case the serviceaccount is wrong.

For the moment this what I have commit to my fork: https://github.com/ansible-collections/community.general/commit/36ed81eb31320594308f88ac3999a57d88c70843 but I think we should consider removing this check to improve speed and let it fails later if SA is wrong.

Issue Type

Bug Report

Component Name

onepassword

Ansible Version

2.15

Community.general Version

7.3

Configuration

$ ansible-config dump --only-changed

OS / Environment

No response

Steps to Reproduce

onepassword lookup using a service account

Expected Results

expect it to work

Actual Results

Code of Conduct

ansibullbot commented 1 year ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 1 year ago

cc @azenk @samdoran @scottsb click here for bot help

bdsoha commented 1 year ago

I am having the same issue.

ansibullbot commented 10 months ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

bdsoha commented 10 months ago

@sbocahu Any updates on your end?

sbocahu commented 10 months ago

@bdsoha I am still using my fork (see issue description)

I can propose a PR if that's easier for maintainers (although that's not rocket science and I believed debate on best solution was interesting - I'm surprised we are only two people being concerned)

bdsoha commented 10 months ago

~A PR would be great! 👍~ Upon further investigation, I see that the issue I am having is unrelated to the args being passed to the CLI.

sbocahu commented 10 months ago

IIUC the changelog on onepassword cli; since 2.22.0 the problem described in this issue is fixed.

Successfully switched to 2.23.0