Skip to content

Add a feature to lookup a file, and get it. #10917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Add a feature to lookup a file, and get it. #10917

wants to merge 7 commits into from
+77 −6

Conversation

rdemongeot
Copy link

SUMMARY

Need to store files into BitWarden / ValtWarden; and get them from Ansible.

@ansibullbot
Copy link
Collaborator

cc @lungj
click here for bot help

@ansibullbot ansibullbot added lookup lookup plugin new_contributor Help guide this first time contributor plugins plugin (any type) labels Oct 13, 2025
@ansibullbot

This comment was marked as outdated.

Sign in to view
@ansibullbot ansibullbot added ci_verified Push fixes to PR branch to re-run CI needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Oct 13, 2025
@ansibullbot ansibullbot removed ci_verified Push fixes to PR branch to re-run CI needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR labels Oct 13, 2025
@felixfontein felixfontein added the check-before-release PR will be looked at again shortly before release and merged if possible. label Oct 13, 2025
russoz
russoz reviewed Oct 14, 2025
View reviewed changes
Copy link
Collaborator

@russoz russoz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @rdemongeot # #
Thank you for the contribution! Please add a changelog fragment.

I left a couple of comments.

plugins/lookup/bitwarden.py
Comment on lines +91 to +93
content: "{{ lookup('community.general.bitwarden', 'VPN Config', attachment='vpn-server.key') | first }}"
dest: /etc/vpn/server.key
mode: '0600'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not necessarily a problem, but I can't help remembering that the lookup plugins run on the controller, whilst the copy task (unless otherwise set) will run on the target(s). This feature has potential to make a dent on the network bandwidth, depending on the file size and number of targets. It would be nice to have at least a warning in the documentation, for new and possibly unwise users.

That begin said, when slurping a file, the result comes encoded as base64 - I wonder why that is so and whether it would make sense to make that in this case as well - take this with a large grain of salt, I have no hard evidence to support any claim.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A comment was putted just now.

Don't sure that store file from bitwarden is the better idea; but works for now, with couple of stored files.

For network traffic, from Ansible computer to target, any copy will generate network traffic. In this case we'll add from bitwarden/vaultwarden to ansible computer.

@rdemsystems
Copy link

Hi @rdemongeot # # Thank you for the contribution! Please add a [changelog fragment]

Can you verify if i'm correct or not?

Regards,

felixfontein
felixfontein reviewed Oct 14, 2025
View reviewed changes
changelogs/fragments/10917-bitwarden-attachement.yml Outdated
@@ -0,0 +1,2 @@
minor_changes:
- bitwarden - add availbility to get Attachment file from bitwarden (https://github.com/ansible-collections/community.general/pull/10917).
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- bitwarden - add availbility to get Attachment file from bitwarden (https://github.com/ansible-collections/community.general/pull/10917).
- bitwarden lookup plugin - add availbility to get attachment file from bitwarden (https://github.com/ansible-collections/community.general/pull/10917).

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated.

felixfontein
felixfontein reviewed Oct 16, 2025
View reviewed changes
changelogs/fragments/10917-bitwarden-attachement.yml
@@ -0,0 +1,2 @@
minor_changes:
- bitwarden lookup plugin - add availbility to get attachment file from bitwarden (https://github.com/ansible-collections/community.general/pull/10917).
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean "ability" or "availability" (an "a" is missing for that)? I think the former makes more sense:

Suggested change
- bitwarden lookup plugin - add availbility to get attachment file from bitwarden (https://github.com/ansible-collections/community.general/pull/10917).
- bitwarden lookup plugin - add ability to get attachment file from bitwarden (https://github.com/ansible-collections/community.general/pull/10917).

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a bit odd as "availability", indeed.

plugins/lookup/bitwarden.py
attachment:
description:
- Name of the attachment to download from the item.
- When set, the plugin will download the attachment content in raw format.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does "raw format" mean? Do you mean "without further processing"? What if the file is binary data (Ansible doesn't like to handle binary data, one usually encodes it as Base64 because of that)?

plugins/lookup/bitwarden.py
- name: "Save attachment to file"
ansible.builtin.copy:
content: "{{ lookup('community.general.bitwarden', 'VPN Config', attachment='vpn-server.key') | first }}"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this isn't the first time | first was used in the examples: what's the goal of using | first here? Does this always return a list of more than one elemnts? If yes, | first is fine. If not, | first is problematic because lookup() itself is problematic - if the lookup plugin returns a one-element list, it automatically takes the single element and returns that instead of the list. (And I think you get None or "" if the list is empty - forgot which one.) Usually it's better to use query(), since that will always return the list, even if it has zero or one elements.

plugins/lookup/bitwarden.py

try:
params = ['get', 'attachment', attachment_name, '--itemid', item_id, '--raw']
out, err = self._run(params)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

out and err are unicode strings; the output of the CLI is parsed as UTF-8. Is this what is meant by "raw format"?

(Can Bitwarden actually store binary files, or must all files be UTF-8 encoded text?)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@russoz russoz russoz left review comments

@felixfontein felixfontein felixfontein left review comments

+1 more reviewer

@rdemsystems rdemsystems rdemsystems left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

check-before-release PR will be looked at again shortly before release and merged if possible. lookup lookup plugin new_contributor Help guide this first time contributor plugins plugin (any type)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rdemongeot @ansibullbot @rdemsystems @russoz @felixfontein